Evaluating Linux: Reality vs. hype Judging from my recent columns “Save big by replacing NT file servers with Linux Samba” and “Don’t look now, but Linux 2.4 is enterprise-ready,” you can easily tell that I’m a fan of Linux. However, I certainly don’t want to oversell Linux to TechRepublic members. Linux continues to suffer from too much hype and exaggeration. My goal with today’s column is to help sort out the real advantages and disadvantages of deploying, managing, and supporting Linux in a corporate environment. Why Linux is getting so much attention A lot of the attention Linux has received in the last few years is based less on what Linux is and more on what Linux is not. Quite simply, Linux is not Microsoft. In fact, Linux might adequately be termed the antitheses of Microsoft. Microsoft and its products are centralized, polished (at least in terms of image), proprietary, user-friendly, and generally pretty expensive. Linux and its software products are decentralized (in most cases), open source, a little difficult to use, and generally quite inexpensive (at least up front). Much of the hype that swirls around Linux is centered on the hopes of many people, both within and outside the IT community, that Linux will help unloose Microsoft’s stranglehold on the software market. However, IT professionals seeking to deploy the best solutions based on sound business principles must cut through this hype when evaluating whether the OS meets the requirements of various situations. The Linux security myth The first, and most prevalent, piece of hype I must dispel is the “Linux security myth.” I have to admit that it was reading a number of flawed and misleading arguments about Linux security made by members in TechRepublic discussions that prompted me to write this article. Many TR members have been asserting that Linux is inherently more secure than Microsoft’s popular Windows NT/2000 platform. I strongly believe that argument is dead wrong, and I’ll tell you why. First, I must say that few people know Linux like Jack Wallen, and his Linux tutorials are some of the best in the business. You can tell from his writing that he passionately wants Linux to succeed in the IT marketplace. I think that a lot of the TR members who are making outrageous claims about Linux security are Linux enthusiasts like Jack. However, arguments that claim that Linux is not susceptible to viruses like ILOVEYOU and other damaging activities simply because it hasn't been affected so far are flawed from a network security standpoint. It’s like saying, “Let’s go to the second floor of our glass house because the people outside are throwing stones only at the first floor right now.” Eventually, they’ll start throwing stones upstairs, too, and eventually, hackers and virus writers will start targeting Linux. Suggesting that a switch to Linux will keep your organization out of harm’s way is a temporary solution, at best, and is not a good security strategy. No operating system is inherently secure, with the possible exception of something like Trusted Solaris, which is built entirely around security in order to serve the needs of government contractors and high-security industries. The security of most operating systems (including Trusted Solaris, to an extent) depends heavily on the configuration of the administrators who design, implement, and manage them. Linux enthusiasts often point to the fact that Redmond is continually releasing new patches for Windows as an indicator that Microsoft products are less secure. However, these numerous flaws are found because of the sheer numbers of administrators, security experts, and hackers that put Windows under the microscope every single day. That’s not to say that Microsoft should not make security a higher priority in its development efforts. Obviously, it should. But putting Linux under the same microscope reveals a plethora of security flaws, too, as evidenced by the fact that companies such as Red Hat are also continually releasing security patches to their Linux distribution. In defense of Linux security, I will side with Linux partisans in agreeing that an administrator can more thoroughly lock down a Linux system than a Windows NT/2000 system because of the open source nature of Linux and the fact that you can get in and look at every aspect of a Linux system—something that’s not possible with Windows software because of its proprietary nature. However, security still depends heavily on the person(s) configuring it. A well-configured Windows server is certainly more secure than a poorly or partially configured Linux server, and—let’s be honest—it’s much easier and faster to configure and lock down Windows NT/2000 than Linux. Nevertheless, as I mentioned above, if you have the time, inclination, and/or necessity for providing maximum security, it is possible to drill down further into the Linux OS and make it very secure. Keep in mind that this takes considerable effort, and there are still no guarantees since Linux ultimately has its own security flaws that are continually being patched by vendors and developers, just like Microsoft. Ultimately, my goal here has been to dispel the myth that Linux is inherently more secure than Windows NT/2000 because, clearly, it is not. That being said, I think we’re ready to have a sane look at some of the areas where Linux has considerable value, as well as some of the penguin’s drawbacks. Figure A shows a rundown of the Linux pros and cons that we’ll be discussing. A look at the true costs You can’t talk about the advantages of Linux without talking about dollars (or whatever your national currency may be). One of the tried-and-true methods of turning big profits in the software industry is by requiring a paid license of your software for each machine on which it is loaded (see Microsoft Corp.). Linux flies in the face of this trend by not requiring a paid license for using the operating system. For example, you can buy one $29.95 Red Hat Linux CD and use it to load Linux on 100 servers. You do not owe Red Hat any additional money and you are still legally within the terms of the General Public License for Linux. If you had decided to load Windows 2000 on those 100 servers, it would have cost you in the neighborhood of $75,000—if you took advantage of one of Microsoft’s volume discount programs. Obviously, this factor alone can make Linux very attractive. Actually, in a situation such as this, Linux can save you even more than the cost of the licenses because the hardware requirements for Linux are significantly less than Windows NT or 2000 for accomplishing the same tasks. For example, whereas a Windows 2000 server really requires a minimum of 256 megabytes of RAM to accomplish basic file and printer sharing, a Linux server can offer comparable performance when handling the same tasks with 64 to 128 megabytes of RAM. Deployment and support Another one of the most widely extolled virtues of Linux is its stability. Once you get Linux properly configured—a task that’s not for the faint of heart or the inexperienced—you can definitely reap the benefits of excellent stability. I have heard enough stories from other administrators about Linux Web servers, DNS servers, and firewalls that were configured and then not touched again for over a year to believe fully in the stability of Linux. I can also personally vouch for the Linux firewall on my network, which has been running without a hitch for four months, and a Linux Web server I helped set up that ran uninterrupted for over six months. However, this stability does not come without a price. Setting up and configuring any kind of server functionality on Linux takes considerable effort and often an initial period of trial and error in order to make it work. I think it’s fair to say that even for a Linux expert, it takes much more time to configure Linux on the front end than it does to configure similar server functionality on Windows NT/2000. Again, this effort is often rewarded by a stable and reliable Linux server that does not need as much babysitting as many Windows NT/2000 servers require. What does this mean? If you are going to deploy Linux, you must have some well-trained Linux experts around. So you’ll need to train your current staff or find some Linux consultants to assist in the process. Either way, you’re going to be looking at incurring considerable expenses to deploy Linux. Support is another area where Linux costs can exceed the costs of Windows NT/2000. Linux/UNIX administration is more complex and therefore more expensive. It also takes longer to train your staff on Linux, which increases the cost even further. Finding Linux consultants and good Linux support can also be a major challenge. In addition to being more complex and challenging to configure, Linux can be more difficult to troubleshoot when things do go wrong. This makes it even more essential to have well-trained Linux professionals available whenever you are deploying Linux for a mission-critical function in your organization. Unfortunately, finding good training programs, first-class Linux support, and competent Linux consultants can all be challenging at this point. These things need to be nailed down before any Linux deployments move forward. Back to the plus side, remote administration of servers is much easier and more efficient on Linux than on Windows NT/2000 because all administration tasks can be accomplished from the command line. Thus, a remote technician can dial in to the server on a phone line or make a secure shell (encrypted Telnet) connection over the Internet and set up, modify, or troubleshoot the server. Not on the desktop I have to address one final topic. Recently, I’ve chuckled a bit as I’ve read some of the discussions and member e-mails in response to our recent series of articles on Microsoft product activation. Many members, frustrated by Microsoft’s antipiracy techniques, have vowed to switch their desktop machines to Linux if Microsoft continues its plans for restriction licensing on Windows and Office XP. While I fully identify with their frustration, I think that nine out of 10 of the people who make this claim must have never used Linux on the desktop. If they had, they would know that Linux still does not offer a common, viable desktop solution. While Linux servers are rock-solid stable, the Linux desktop is notoriously buggy and unstable. Key Linux desktop applications such as StarOffice, WordPerfect, and Netscape Navigator are prone to frequent crashes. Some Linux distributions and versions have no trouble with these applications, while others deliver pitiful performance or can’t even get them to run. Many of those who attempt to use these applications will long for the stability and performance of Microsoft Office and Internet Explorer. I believe that this is mostly due to a lack of standards between different Linux distributions and desktop environments. Unfortunately, the Linux desktop is inconsistent across the different platforms, versions, and GUIs. Thus, it simply isn’t ready for prime time yet. The final word When it comes to Linux, I am a realist and not the kind of convert or a zealot that characterized the early Linux user base. I am the kind of IT professional that Linux needs to win over in order to build a lasting niche in this industry. In this article, I’ve tried to take a sober look at Linux’s advantages and disadvantages to help administrators see through the hype and make sound business decisions when considering a Linux deployment.