I'll list sources at the end of this...

There are many reasons that people choose Linux over Windows for a server. One concern is cost. You may think that the standard Windows XP Professional / 2000 Professional Operating System that costs around $300 or so is expensive... A license for Windows 2000 Server (Not Adv. Server or Datacenter Edition which is OEM only) starts at $1,000 and goes to $4,000 for 2003 Enterprise Edition. Luckily, you do not need such extravagent licences to run a *basic* web server, such as IIS 4 and 5. Unfortunately, the most recent version of IIS is 6, and is only available with Windows Server 2003 which starts at $1,000/$1,200, and $4,000 for the Enterprise Edition...

As you can imagine..., the costs associated with that filter down to the person who pays a hosting company to use the server...you. Luckily, it is possible to be a web host with the cheaper $1,000 version of Windows Server 2003 to get IIS 6.0. Otherwise, the companies hosting with older servers will have to buy 3rd party programs to add into IIS 4/5, and those aren't very cheap; although they *could* probably even write their own.


With Linux, many times the very popular Apache web server is bundled in large distributions. If not, you can head over to http://www.apache.org and download your own copy. The Operating System can be freely downloaded. The mySQL (database) server is freely avaliable also. Same with support for PHP, and any other scripting languages also. So there is a huge price advantage there. I guess that Microsoft's claims that Windows was cheaper to maintain than Linux are for a very small and specific class of users...no idea who they are though.


So, after the people running the server save cash on the OS and hopefully charge less, the next important part is security... The people stuck on IIS 4/5 and not wanting to pay the cash for 2003 Server with IIS6 are at a disadvantage here, and will need lots of help from 3rd party software that can be expensive. Of course, if they know exactly which software they need they can cut costs by getting the better software, but there have been times where people have complained that some of the software broke compatibality with older web sites. Fortunately your site would be new, and you should find a good script / solution that this won't be an issue (compatibility).

Another thing about security on IIS... IIS is hugely targed by virus writers and black hat hackers. Remember Code Red? That attacked IIS very quickly. I guess there may have been a second worm that traveled through IIS even faster some time after that, and MS had offered a patch that nobody applied. Supposedly even patched systems were vulnerable? I don't quite remember much of this, but basically anyone running IIS was targeted by it.


Meanwhile Apache simply returned a 404 error and logged it in the error log since the default.ida file or whatnot doesn't exist I think. On my own server, I found a 30MB file laying around and renamed it default.ida so that the 404 wouldn't show up in the error log. In a month's time my server had uploaded it many, many times; well over 1 GB uploaded... At the very least, while their infected servers were choking on the speed my 30MB file was uploaded to them they might not have been able to infect other people's servers. I haven't really heard of any major vulnerabilities about Apache, but every once in a while there are some big releases that many Linux System Admins (usually) quickly pick up. Recently keeping up to date in Linux has been made much easier with automated e-mails and such for OS like Red Hat Linux (Also known as Fedora Linux).


As long as they only allow needed web services to be open to the Internet (FTP/HTTP/HTTPS/Email, etc) stuff such as Net Bios doesn't come in to play. (Port 135, etc) Overall I think, those services are more secure on Linux. Plus Linux does better to prevent different users from modifying each other's stuff, so if someone else on the server (most times you will share a server with 10-20+ other people) has their website compromised for some reason or another such as a vulnerable script, you have less chance of losing your web sites data. Most any Microsoft Vulnerability I have seen recently has some code or another that grants System (Administrator) access. If someone's website is hacked and the hacker runs that code, in most cases that Windows box is doomed. In Linux, I think they are limited to the current user and gaining root access is more difficult. So even if someone looses their website to some vulnerability, your section on that server isn't threatened as much provided the Administrator of the server seperates the users logically.


Anyways, most of this information will come from testimonials. You will want to find out what other people thought of a web host before you sign up for them. My friend signed up to one that had good prices, and later found out they have regular network downtimes. They have been fairly friendly to him though, although in the end it is costing quite a bit more for him. Just so you know, he uses 1T3 as his host. I recommend that you stay away from them for your website though.

BTW, build a list of features you will need. You definately need encryption offered by HTTPS. You will need server-side scripting, and database access. PHP and mySQL are very popular. Also, one important thing is payment. IE how do they pay? Via credit-card you will need to work something out with invididual credit card companies, although I doubt that someone would want to give out credit-card information to a small business online. I don't really know much about this topic though, so you will need to do the research. Perhaps pay-pal? Payment methods definately need to be thought through. Good luck.


Misc Web Links Concerning What I Mentioned:
Something about supporting compression in HTTP, IIS, Apache, and other servers - http://itmanagement.earthweb.com/col...le.php/3068161
Pricing for Windows 2003 Servers - http://www.microsoft.com/products/in...3740d&type=ovr
Pricing for Windows 2000 Servers - http://www.microsoft.com/windows2000...ng/default.asp
Code Red - http://www.cert.org/advisories/CA-2001-19.html