Running Apache on Windows Platforms

Before anyone bashes me, please hear me out.

I know there are people will probably cringe at the thought of running
Apache on a windows platform (Specifically XP), I was just wondering
what are some SPECIFICS people who desire to run, or more less
experiment, running apache on a windows machine. I have setup up and
successfully ran apache on both the linux and windows platforms, and
currently run 2 servers on each for a "test" run, to see which, if
either, has any significant security flaws. Both servers are hidden,
in order for someone to find them one would have to either know it
existed, or ran a scanner. Although both have seen numerous
'malicious intent' both were neither affected in anyway.

Would it be safe to say that servers ran on a *nix based system is
safer because the sysOp's are more knowledgable on computers,
software ect than Windows would be. Could it be software issues?

I'd like to see some specific information regarding this. Other than
simply '*nix systems rule in all aspects' which to me seems the
majority rule, but on the other hand both seems to run equally well,
not being a platform specific, but just users of a specific platform
being a tad more experienced in such things.

Thanks for any input.

Much Regards

Re: Running Apache on Windows Platforms

LiquidSnake writes:

> Would it be safe to say that servers ran on a *nix based system is
> safer because the sysOp's are more knowledgable on computers,
> software ect than Windows would be.

That's part of it. Another part of it is that UNIX platforms are more
transparent--it's easier to figure out what is going on in the system,
and what is running, and so on. You can strip UNIX systems so that the
only thing that is running (and the only thing that can run) is your Web
server. If you don't strip the system, at least you can still control
what does and doesn't run, and you don't have to wonder or guess about
"mystery" processes. Under Windows, a lot of the OS is opaque, and it's
hard to tell whether everything inside the system is kosher or not. Is
the process JJRIU43.EXE a legitimate Windows process, or a Trojan?
Sometimes you really don't know.

> Could it be software issues?

Windows is overly complex for something like a Web server, even though
it seems superficially simpler thanks to a friendly GUI. UNIX is more
arcane, but the architecture is simpler. Once you are accustomed to
UNIX, you have a much better handle on your system, which is important
when the system is open to the Net (as for a Web server).

I've run Apache on both Windows and UNIX, and IIS on Windows, and I find
that Apache on UNIX gives me the best control over what the system is
doing, and the best visibility into what is happening on the machine at
any given instant.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

Re: Running Apache on Windows Platforms

Post removed (X-No-Archive: yes)

Re: Running Apache on Windows Platforms

"LiquidSnake" wrote in
message news:1110862853.a6c19e59b5fb54b240c6cdd3de924cab@teranews...

> Both servers are hidden,
> in order for someone to find them one would have to either know it
> existed, or ran a scanner. Although both have seen numerous
> 'malicious intent' both were neither affected in anyway.
>

I run Apache2 on windows XP as a test server for development. You can
prevent internet access using your firewall.
For example I use Zone Alarm and have permissions for Apache set like this:
Access: Trusted zone allowed, Internet zone disallowed.
Server: Trusted zone allowed, Internet zone disallowed.

HTH,
Dave

Re: Running Apache on Windows Platforms

Post removed (X-No-Archive: yes)

re:Running Apache on Windows Platforms

I think it really boils down to how well the sys admin knows there
chosen OS. MS's processes aren't a mysterious bunch, and with the
right software any new processes have to be authenticated PRIOR to
running. As for stability MS has finally stepped up to the plate.
Both *nix, and systems based off of the Win 2000 kernel (XP, 2003)
have extremely long uptimes. Both OS's are designed for networking,
both have security at the file level based on user(s) logged in.
Linux however has a faster development curve, but there are many good
programmers who port, or write great software for the windows enviro.
too.

All in all I say go with what you know security is no better than what
you can set it at.