Selection Criteria

The criteria for rating Computer security is set by National Computer Security Center (NCSC), a division of National Security Agency (NSA). There are seven levels of computer security. which are A, B3, B2, B1, C2, C1, and D. C2 or above is military-grade security.

It is important to notice that NCSC does not certify an operating system alone. Rather NCSC certifies a complete software and hardware configuration. Novell Netware meets the standard of C2 Security (Red Book), which means that Netware is secure as a network operating system. On the other hand, Windows NT 3.5 meets the standard of C2 Security (Orange book), which means that a NT system is secure as a standalone computer without any network connection. Windows NT 4.0 has not been certified by NCSC yet.

However, after Netware is turned away from IPX/SPX to pure Internet Protocol (IP), Netware may be more vulnerable to hackers. Some common hacking activities such as flooding and denial-of-services attack are IP-based.

A lot of security breach reports pinpoint Windows NT. It is debatable whether the NT system is inherently insecure. Al Decker, managing principal of the global security and privacy services group at IBM, argued that NT is no more vulnerable than any other operating system. However, Mark Sims, the CEO of Netrex, a company specializing in computer security, held a different view. Sims argued that NT is harder to configure for security. And Microsoft's Internet Information Server is even worse. Even with all security patches installed, there are still some vulnerabilities that there are no solutions for.

Regarding Web security, the Mac has achieved a high standard. Once a group in Sweden set out a "Crack-A-Mac" contest in an attempt to test Mac security. Although the Mac Web server was hacked after more than six months, it was due to a hole in an improperly configured third-party software application.

In 1999, after a US Army website had been hacked, the Army moved its web sites from the Windows NT platform to the Mac platform, running WebStar Web Server. The website administrator explained that the rationale of the migration is based upon the recommendation of the World Wide Web (W3) Consortium. According to W3, the Mac platform is more secure than its counterparts for a number of reasons. For instance, Macintosh does not have a command shell and it does not allow remote logins. W3 also said it found no specific security problems in either the software or the server.

Robustness and high availability

A robust computer does not crash easily. Windows NT tries to accomplish this goal by dividing its resources into three rings. Ring 0 is the core reserved for the operating system only while other rings can be accessed by application software. Under this partitioning, when an application fails, the operating system is unaffected. However, it is generally agreed that NT is less stable than Netware and UNIX.

Windows NT faces harsh criticisms for the system failure of USS Yorktown in September, 1998. USS Yorktown is a "smart ship" equipped with Windows NT, which automates several key functions of the warship. During maneuvers off the coast of Cape Charles, VA., the Yorktown lost control of its propulsion system due to a computer system failure and was towed back to the port. Some critics question what if this happens in an actual combat situation.

A server with high availability seldom or never closes its door to users. Besides robustness, there are several other ways to achieve high availability. For example

• Disk mirroring: Use two separate hard drives to duplicate information

• Disk duplexing: Use two sets of hard drive controllers and hard drives to duplicate information.

• Redundant Array of Independent Disks (RAID): Configure multiple disk drives for data redundancy.

• Clustering: Using multiple servers as mutual backup. There are two aspects of clustering: fault tolerance and load balancing. Fault tolerance, also known as fail over, allows the second server to take over services when the first one fails. Load balancing, also known as load sharing, spreads client requests evenly to multiple servers. Loading sharing is related to performance issues rather than availability issues. Both Windows NT and Windows 2000 Advanced Server support 2-node clustering. Windows 2000 Data Center expands the clustering service to 4-node. Novell supports 8-32 servers for clustering. Various UNIX versions can go beyond all of the above.

Sometime availability has nothing to do with crashing or the lack of redundancy. Rather a simple administrative task may make the server unavailable. For instance, many maintenance tasks on NT require the server to be rebooted. This does not happen to UNIX and Linux very often.

Performance and scalability

Performance is defined by the response time and the number of concurrent users that a system can support. Scalability is room for growth in a system. They are strongly associated with each other: if a system can be expanded, it can also achieve high performance, of course. It is generally agreed that NT has lower performance than Netware and is less scalable than UNIX. For instance, in 1999 Wirless One replaced eight NT servers at its headquarters with three Netware servers because NT could not handle the WAN connections to 23 Wireless One offices. Some Netware users reported that Netware 5.1 could support as many as 800 to 1000 users per server. NDS eDirectory could be scaled up to support 1 billion objects per tree. An UNIX server can easily be scaled up to 64 processors, but a Windows NT server hardly goes beyond four CPUs. Microsoft intends to dethrone UNIX by introducing Windows 2000 DataCenter. According to Microsoft, with proper configurations W2K DataCenter could be as scalable as UNIX.

Actually, in terms of robustness, availability and performance, older platforms such as IBM's mainframe and DEC's mini computer are better. MVS/390 can drive up to 90 percent of utilization without loss of effectiveness and hardly crash. VMS clustering can support multiple nodes to achieve extremely high availability. However, they are not servers or networks by the definition mentioned before.

User-friendliness

There are two aspects of user friendliness, namely, ease of installation and ease of administration. For the first one, it is not surprising that the king is Macintosh. A Mac server can be installed and configured in just a few minutes. In regard to ease of administration, I endorse Netware. NDS centralizes all network resources and significantly reduces the time and cost of administration.

Interoperability and comprehensiveness

Interoperability is a modern term of compatibility, which is highly related to comprehensiveness. When a company provides a variety of products, a user can get a comprehensive package from just one vendor. And, ideally speaking, if all products are from the same vendor, it is more likely that they are compatible. However, it is difficult, if not impossible, for one single company to be the best in every field. Realistically, many organizations maintain heterogeneous computing platforms according to different task natures. If one does not have time to shop around, no doubt Microsoft provides a relatively comprehensive package, including networking operating system, desktop operating system, web server, web browser, database, and so on.

Summary

[an error occurred while processing this directive]