Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Why Red Hat?
As folks know who read my blog know, I normally utilize Red Hat as a proxy for Linux Distributions when analyzing Windows vs Linux for security and vulnerabilities. Some object to this (Red Hat is Not Linux), but it would be hard to select another alternative because:
Yes, this is sort of a backhanded complement for Red Hat and Mark Cox, in particular, for good efforts. Well, that and for following the Microsoft example for security response. ;-)
Apples-to-Apples - what are you talking about Jeff?
Commonly, if you talk about Windows and Linux, someone will point out that they have different compositions and different levels of modularity. For example, Red Hat Enterprise Linux 4 Workstation (rhel4ws) ships with OpenOffice, GIMP, and the MySQL database, which may not be installed on many deployed systems. Even if they are deployed, Windows does not ship with Office, as it is sold as a separate product.
Take my Windows vs Linux - Workstation - 1H06, for example - some would say, any comparison of all components compares apples and oranges and is not fair. The impied statement in this objection is that if one did do an apples-to-apples comparison, Linux would beat Windows handily. Of course, nobody ever follows through to demonstrate that part... I think it is a little more complex than that though and previously captured my thoughts in Apples, Oranges and Vulnerability Metrics.
Having shared those thoughts, I think different comparisons provide different values. Think about these:
So, I see value in comparisons of the entire product totals, as well as value in breaking out individual roles.
Defining a Comparable Workstation Role for rhel4ws
Windows XP SP2 does not ship with Office, or with server components similar to MySQL, Apache, DHCP Server, DNS, OpenLDAP, etc, so we're going to have to cut down rhel4ws if we want it to be approximately comparable to Windows XP.
Assuming you booted up an installation CD for rhel4ws, you'd eventually get to a package selection menu similar to that shown in Figure 1. Red Hat establishes default selections for the WS, and these are marked as "standard" in the comps.xml file, which they use to drive the package installation process. There are also several package groups that are "hidden", with three of them selected for installation by default - core, base and dialup. These are not visible for de-selection, nor are several other groups that are included or not based upon other settings (like language). All installations via the GUI will include these three mandatory installation groups.
Since this is not a "server" product, noneof the common server components are flagged for installation by default and we won't change that. Basically, by default, we see core, base, printing, base-x, gnome-desktop, graphical-internet, sound-and-video, text-internet, graphics, office and some system tools and libraries necessary to support dependendies.
To make this more comparable to Windows XP, we're going to manually exlude a few things, specifically thunderbird plus the text-internet, graphics (which is the gimp stuff), and office (which is OpenOffice) installation groups.
So, what we're left with is a basic Gnome-windowed workstation that includes standard system management tools, firefox for browsing, sound and video support, but excludes all server packages, as well as OpenOffice and other optional stuff that a Windows system wouldn't have by default. That's it.
I'm going to stop there, since I think Server configurations are enough different that I want to do a separate post on it and keep any discussions here focused on Workstation. If you have thoughts, criticisms or suggestions related to building reasonable Windows-comparable Red Hat 4 workstation, please comment.
Regards ~ Jeff