When to Pick Tux over Windows and Mac OS X

Mac OS X is an incredible operating system: powerful, stable, and beautiful. But there are times when Linux offers a better solution. Two that come to mind immediately are for dedicated servers and high security applications.

Some qualifications and context are required to understand my reasoning.

Dedicated Servers

Being based on BSD, OS X is a fast, stable, operating system. It also ships in a reasonably secure state. So why would I suggest that Linux makes a better server?

The answer is flexibility.

Apple offers dedicated OS X servers in a rack mount form factor, branded Xserve along with Xserve RAID storage. However, you get a sense of Apple's consumer focus by noticing that Xserve products don't even appear on the main Apple Store page. You need a dig a little to find them.

As a small office or workgroup solution, especially in a Mac-savvy shop, Xserves are great, but when you get into a mid-sized or large organization, the flexibility of Linux becomes more important than saving a little setup time.

Since OS X ships with GNU C compiler, Linux only has a slight edge in available software, but it is definitely easier to do things like customize the kernel. Replacing major components like the MTA is also a little easier in Linux, because the integration with other applications usually isn't as tight.

Yes, hardware flexibility is the biggest advantage of Linux. You can load Linux on an Xserve, an old PowerPC box, IBM blade servers, or a super cluster of generic servers. And it's easier to upgrade a PC-based Linux box as your needs change.

In most cases, Linux can be deployed less expensively than Xserve, making it a better value.

High Security

While the focus of the article is OS X and Linux, the security context requires that I mention Microsoft Windows. I have fairly in depth knowledge of all three systems and run all systems to some degree.

There are a lot of metrics that can be used to measure security, but it's as much art as science. If you start with the operating system, you can look at past history, the number of known exploits, the severity of known exploits, and the malware ecosystem. You have to account for the out of the box configuration, included software and services, encryption options, and the ability to apply patches. Then there's the hardware - physical security and locking options, processor and architecture exploits, portability. It can be mind numbing.

Turning the myriad of security metrics into something quantitative is extremely difficult. My qualitative sense is that on a scale of 1 to 10, with 10 being the highest level of security, Microsoft Windows rates a 2, Mac OS X rates a 7, and Linux rates a 9.

Ultimately, the biggest factor in the ability to secure a system is the ability to trust it. On trust alone, Linux is head and shoulders above the rest. Let me explain and offer a few examples:

Microsoft Windows: 2

The Windows stealth patch incident is a glaring example of an untrustworthy system. This is a case where Microsoft forced a system update on users regardless of their preferences or whether or not they wanted the update. There was no notification and no warning; they simply replaced some system DLLs. Actions like this beg the question, "Who really controls a system running Windows, the owner of the computer hardware or Microsoft Corporation?"

Another example is the architecture of the Windows Product Activation (WPA) feature. It requires that Microsoft be able to remotely reach out and disable any computer it thinks is running unlicensed software. The fact that WPA sometimes flags valid software as unlicensed is a growing concern for some. It is a "guilty until proven innocent" scheme.

The only way I use Windows now is disconnected from all networks.

Combine the built-in features of Windows with the giant universe of active malware that comes with the platform, and you have a system that screams insecurity. Even with the latest patches applied, the latest anti-virus and anti-kludgeware, and locked in Fort Knox, I would not trust sensitive data to Windows. The only way I use Windows now is disconnected from all networks.

Mac OS X: 7

Being based on BSD, a Unix-like system, OS X starts out far ahead of Windows. The security model is proven (to this day, there have been no OS X viruses or malware in the wild), and the default configuration is generally safe with no unnecessary services running. Mac patches require approval before they are applied, and there is nothing as virulent as WPA waiting to shut you down if you plug in one too many peripherals.

I love using Macs (I'm banging this article out on a Mac), but there are two things that limit my ultimate trust. One is the lack of open source for the some parts of the system, and the second is the track record of Apple toward users. Without complete source, I can't be reasonably sure that Apple won't force a Windows-style stealth patch someday. In fact, I am reasonaly sure they have the ability to do so.

The hyperactive Apple legal department also gives me pause. Could the government or Apple's own legal team have forced the addition of a backdoor in OS X or the ability decrypt FileVault data without a password? I doubt it, but with no way to find out, my trust is limited. Clearly, I trust OS X far more than Windows - and I trust it enough for everyday use.

Linux: 9

Linux addresses all the major trust issues I have with proprietary vendors. I can be certain that no patches will be applied unless I permit it. I can control precisely the software I want to run and can remove any software I don't want to run. I have complete access to all source code, along with many other people, so security issues can be found and fixed quickly.

There is no phoning home and no unlicensed software by definition. I can use encryption algorithms that have stood the test of time and proven strong. I have a strong level of confidence in every part of the system - I trust it, even connected to the big, bad Internet.

The only reason Linux doesn't get a 10 is that the source base is so big that something could be lurking there that doesn't get detected right away. Still, for a high security applicaion, I would choose Linux every time.