OpenBSD: Users' View

Many users have commented on their use of OpenBSD. The following are all extracts from our public mailing lists or, occasionally, other mailing lists (these have links to the original articles). Postings have been shortened, and edited slightly for spelling and grammar, but are otherwise unchanged.

Matthew Haas says this:

I've been very impressed with OpenBSD since my decision to install it. Definitely a great system, reminds me of my Slackware days, but better.


Grant Bayley, an IT Manager from Australia, writes:

By way of success stories, since a few of us at 2600 Australia started using OpenBSD about 12 months ago now in some form or another, we've seen... friends load it onto their machines and been simply amazed at the quality of it, in particular the forethought that goes into securing things out of the box.

We've also had one of our guys working at an ISP go head-to-head with an in-house SuSE zealot of sorts on a compatibility, stability and security test in advance of them selecting an operating system for their servers (which, while using RedHat, had been rooted at least once). OpenBSD passed with flying colors and as of today, they're beginning a roll-out of 2.6 onto their servers, mostly using stock components and software from the ports tree (qmail, cucipop etc).

System and Network Administrator Jeff Schneiter offers this:

With a frozen budget it sure makes one squeeze every last bit of power out of whatever hardware one can lay his hands on... and thanks to OpenBSD, I have been doing just that.

Tony Sarendal says this:

I tried OpenBSD because of the IPsec support. The reason I stick with it is because it really is nice to use and it gives a feeling of quality which no other OS can match.

I did some programming on an OpenBSD machine, after this I really appreciated the man pages. Other Unices I used had man pages that simply weren't any good.

Keep up the good work guys.

Security Engineer Tyler Allison writes:

I have installed, secured, and maintained Linux, Windows NT and OpenBSD in highly secure environments. (yes you can secure Linux and Windows NT in this environment :) ). Having said that I have to point out that if you want a minimum administration to keep up with security issues option you need to pick OpenBSD by far. It is not uncommon for people to go years without updating their production OpenBSD machines because they are just rock solid and there are no known "remote" vulnerabilities. Thus no good reason to upgrade...

I would feel perfectly happy to have one of my [novice] interns do a basic OpenBSD install on a PC (no extra security work after the install) and then put the companies crown jewels on that machine and then walk away for a year. Knowing full well that machine hasn't crashed, been broken into or in need of an OS upgrade. You can't say that about NT or Linux. Or if you do you obviously havent ever used the product that way :)

Another thing that I hear people point out is go check your local exploit site or vulnerability alert mailing list and see if you can find a "remote" root level exploit that works on OpenBSD. I dare say you won't find any that are less than 12 months old.

Jan Johansson gave this reply to a "how do I build a cheap web server?" query:

I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.

After reading Bugtraq for some weeks I will say that I will never put any (important) machine on the Internet if there is not a firewall in front and for packet filtering I go for OpenBSD...

For a cheap web server I say hardware from a known vendor, an ordered OpenBSD CD-ROM and Apache...

William Yodlowsky at Devry Institute wrote:

[A few] years ago I was just getting into system administration. I learned Linux first. Then one of our old (I mean *really* old) BSDi servers crashed, and it was up to me to rebuild the system.

I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down to "secure and stable" that took the prize. OpenBSD 2.1 was installed.

Since then, I've run 2.1-2.5 on everything from production servers to laptops. We've never (repeat: NEVER) had a break-in.

A coworker setup a RedHat based box to test his skills at setting up SSL and a secure web site. It was hacked literally overnight, and by the next morning was attacking other sites.

Our OpenBSD servers were probed and then left alone.

In the intervening two years, that original server got upgraded and patched several times and the OS never gave us reason to question the reliability or security of OpenBSD.

We have another box, acting as a router for about 800 workstations doing very basic filtering and NAT. It's on a P120 with 32MB RAM and typically the uptime would look like this:

% uptime
 9:05PM  up 266 days,  4:23, 1 user, load averages: 0.06, 0.06, 0.06

As well, OpenBSD runs on my laptop. A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.

And it never crashes :)

One other incident that made me a believer... we were pingbombed [perhaps a predecessor to the early2000 DDOS attacks?]. I mean, 900 different hosts on different networks floodpinging an OpenBSD 2.3 box simultaneously, while it was processing email and web pages for 3500 users.

It was a P133 with 64MB ram. And it didn't go down. It got a bit slower, but never crashed :-)

John J. Adelsberger III said this about us in Bruce Schneier's Crypto-Gram:

(the comments he is responding to are Schneier's)

> Real systems show no signs of becoming less
> complex. In fact, they are becoming more complex,
> faster and faster. Microsoft Windows is a poster
> child for this trend to complexity.
> The other choice is to slow down, to simplify,
> and to try to add security.

OpenBSD does this. I am unaware of any other group whose workings are publicly viewable that does so [emphasis added], which is regrettable, because I would prefer not to have this appear as an OpenBSD plug; rather, my purpose is to point out that not only is this approach feasible, but it is being done.

Andrew Hermetz commented as follows:

Hey all,

Just wanted to drop a line and thank all who have worked to make OpenBSD such a clean, cool, & efficient project.

Major kudos to Theo for being a man ahead of his time! ;-)

As I have to frequently explain to people *why* security is important at all ("if you have nothing to hide...", "nothing you do is important enough to warrant encryption...", "only criminals and terrorists need to sneak around anonymously...", etc. ad nauseam), let alone *why* it's important in this day and age of personal networks behind a DSL or even a full T1, I love being able to point them to a page which sets out a well-reasoned explanation for taking computer security seriously.

[... OpenBSD installed] effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name brand LAN card came right up and did a kickass install over a friend's office T1. When I sing its praises, the thing that seems to get most people is its spartan look & feel, but I like knowing where everything is and not having a distro that shoves [stuff] into dark corners I'll never find...

OpenBSD www@openbsd.org
$OpenBSD: testimonials.html,v 1.9 2000/11/23 19:06:21 jufi Exp $