Because Shiny Things Are Fun - The New New Windows v Linux Thread

The best figures for OS usage come I think from websites that analyse the user agent of the browser accessing them (and publish that info). Even then, however, how representative the users of that website are of the general computing population may be questioned. (There's also the possibility of lying user agents, but that's less of an issue I think.)

Quote:

Originally Posted by cantab The best figures for OS usage come I think from websites that analyse the user agent of the browser accessing them (and publish that info). Even then, however, how representative the users of that website are of the general computing population may be questioned. (There's also the possibility of lying user agents, but that's less of an issue I think.)

This would be no where near accurate. While we know that windows in leading in the desktop market it falls way behind in the server market. Checking user agents is not a reliable way to get stats for OS's. Checking user agents would be a test much more suited for comparing web browsers used. Most web servers are not out "browsing" the web to get their info reported.

Quote:

Originally Posted by cantab The best figures for OS usage come I think from websites that analyse the user agent of the browser accessing them (and publish that info). Even then, however, how representative the users of that website are of the general computing population may be questioned. (There's also the possibility of lying user agents, but that's less of an issue I think.)

The reason I think they might still not be very accurate is becasue most sites that do OS statistics based on user agents are about technical/web development topics. I think that people who are interested in such topics are more likely to use an alternative OS and/or browser (i.e. something other than Windows and IE) than most non-technically-inclined people.

---------- Post added 2011-05-02 at 09:37 ----------

Quote:

Originally Posted by slimm609 This would be no where near accurate. While we know that windows in leading in the desktop market it falls way behind in the server market. Checking user agents is not a reliable way to get stats for OS's. Checking user agents would be a test much more suited for comparing web browsers used. Most web servers are not out "browsing" the web to get their info reported.

How do servers affect this? Do they constantly visit web pages or something?

Quote:

Originally Posted by MTK358 How do servers affect this? Do they constantly visit web pages or something?

Web servers only serve web content. They don't have user agents as web browsers (clients) do. But, they do sometimes report what OS and software version they're using...you typically see this in error responses. An example is here. Note that server responses can be edited and it is probably a good idea to maybe not allow such responses in the first place (to prevent recon).

I still don't understand how servers can affect sites that use useragents to do OS statistics.

I think I read too much into your question. Your question was, "do they constantly visit web pages or something?". The answer is yes. They'd have to conduct checks. I believe this is how sites such as Netcraft conduct research.

Quote:

Originally Posted by MTK358 I still don't understand how servers can affect sites that use useragents to do OS statistics.

He is saying that servers aren't used for regular browsing so all the Linux servers out there are not being included in the count.

At least that is how I took it.

nomb

Quote:

Originally Posted by nomb He is saying that servers aren't used for regular browsing so all the Linux servers out there are not being included in the count. At least that is how I took it. nomb

Yes, that's what I meant. This will mean that the stats will largely be inaccurate, even if such stats show that Linux has a large portion of the market share.

Regardless of how accurate the statistics that attempt to account for the percentage of market share are or are not, a lack of market share is not why Linux has far less problems with various forms of mal-ware such as viruses, worms, and trojans. This subject has come up so many times that I am hesitant to do so again, but the nuts and bolts summary of it is that Linux has a significantly more refined permissions structure along with greater genetic diversity that makes it much more difficult to design mal-ware to infect a particular machine. Linux also lacks the concept of file type by extension and generally does not execute applications automatically upon detecting them. When a machine does become infected, it is usually through a code agnostic means like Java or Adobe Flash and is contained to the user account without the ability to spread system wide. Much Linux software is also stored in reputable repositories and mirrors and has been signed by the developers. Being open source, with many eyes looking on the code, it would be much more difficult to plant subversive code without it being discovered too. Linux then adds a lot more sophisticated logging features that make detection of problems far easier. On top of all that, the average Linux user is more likely to be tech-savvy compared to the average Windows user and hence less likely to acquire an infection.

As frankbell put it, "If Windows security is so good, why is there a thriving industry selling expensive fixes for it?"

At work, I have an XP based machine with a quad-core processor and multiple gigabytes of memory. Every time I log in, I have to wait about 30 minutes while it performs all of its security scans and has scanning applications that check every file and process as it runs, consuming a large percentage of CPU and several megs of memory before the machine becomes even remotely responsive.

Quote:

Originally Posted by nec207 {...}I think they are talking about having a guest account in windows where windows you can set up a account for internet use only with like no permission to do any thing on the computer even open programs or read and write to your files.Almost nothing you can do with guest account with every thing turn off by the admin.

Guest is built-in limited user(with few extra limitations) - it can launch programs, do other limited user stuff not requiring admin privileges and can't mess up system. As for topic itself - security depends on PEBKAC not on operating system. In order to compare security is to compare either
-linux root vs win admin
or
-linux user vs windows limited user.
By default people compare
-linux user vs windows admin
thats unfair because you can't compare 2 different level things.

Quote:

Originally Posted by Arcane By default people compare -linux user vs windows admin thats unfair because you can't compare 2 different level things.

In general you are right. But you have to compare also the habits of the users. In Windows most users actually work as admin all the time, most of them even not knowing that there is the possibility to work as restricted user.
In short: Is it fair to compare Linux user and Windows admin? No. But does it make sense when it comes to security in general? Yes. It simply is pointless to compare with Windows restricted user when nobody uses it.

Quote:

Originally Posted by Arcane -linux root vs win admin or -linux user vs windows limited user. By default people compare -linux user vs windows admin thats unfair because you can't compare 2 different level things.

I don't think it's unfair when Windows gives you an admin account by default and Linux gives you a limited account by default.

I will add some insight from personal experience here. The work PC I mentioned in my previous post has the primary user account set up as non administrative. For the majority of the work performed with this PC, this is not a problem. However, in certain circumstances, it is a royal inconvenience. What is worse is that there is no reliable means to elevate privilege when required; it is still heavily tied to the all or nothing Administrator is a user account. Under some circumstances, it is possible to use the "run as" and apply a login that has administrative privilege, but over half of the time this feature does not work. For example, it won't allow you to launch windows explorer as an administrator to delete files that aren't "owned" by the user currently logged in. This brings up the concept of ownership and permissions - they work to the extent that they are an obvious after thought rather than something inherently built into the system. As I said, this works for most of the 'user' applications. Engineering and development tools, especially ones that work with any sort of hardware IO and this concept fails miserably. I have yet to encounter a development tool (including Texas Instruments, GE-MTL, Altera, and others) that works with a non privileged account.

My overall impression of the "user" account in Windows is that it was designed to be deliberately limiting as if the person using it must be limited and that there is some God / Administrator who will manage things for them. This is in direct operational contrast to the Linux / Unix philosophy where a user can authenticate to gain the necessary credentials to perform a task.

Recently, the administrators enacted a blanket security policy whereby everyone's domain login account had its administrative privileges removed and they were confined to a "local" this PC only admin login. When this was enacted, it interfered with no less than 6 people (out of 12) and stopped them from being able to perform their job duties. As a work around, we re-enabled this feature so that they could continue working. I am meeting with our division IT representative tomorrow, to discuss this issue.

My opinion on Windows Administrative security is that while it is taking steps in the right direction, it still really sucks compared to Linux.

Quote:

Originally Posted by MTK358 I don't think it's unfair when Windows gives you an admin account by default and Linux gives you a limited account by default.

Wait a sec..i remember some distros come only with root as default..like same Slackware? Still unfair.

Quote:

Originally Posted by Noway2 {...}My overall impression of the "user" account in Windows is that it was designed to be deliberately limiting as if the person using it must be limited and that there is some God / Administrator who will manage things for them. This is in direct operational contrast to the Linux / Unix philosophy where a user can authenticate to gain the necessary credentials to perform a task.{...}

Dunno about newer Windows yet. However XP has wonderfull feature called "Run As"(should be available for newer Windows too) - can be admin and run risky stuff as Guest or Limited or be Limited and "Run as" admin. Still unfair because if you don't know password it means you don't need be Admin and if you know you don't have problems switching users or using "Run as".

sorry for the late response. Web servers and all the backend servers (dns, smtp, databases, etc) are not going to the sites that collect stats. The majority of the web servers and the backend servers that support the sites are linux. NONE of these servers are out "browsing" the web so none of them are counted. Google is estimated to have around 1,000,000 servers(yes 1 million), facebook is estimated around 100,000 and intel is estimated around another 120,000. Google and facebook both run linux for all their servers. so just with 3 major companies the site stats are off by almost 1.25 million linux machines.

http://www.datacenterknowledge.com/a...t-web-servers/ here is the estimates back in 2009