OS frustrations

Last week's "sendmail" vulnerability that turned up in Unix and Linux serves to underscore one fact that's becoming painfully obvious for IT managers. Dealing with security vulnerabilities is now a full-time job. Worse, it eats into staff productivity, wastes resources, and keeps your customer service from being as good as it should be. And to top it all off, you know perfectly well that if you miss what turns out to be a major vulnerability, you're toast.

Although there is no shortage of opinions on whether Windows, Linux, or Unix has the biggest problem with security holes, there are, in fact, enough vulnerabilities to go around. Yes, I know that this will generate hate mail from all three camps, but the facts are plain: There are many problems with each OS’s security, and they all make your life less fun than it should be.

Fortunately, a number of products are now emerging that promise to handle the whole process of vulnerability patching; others will tell you whether you need certain patches. None of these products really cover the entire landscape, however, so no matter how you look at it, this issue could be complex indeed.

By now you're wondering why there isn't an OS that isn't so full of holes. You're thinking how nice it would be to find an OS that hasn't had a serious vulnerability in years and doesn't appear on the SANS/FBI Top 20 list. But of course, such OSes couldn't possibly exist. Or could they?

Actually, they do. One of them, Novell NetWare, is nearly as widely installed as Windows. In fact, it's one possibility you should consider if you're looking for stability, freedom from patches, and freedom from sales-driven demands that force you to upgrade annually.

Although it's odd from a historical perspective that NetWare -- once the 500-pound gorilla of the network OS business -- is now thought of only rarely, it remains the most stable and secure of all the major network OSes. In fact, my colleague P.J. Connolly went to the CERT Web site and was able to find only five NetWare vulnerabilities since 2000.

Now, we're not suggesting that you drop everything and start running NetWare. But it is secure -- you can load patches without having to reboot the server; vulnerabilities are rare; and you can use it as a Web, database, and application server. So if you're tired of the daily drumbeat of vulnerability alerts and the weekly patch sessions that last all weekend, it may be time to consider something else, perhaps NetWare. It's certainly time to recognize that your days don't have to be that way and that you do have alternatives.