Linux, Unix, /etc

Danger Will Robinson! You are now entering a condescending Unix user zone!

Unix v NT

Introduction

Since time immemorial (well, for fifteen years or so), Unix has been hailed as "the operating system of tomorrow". This cry has become such a fixture of the computing world that a well-worn joke has long gone the rounds, about this OS being forever the system of tomorrow, never of today. Until recently, however, Unix had no direct competition; to its Open Systems portable purity, the opposition could oppose only big iron, proprietary software, tarred with the brush of the supposedly-obsolete mainframe. With the arrival of Microsoft's "Windows NT", this has changed. Here is a competitor developed to be open and portable; by a company with no hardware interests, and so not tied to any one platform. Has the day finally come when Unix must conquer or perish?

Setting the Scene

The idea of NT as an up and coming "giant killer" is very much in the air at present. Late last year, Ovum, the market research company, forecast a compound growth rate of 52% for Windows NT server. This would make it fastest growing server OS in the European market. However, to do this, Microsoft needs to "redefine the NOS [Network Operating System] market". The current market leader in the NOS market is Novell. Microsoft will have to convince LAN users that a general purpose OS i.e. NT, is better than a network specific one i.e. Netware, even for NOS functionality. Netware will be directly affected by NT Server, but, according to Ovum, the European Unix market should not be affected - at least in the short term. In the longer term, the competition of NT might lead to a price war in the Unix market. Again, in late 1995, DH Brown Associates, a US market analyst, published a report on Reliable Information & Transaction Systems. The report considers four contenders: DCE 1.1, Netware 4.1, Solaris 2.4 and NT Server 3.5, of which only Solaris is recognised as meeting the requirements for what DH Brown Associates call an `Enterprise Network Operating System'. NT was criticised for lacking a global directory service, and as being too new to have a track record of performance and scalability.

Origins of "War"

Microsoft's decision to move into the development of a "real" operating system was a surprise to many. It can be seen as the logical development of their decision to abandon work on OS/2, which for years had been touted as the Desktop OS of the future. With OS/2 regarded in Microsoft as no longer a viable option, it was apparent that a replacement would be needed. With the rapid growth in the power of desktop computers, it was clear that such a replacement would be able to include features previously restricted to "big iron". Many now think that NT is THE MS OS, with Windows 95 merely a stop gap until the hardware resources which NT demands are more affordable and more commonly seen in desktop machines. Microsoft have marketed NT intensively as a server/network OS, and in this market its natural competitors are Novell Netware, and Unix.

Issues

Many Unices

There is one NT, Microsoft NT, and Microsoft have complete control over it. In contrast, what precisely is "Unix"? The name can be given to a great number of competing products, all more or less different. The need to add value to gain a competitive advantage has meant that in the past, Unices of different brands tended to diverge. This has been somewhat alleviated in recent years by the efforts of the various Open Systems groups, but it remains true that running a Unix application developed for "Unix X" on a "Unix Y" box is not as simple as is implied by the both sharing a common name.

Security

Unix security has a bad reputation. In part, its widespread use has made this inevitable. It is the OS that fledgling college hackers practice on at college, the OS that the majority of Internet systems run. With such public exposure, it is no wonder that so many security holes have been discovered. But the problem goes beyond this. Unix was first developed as an operating system internal to Bell Labs, and so security was not a major concern. Unix security was designed to protect the users from themselves so to speak, that is from making silly mistakes, and to give them a degree of privacy by controlling access to their files. The concept of having to repeal a determined hacker assault, I think it fair to say, never entered the heads of Ken Thompson or Dennis Ritchie in those heady days of flower power and free love. The laid back attitude died hard. Eric Allman, author of that ubiquitous Unix program, sendmail, has said "You have to remember that the Net back then was a kinder, gentler place. People on the whole cooperated with each other: we were building bridges, not walls. Security was not so much of an issue". Indeed! On of the most famous security lapses of all time, the Internet worm of Robert Morris, exploited this trusting attitude. Sendmail is an interesting case study of Unix security issues. It has been the focus of much criticism, and numerous attempts to close various security holes have been made. Many of the criticisms, though, are more fairly addressed to Unix, not sendmail. Is NT a more secure OS than common or garden Unix? No doubt. Is it more secure than versions of Unix specially developed for markets that actually need high levels of security? This is the real question. Certainly, NT is marketed as a "very secure" OS. It has gained C2 certification from the US Department of Defence; just as some variants of Unix have. It is questionable, however, whether this means much in the real world; in particular, whether it makes an NT box connected to the 'Net "more secure" than a similar Unix box. The NT model of security, based on the idea of objects, does make it conceptually a more "security-friendly" system than the one using the Unix model. All security controls are centralised in the Object Manager, simplifying implementation of security features and maintenance of access control on site. On the other hand, both Unix and NT allow "streamlining" of the C2 features (that is to say, turning them off). It remains the case that with any operating system the primary responsibility for preventing attacks rests with the system administration staff. Kerberos, the ticket-based authentication protocol is available for several brands of Unix, and for NT. This highlights a recurrent difficulty in comparing Unix with NT, in that many features marketed as "built-in" with NT can be obtained as add-ons for some Unices. This is as much a difference in philosophy between the systems as it is a feature of either.

Scalability

For now, Unix wins hands down on scalability i.e. the ability to move to more powerful hardware as computing requirements increase. Versions of Unix that support Symmetrical Multi-Processing can scale up to run over more CPUs than NT. Memory and file system size limitations are also typically higher in Unix than NT.

Cost

It is received wisdom that NT is cheaper than Unix. Well, based on a box to box comparison, this is usually indisputable. But very often, this calculation leaves out of consideration the cost of the client workstations for NT. Here Unix has the advantage in its support for dumb terminals. It might be objected that the desktop PC is now ubiquitous, so that in a new NT installation the price of NT Server is all that is in fact expended; but very many data processing operations do still use dumb terminals, and there is no reason why they should even consider the expense of PCs. Further, needing desktop PCs, with their own operating system, to access a company's central machines does add a considerable indirect cost in technical support. Further, one brand of Unix is now available at very low cost, and has proved itself in the marketplace in computer terms, though not yet commercial ones. Linux, the Unix clone, costs no more than the distribution media and a cut for the distributor.

Maturity

Unix has been around a lot longer than NT, so it is by definition more mature, and has the advantages that maturity brings. It has a wide software base; is well-proven; and there is a big pool of experienced staff to look after it.

Software

That the pool of well-tested, often freely-available software for Unix is without parallel is beyond dispute. Many of the best development tools, utilities, systems programs and indeed applications have been written by the collaborative effort of Unix hackers communicating via the Internet (or UUCP in the good old days). With NT, software availability is still an issue. For example, running a proper name server on a NT box still requires one to use beta software. There is no router for NT: that is, an NT box connected to the Internet cannot route packets to another network. Yes, yes, these things are coming; but with Unix, they are already here, and stable, and tried and tested. There is a significant porting effort to bring the best of Unix tools to NT, made easier by M$'s efforts at POSIX compliance. For example, the Korn shell, Perl.

A Practical Comparison

As a practical example of the greater ease that Unix brings to many tasks, due to its longer life and greater popularity, consider these contrasting experiences in something as simple as setting up a dial-up account to a well-known Internet Service Provider. With Unix, one or other program is used to dial the number, the serial line is attached to the networking system, and the an appropriate route added - three easy stages, each of which may be configured by simple text files. With NT, the RAS program is used to dial up the ISP. The macro language of this utility has a rather arcane syntax; and an NT admin of my acquaintance found it impossible to do something as simple as redialling on an engaged tone. Then, when one is connected, there is the problem of "doing things". For example, collecting SMTP mail from another Internet host will be difficult unless you invest in one of the expensive add-ons, especially if the local network is using the baroque M$ Mail as the local mail agent.

Information

A subject often neglected in comparisons of software is, how readily is extra information available? Will I have to (shock horror) rely on the manuals? The only book on the internals of windows NT that I am aware of is "Inside Windows NT". This can hardly be recommended, since it is more of an extended marketing brochure than an impartial account of the OS. The other books on NT that I have seen are of the "how do I" variety. Indeed, one of the problems for someone having to make a decision about NT is the difficulty of accumulated reliable objective information. Wayne Rash Junior has an interesting set of Web pages, which have some eye-opening technical reports on NT performance as a file server, and its security, at http://techweb.cmp.com/cw/042996/608rash.htm and http://techweb.cmp.com/cw/051396/610rash.htm The vast installed base of Unix and its independence from any one vendor, is useful, since it is much easier to gather useful information on any given brand of Unix. Published information on how to configure, tune and secure Unix boxes abounds; and a great deal of information is freely available over the Internet.

Conclusions

So, in summary:

It is easier to make NT secure.
Unix will often be cheaper.
The quality and quantity of software available for Unix surpasses that available for NT.
Unix is both more scalable and more flexible.
NT is easier to handle by less experienced staff, and easier to get going out of the box.

Throughout this article, I have been somewhat general in my arguments. This is because I was comparing one - NT - with many - the Unix family. The summary points above may often be proven untrue for a specially-configured Unix variant. To that extent, a comparison between NT and the whole Unix family is of little help. For practical decision making the comparison must always be between one Unix, and NT. Hopefully, this article is of use as a general introduction to the points to consider, and some guidance as to the general balance of opinion. The "free" Unix variants, BSD and Linux, have the added advantage of being truly open systems, with the source code to the whole system freely available. A detailed technical comparison between Linux and NT would be most interesting - but that's another article!

Paul Dunne 1996

[back to Linux, Unix, /etc]