After the CrowdStrike incident, I decided to remind everyone that Windows has no business running business critical applications. In this article I will cover why it’s not a good idea and why it’s a great idea to have UNIX/Linux derivatives to run business critical applications.
First let’s describe how Windows evolved into the operating system of today and why it cannot change its core architecture to accomodate business critical applications die to the lack of of what I call foundational security.
As you probably know, the Windows operating system was originally developed by a joint venture between Apple and Microsoft; the latter then stole the code and proposed Windows 1.0.
Before I continue, I have to describe the problem in the Windows foundation which is causing all the security problems we see with it, including Viruses.
In the most basic term, every program launched on Windows get what is called a process, each process can create multiple processes, but for the sake of simplicity, let’s remain at one. Such process is simply an instance of the application loaded in memory and executed. A process can access memory, disc, and any other channel available to the operating system. The main problem with Windows is that originally, the Kernel (the core of the Windows operating system) did not implement process isolation, meaning that a process can access the entire memory bank, including memory written by other process, bang, when I say that, you should now immediately think Virus, yes viruses operate under this capacity.
Now Windows has implemented process isolation to an extent, but, the problem is that it’s an afterthought, and until the entire core of Windows is rewritten, vulnerabilities will be a part of Windows. There is talk that Windows will implement a Linux kernel to implement a secure process isolation. But this are all rumors.
Now let’s talk about UNIX/Linux derivatives, process isolation is built-in the kernel, and every process cannot simply read other processes shared memory space. To achieve IPC (Inter Process Communication) you have to go out of the process and re enter a different process. This creates a level if security in which Viruses are simply not possible.
Now, you probably are thinking, wait, antivirus software is also available for Linux and other UNIX flavors, and you are right. The reason why we run antivirus software on UNIX/Linux is to catch files that contain viruses and prevent spreading to Windows. So, if you use UNIX/Linux as a file share server, you can block files that a Windows computer saves into a file system belonging to Linux and prevent the spread to another Windows computer.
At this point, I really want you to think why you should not run any business critical applications on anything other than UNIX/Linux.
I hope that you have learned something here and feel free to share the knowledge.
Happy reading and type away…