[SunRescue] Objective facts and biased opinions about OS choice <very long>
Chris Byrne
rescue at sunhelp.org
Mon Apr 9 21:59:38 CDT 2001
All,
Personally I love OS holy wars unless assholes make it personal. They can be
a fun, free, and open debate about interesting topics... unless assholes
make it personal.
Anyway, how 'bout some objective facts, clearly labled as such, followed by
and/or interspersed with some biased opinion clearly lab.
Ok, as a security consultant I have to deal with a lot of platforms. I
regularly use, or have recently regularly used the following operating
systems and platforms for various purposes (presented in no order of
frequency or importance)
1. Sun Solaris - Hyper/Super/Turbo/SPARC, UltraSPARC + SMP + Large Scale,
x86
2. Sun SunOS - Hyper/Super/Turbo/SPARC
3. SGI IRIX - MIPS + SMP + Large Scale
4. OpenBSD - x86 + SMP, Alpha + SMP, PPC, VAX, Hyper/Super/Turbo/SPARC,
UltraSPARC
5. AIX (various versions)- All supported platforms + SMP + Large Scale
6. Linux (various distros) - x86 + SMP, PPC, Alpha + SMP,
Hyper/Super/Turbo/SPARC, SPARC, UltraSPARC
10. Tru64 - Alpha + SMP
11. VMS - VAX
12. Windows 98/ME - x86
13. Windows NT - x86, Alpha
14. Windows 2K - x86
15. Be0S - PPC + SMP, x86 + SMP
16. MacOS (every version from the beginning) - All suported platforms + SMP
So here goes my analysis of the strengths and weaknesses of each operating
system on each platform. I'm grouping all variants of an OS together, I.E.
Solaris 8, 2.7, and 2.6 are just solaris. I'm also only considering machines
that still have a significant installed base, and have been sold in the last
15 or so years, anything else my memory or experience are too thin on to
give an informed opinion.
Solaris: In my experience Solaris (after 2.5.1 which was not much to my
liking) is the best OS to run on UltraSPARC machines. Propery configured it
is extremely stable, relativley easy to administer, and has a goodly number
of applications for it. It has excellent SMP support, excellent scalability
in general, middle of the road performance, and generally mediocre security
(but it is easy to secure)
Prior to 2.6 there were still some issues relating to the SunOS. Solaris is
fairly heavyweight, and requires a goodly amount of RAM to operate properly
in most configurations. It can be pared down to the point where 32mb is
acceptable for console only use, but that's pushing it. Some people have
told me that they run it with 16mb, but that prospect is distinctly
unapealing to me. I'd call the real minimum RAM for happiness 64mb and to
get any work done I'd personally use 128 as a minimum. It also takes up a
lot of disk space in any of the default install configurations.
In my experience, Solaris does not run particularly well on earlier
processors in comparison to the BSD based operating systems. It also doesn't
run at all well on x86 based processors prior to 8. I haven't had any
personal experience with 8 for x86, but many people have told me it's much
improved.
SunOS: Properly configured it has great stability and middle of the road
performance. Runs well on most Sparc versions, but is a waste of time on the
more powerful machines. In my personal experience however, Linux and OpenBSD
are often better choices on platforms supported by SunOS. SunOS has a fairly
low resource utilization and can run well on systems with 16mb RAM or less.
It has a fairly large disk footprint, and suffers from a severe lack of
recent application binaries. It has good SMP support but doesnt scale to
extremely large machines. Security wise it is a typical commercial BSD
system, with mediocre default security, but is easy to secure.
IRIX: Properly configured IRIX is incredibly fast, and very stable. In MOST
cases it is the best OS for running on an SGI MIPS machine. There are other
OS's that run on MIPS just as well (any BSD for example) but not necessarily
on SGI machines because of their incredible, but incredibly propietary
hardware.
IRIX has flat out the best graphics performance I have ever seen, and that
includes large scale vector machines (super-computers) outputting to
dedicated graphics engines. Actually for the most part those dedicated
graphics engines were SGI based ;-) If you saw any computer generated
special effects in the late 80s or early 90's they were almost certainly
generated by SGI systems, and probably 1/2 - 3/4 of that market still
belongs to SGI.
IRIX has a very large system footprint, requiring LOTS of RAM and disk space
to run well, but it runs very fast on relativley slow (mhz-wise) processors.
IRIX has great SMP support (quite possibly the best SMP support in the UNIX
world) and is massivley scalable. The default security configuration is
awful, and in my experience it is more difficult to secure than any other
UNIX.
OpenBSD: I'll say it straight out, OpenBSD is my favorite operating system.
It runs very well on every hardware platform I have used it on, and I
consider it to be the best operating system available for x86 systems.
OpenBSD is mainly derived from NetBSD which is probably the most widely
ported OS on the planet. If a platform isnt specifically supported by
OpenBSD, it can often be "upgraded" to OpenBSD standard from NetBSD.
Properly configured OpenBSD is probably the fastest OS available for x86,
older SPARC, 68k, and PPC. It runs well on UltraSPARC and Alpha but the
kernel doesnt efectivley take advantage of 64 bit architectures. OpenBSD has
excellent SMP support and is extremely scalable. It has a very low resource
footprint, running reliably on machines with 16mb or less (a LOT less in
some cases) and can have extremely low disk utilization. Also thanks to the
wonders of lxrun, many Linux binaries will run on OpenBSD.
OpenBSD is in my experience the most secure commercially available general
purpose network operating system. All of it's core and much of it's ancilary
code is continuously security audited. OpenBSD has gone as much as three
years without a remote root compromise.
Linux: Linux's primary advantage is it's application support. There are now
more binaries avaialable for Linux than any other UNIX or UNIX like
operating system. Almost all OpenSource and many closed source apps are
avaialable.
Linux runs very well on x86, older SPARC, and PPC. I was not impressed with
the Alpha port, or with Linux on UltraSPARC mostly because Linux still has
immature 64 bit support. That is changing VERY rapidly, and I figure within
a year or so the 64 bit Linux kernel will be on a par with the 32 bit. Linux
is probably the second best OS for x86 systems. It is generally very stable,
but not as stable as OpenBSD.
Linux also has one of the lowest resource footprints of any operating
system. Various versions can fit on a single floppy and run in 1mb of RAM if
enough swapspace is around. You can run an effective console only system
with 4-8mb and even get into some graphical use, 16mb runs fine with X
windows as long as you use a lightweight window manager, and 32-64mb will
make you happy doing most anything a desktop user would want to do.
Linux has somewhat immature SMP support. There are kernel patches available
to improve it, but the core kernel is still mediocre for SMP. Linus has
explicitly stated that beyond two processors is not a priority for Linux
right now, he wants to get other things "right" first, and as a result Linux
has relativley poor scalability in the UNIX world. Linux does have
clustering solutions available for it, and there have been some custom code
hacks to do massively paralell computing with Linux, but these are
relativley specialized applications.
Tru64: I never used it all that much, but when I did, I was VERY impressed.
Tru64 is extremely fast, stable, and very scalable. It's management was
weird, it's aplication availability is poor. In my experience it is by far
the best performing OS on alpha systems for raw speed, which is not
surprising considering they were both developed around each other.
VMS: One word, STABILITY. If there is an OS more stable than VMS on anything
other than a mainframe I don't know what it is. I have personally worked on
machines with 5+ year uptimes, and I have heard of sites with 10+ year
uptimes. It also has high availabilty and full clustering built into the
core of the OS, so even if one machine fails, the other three are still
going.
In my experience VMS is generally slow, but I haven't run it on a modern
Alpha machine to compare it against a modern fast UNIX platform. I HAVE run
BSD systems on VAXen (in fat that's a lot of my early UNIX experience) and I
can certainly say that in my experience BSD is FAR faster than VMS on the
same hardware. There is generally poor application avaialbility these days
for VMS as most (some say over 95%) applications developed for VMS were
either custom programmed or customized variations of an off the shelf
program. There were VAX systems at various scales from relativley tiny to
truly large scale systems capable of supporting thousands of users and with
the tight clustering, they could scale fairly well, though I dont have any
experience with that.
Windows98/ME: Playing some games? That's pretty much the only reason to use
98/ME. Stability iw horrible, resource utilization is horrible, disk
footprint is ... well you get the picture. Security is non existent. It is
literally impossible to function securely in a networked environment with
98/me.
That being said, it does what most USERS want, which is email, web browsing,
listening to music, and playing games. It is also the king of commercial
applications availability.
There is no SMP support and no scalability in 98/ME
Windows NT: A good network operating system gone bad ;-) NT started life as
a serious NOS. It was there to provide file, print, and directory services
ala novell or VMS. Which is appropriate since the core VMS guys are also the
core NT guys. Then Solaris started getting some real press about desktop use
in the financial and scientific communities, and Microsoft decided they had
to make NT a general purpose OS. SO they grafted on a desktop and user
systems, and voila instant mess.
Thankfully in the seven years since NT first birthed and five years since it
became usable, it has improved greatly. As long as you use it as a server,
not as an interactive login machine is is fairly stable (the second you do
interactive stability drops through the floor). It has OK smp support, but
doesnt scale well. It does SUPPORT up to 32 processors, but really in my
experience more than four is a waste and more than two isnt very efficient.
NT is a huge resource hog. In theory NT will run properly on a 486dx33 with
24mb of ram. Realistically I wont run NT on anythign with less than 128mb if
given a choice. Anyone who uses NT on a regular basis will tell you, more
RAM means happier box up until 512mb or so. After that the rather
inefficient memory management kicks in and you start gettgin memory
management issues and leaks. The more RAM you have the worse they get.
NT also has a fairly large disk footprint.
All that being said, NT is easy to administer locally (a pain to administer
remotely), and has lots of apps available for it, once again, probably
everything a USER would need, and miles ahead of 98/ME in stability.
As far as security goes, forget about it. In my opinion, because of the
inherenet insecurity of windows networking, you cannot effectivley secure an
NT system in a windows networking environment. The only thing you can do is
stick a firewall in front of it. Without windows networking, NT is
effectivley isolated, unable to share files or print, thus not very useful
in it's intended role.
Win 2K: Bad workstation OS gone good ;-) With Win2K MS fixed a lot of the
problems that made NT a poor workstation OS, greatly improved it's workgroup
server capabilites, and actually made it semi-possible to run it in the
"enterprise" role that they have been pushing for the past five years.
2K doesnt yet support any of the large scale SMP systems(or vice versa) but
it's SMP support is far better than NT's, making much more effective use of
two processors than NT. It has a higher resource footprint overall with even
microsoft admitting the minimum is 128mb RAM and a fast Pentium or PII, but
it is much more efficient and effective in managing it's resources. The
memory leak issue isn't gone, but it's nowhere near as bad as it used to be.
The default configuration has HORRIBLE security, because it's promiscuosly
broadcasting everything everywhere, but the system is far easier to secure,
and can be more effectivley secured. Unfortunately, once again, in a windows
networking environment, it cannot be effectivley secured while still
maintaining it's functionality.
BeOS: Elegant, very very elegant. Great memory management, great graphics,
great sounds, good looking, resource efficient.
Horrible networking, no security, little application availability, poor
hardware support.
Honestly I really like BeOS. If they fixed their networking and had better
hardware and application support I would run it as my primary OS. As far as
I can tell it's got jsut about the best graphical capabilites other than
IRIX of any OS. It hadles extremely large files and filesystems very well.
It has great memory management, and very good small scale SMP support,
especially for PPC. As far as I know there is no support for more than 2
processors, but I could be wrong.
It definitely runs best on PPC hardware, and more specifically it runs best
on apple PPC hardware or on BeBoxes if you can find one. It will run on
clones, but I have had mixed results.
MacOS: Good looking, easy to use, garbage internals. Before I get flamed
horribly, let me say I really like MacOS as a user, but hate it as an admin,
security guy, and netowkring guy.
Okay, lets split MacOS into two categories OS-X and everything else which I
will refer to as classic.
Classic is very easy to use, and looks very good. Someone who's never used a
computer before will have a much easier time figuring out a Mac than jsut
about nay other computer.
On the business side of things, it supports honest to go WYSIWIG and
antialiased fonts, which are both very important with it's core market,
graphics people and desktop publishers. It also has pretty good sound and
video capability, though it doesnt deal very well with extremely large
files.
Unfortunately the classic kernel sucks compared to modern operating systems.
The core has been around since '84 and hasn't changed all that much. It
doesn't support preemptive multitasking, or true protected memory, and it's
virtual memory system isnt very good. Also it's TCP/IP stack is horrible,
and in general it's networking is poor, unless it's with other apple
machines running appletalk.
OS-X is essentially the first release of a new BSD based UNIX, with a lot of
propietary extensions. It's immature thus far, but has a lot of potential.
And of course being BSD based in particular Mach microkernel BSD based, the
problems that classic had are greatly alleviated.
All of that said, heres my preference.
Solaris on UltraSPARC and OpenBSD on jsut about anything else for business
UNIX, Linux on x86 for personal UNIX, IRIX for graphics and video, WinME for
games, and Win2K for actually workng with Windows.
Chris Byrne
More information about the rescue
mailing list