Fog Creek Software
Discussion Board

Home Web Server - which is good..

Windows or Linux..

From point of view of :

- Hobby application development
- Maintainence

Wednesday, January 28, 2004


Wednesday, January 28, 2004

Erm... what are you looking to do with it?

From a hardware standpoint, even a 200mhz machine (or less) is plenty for a home webserver on either Windows or Linux.

John Rose
Wednesday, January 28, 2004

just have some small database application development.. interest group management within a community, Develop some tools and application to keep abreast.  Yes, i want to make this web site available to a community - so it will be a small ISP..

Wednesday, January 28, 2004

If Linux, use Apache. If Windows (2000/XP/2003) use IIS. The choice is as simple as that in my view :-)

Use whichever OS you are most comfortable with. Personally for internal servers hosting web sites I use IIS running on Windows Server 2003 & 2000 and it works great. Apache on any recent flavor of Linux would work similarly well but I'm less confident with Linux so I used Windows.

James Ussher-Smith
Wednesday, January 28, 2004

I'd say it depends more on what other tools you want.

ASP and COM? Obviously Windows and IIS.

JSP, PHP, or Python? Apache on either would do, but Linux or one of the BSDs would almost certainly be a lot faster. For a database you could use MySQL or Postgres; both offer everything you would need.

My choice would be (and is) FreeBSD, Apache with modpython, and Postgres. Although that's a little harder to install than one of the major Linux distros (especially Knoppix) with php and MySQL.

If you go the Linux/BSD route, also set up Samba so you can access it in Windows Network Neighborhood.

Wednesday, January 28, 2004

FreeBSD or better yet if it will be on the net, OpenBSD.

If not these, go with a Linux that has an easy security upgrade path such as Debian - though it will take more time to get up to speed.

Wednesday, January 28, 2004

I use both platforms for webapp development and my take on it is the following:

+ Faster
+ SSH terminal gives 100% control remotely
- Can be trickier to set up
- Confusing packege dependencies (Havent tried aptget based though)

+ Generally easier (Not as much googling)
+ Windows update
- No straightforward built in way of remote administration (That Im aware of)
- Viruses
- Hoggs more mem and drivespace.

(I use miniITX hardware for my dev servers since they are in my bedroom. )

Eric DeBois
Wednesday, January 28, 2004

Zope, because I'm different and its less likely to be hacked than IIS and easier to set up than Apache, well probably not that actually.

Oh and its cool as well.  Probably the most important thing of all.

Simon Lucy
Wednesday, January 28, 2004

I am running a very simple web site off my home computer.  I tried to do it the Gentoo way, but it was a pain in the ass, even with the simple emerge commands we can use.

So I downloaded Fedora Core 1.  Install, choose options on installation menu, and bam, I have a nice secure (?) site with several layers of protection (including external hardwares) with only SSH and HTTP port open.

Apache on the GUI side is still buggy.  In fact, it shocked me to see how primitive the GUI interface is, considering how widespread Apache is being used these days.  I am also very surprised at the relatively lack of "Apache for newbies" sites out there.  The Apache site have TOO much assumptions built in ("When I say this, I assume you know this, that, that, that, and oh yeah, that one too.")  I pulled someone who know Apache to help me configure the site a bit more correctly.

But ever since that time, it's up and running pretty well.

Fedora is that kind of OS that is 'so close' to prime time.

Wednesday, January 28, 2004

I set up Apache on my Win2k machine without a hitch. Installed MySQL and PHP while I was at it.

I'd be lost in Linux land, but still want to set up Linux on my old 233mhz machine so I can play around with it (read: learn) and maybe run some cool things that don't run in Windows.
Wednesday, January 28, 2004

Can I have both Apache and IIS running at the same time?

Wednesday, January 28, 2004

"Can I have both Apache and IIS running at the same time?"

Yes, but they both can't serve port 80.

I use Apache on my Win2K system.  IIS is just too insecure.  If you look around you can find a package that has Apache, PHP, Perl and other modules already setup so you don't have to do all that.

Wednesday, January 28, 2004


I just started using apt-get.  I used to install mythTV, as it has an insane number of dependencies.  Life saver.  I was sick of downloading an RPM and realizing I needed five others.  Now just:

apt-get install mythtv


Except configuring it.  Now that's where the real nightmare begins.

I used to build everything from tar ball source, but RPM support and tools such as apt-get have come a long way.  I can almost always find RedHat rpms for what I working on now. 

christopher baus (
Wednesday, January 28, 2004


Wednesday, January 28, 2004

The whole IIS is insecure thing is a joke.  Yeah, IIS is insecure -- that's why,, various web sites that I run, etc. etc. are all defaced and down so much because of hackers.  I've *never* had any of my sites compromised and I spend a minimal amount of time on maintenance.  Can anyone actually give an example of a real, exploited hole in IIS that's occurred this century? 

Wednesday, January 28, 2004

I dunno, but my Apache error log is filled with attempts to exploit holes in IIS (mostly URL tricks to execute things that shouldn't be executed).

Almost Anonymous
Wednesday, January 28, 2004

Somebody - its happens alllll the time at large web hosters. Sometimes a few boxes will fail to take a patch and bam, as soon as a new exploit hits, they are compromised.

Dan G
Wednesday, January 28, 2004

"The whole IIS is insecure thing is a joke"

After Nimda hammered my company, I cast IIS aside and didn't look back. 

And Nimda wasn't the only problem...

Johnny Cool
Wednesday, January 28, 2004

" "

This link lists as many viruses on Linux ....!!!!

Wednesday, January 28, 2004

While there may be no technical reason why IIS is less secure than Apache, the truth is that it is more likely to be affected by a worm.

Apache installations vary greatly by processor architecture, libc versions, SSL library versions, and OS.  It's very difficult to write a worm that targets Apache in all of its incarnations.

IIS, on the other hand, is always on Windows and 99.9% of the time on x86.  If you have a buffer overflow that works on your copy of IIS, it will work on almost every single unpatched IIS out there.

If you know what you're doing, IIS can be just as secure as Apache.  Most people don't.  Therefore Apache is more secure in practice for most people.

Richard P
Wednesday, January 28, 2004

Apache also typically runs as a low-ish privileged user.  If someone were to successfully attack it, they would be able to take over the webserver but not the whole box.  (Granted, that is still bad, but the whole box is worse.)

IIS on the other hand typically runs as a high-privileged user (In 2k3 parts of it even run in kernel space!)... means that an IIS vulnerability compromises the whole box.

Of course, I realize that a properly maintained system of either type is unlikely to be compromised.  Use whatever platform you have (or want to get) experience with, or that provides whatever tools you want to use.

Michael Kale
Wednesday, January 28, 2004

The dispatcher runs in kernel space in IIS 6 mode (you can turn that off, if you wish). The vast majority of it runs in a low-ish priviledge mode, just like Apache. For non-ASP.NET applications, it's the IUSR account; for ASP.NET applications, it's the NETWORK SERVICE group.

It's sort of like the stub that has to run as root to allow Apache to bind to port 80, since binding to a port below 1024 requires root. You must have conveniently forgotten that part.

Brad Wilson (
Wednesday, January 28, 2004

Unless you're willing to take the time to become a super admin, get Apache no matter what platform you're on.  On XP Professional or higher, it runs as a service.  Apache is also trivially simple to install, and not particularly hard to configure.  The default config file is very well documented, and the Apache web site gives a lot of good examples. This isn't meant as a dig against IIS, which is a competent server.  It's just that the barriers to entry on Windows are lower, so you can administer a server without having to know that much.  Apache will make you learn just a little bit more and think about what you're doing.  That's a good thing if you don't want to be hacked regularly.

As for configuration GUIs for Apache, don't waste your time.  It wasn't meant to be managed that way. If you really need that kind of interface, Apache isn't the server for you.

Clay Dowling
Wednesday, January 28, 2004

Look, it is one thing to have a bone dead simple GUI.  It is another to have a GUI that set the WRONG configuration for you, and have to be cleaned up by an Apache Guru.

That is how bad the GUI is.  If they would make one, at least make it RIGHT!

Wednesday, January 28, 2004

I can't believe anybody would recommend a Windows user should use Apache over IIS if they had no idea what they were doing. The configuration of an Apache server is not to be taken lightly, and if you have no idea about how to keep up on the holes and patches, you definitely shouldn't be running it.

The IIS install is quite simple. Click ONE checkbox. Updating it is simple: visit Windows Update. IIS has a relatively intuitive GUI for configuration; Apache has a handful of cryptic text files.

Sorry, that's just horrible advice for a newbie.

Brad Wilson (
Wednesday, January 28, 2004

I'd recommend Abyss Web Server which is rapidly gaining popularity (
It is a free personal web server with PHP, Perl and ASP support (I used it with Python too).
Very user friendly and very stable. It is available for Windows, Macintosh, Linux and FreeBSD.

Thursday, January 29, 2004

I think i will stay with windows and IIS.. my forte..

Thursday, January 29, 2004

*  Recent Topics

*  Fog Creek Home