An
operating system (
OS) is an
interface between hardware and user which is responsible for the
management and coordination of activities and the sharing of the
resources of the computer that acts as a host for
computing applications run on the
machine. As a host, one of the purposes of an operating system is
to handle the details of the operation of the
hardware. This relieves application
programs from having to manage these details and makes it easier to
write applications. Almost all computers (including
handheld computers,
desktop computers,
supercomputers,
video game consoles) as well as some
robots, domestic appliances (dishwashers,
washing machines), and
portable
media players use an operating system of some type. Some of the
oldest models may, however, use an
embedded operating system that may
be contained on a
data storage
device.
Operating systems offer a number of services to application
programs and users. Applications access these services through
application
programming interfaces (APIs) or
system
calls. By invoking these interfaces, the application can
request a service from the operating system, pass parameters, and
receive the results of the operation. Users may also interact with
the operating system with some kind of software user interface like
typing commands by using
command
line interface (CLI) or using a
graphical user interface (GUI,
commonly pronounced “gooey”). For hand-held and desktop computers,
the user interface is generally considered part of the operating
system. On large multi-user systems like Unix and Unix-like
systems, the user interface is generally implemented as an
application program that runs outside the operating system.
(Whether the user interface should be included as part of the
operating system is a point of contention.)
Common contemporary operating systems include
BSD,
Darwin ,
Linux,
SunOS , and
Windows NT . While servers generally run
Unix or some
Unix-like
operating system, embedded system markets are split amongst several
operating systems, although the
Microsoft Windows line of operating
systems has almost 90% of the client PC market.
History
Mainframe
Through the 1950s, many major features were pioneered in the field
of operating systems. The development of the
IBM
System/360 produced a family of
mainframe computers available in widely
differing capacities and price points, for which a single operating
system
OS/360 was planned (rather than
developing ad-hoc programs for every individual model). This
concept of a single OS spanning an entire product line was crucial
for the success of System/360 and, in fact,
IBM`s current mainframe operating systems are
distant
descendants of this original system; applications written for
the
OS/360 can still be run on modern
machines. In the mid-70's, the
MVS, the
descendant of OS/360 offered the first implementation of using
RAM as a transparent
cache for data.
OS/360 also pioneered a number of concepts
that, in some cases, are still not seen outside of the mainframe
arena. For instance, in
OS/360, when a
program is started, the operating system keeps track of all of the
system resources that are used including storage, locks, data
files, and so on. When the process is terminated for any reason,
all of these resources are re-claimed by the operating system. An
alternative
CP-67 system started a whole line
of operating systems focused on the concept of
virtual machines.
Control Data Corporation
developed the
SCOPE operating
system in the 1960s, for batch processing. In cooperation with the
University of Minnesota, the
KRONOS and
later the
NOS operating systems were
developed during the 1970s, which supported simultaneous batch and
timesharing use. Like many commercial timesharing systems, its
interface was an extension of the Dartmouth BASIC operating
systems, one of the pioneering efforts in timesharing and
programming languages. In the late 1970s, Control Data and the
University of Illinois developed the
PLATO
operating system, which used plasma panel displays and
long-distance time sharing networks. Plato was remarkably
innovative for its time, featuring real-time chat, and multi-user
graphical games.
Burroughs
Corporation introduced the
B5000 in 1961
with the
MCP, (
Master Control Program)
operating system. The
B5000 was a
stack machine designed to exclusively support
high-level languages with no machine language or assembler, and
indeed the
MCP was the first
OS to be written exclusively in a high-level language –
ESPOL, a dialect of
ALGOL.
MCP also introduced many
other ground-breaking innovations, such as being the first
commercial implementation of
virtual
memory. During development of the
AS400,
IBM made an approach to Burroughs to licence MCP
to run on the AS400 hardware. This proposal was declined by
Burroughs management to protect its existing hardware production.
MCP is still in use today in
the
Unisys ClearPath/MCP line of computers.
UNIVAC, the first commercial computer manufacturer, produced a
series of EXEC operating systems. Like all early main-frame
systems, this was a batch-oriented system that managed magnetic
drums, disks, card readers and line printers. In the 1970s, UNIVAC
produced the Real-Time Basic (RTB) system to support large-scale
time sharing, also patterned after the Dartmouth BASIC
system.
General Electric and MIT developed General Electric Comprehensive
Operating Supervisor (GECOS), which introduced the concept of
ringed security privilege levels. After acquisition by Honeywell it
was renamed to
General Comprehensive
Operating System (GCOS).
Digital Equipment Corporation developed many operating systems for
its various computer lines, including
TOPS-10 and
TOPS-20 time
sharing systems for the 36-bit PDP-10 class systems. Prior to the
widespread use of UNIX, TOPS-10 was a particularly popular system
in universities, and in the early
ARPANET
community.
In the late 1960s through the late 1970s, several hardware
capabilities evolved that allowed similar or ported software to run
on more than one system. Early systems had utilized
microprogramming to implement features on their systems in order to
permit different underlying architecture to appear to be the same
as others in a series. In fact most 360's after the 360/40 (except
the 360/165 and 360/168) were microprogrammed implementations. But
soon other means of achieving application compatibility were proven
to be more significant.
The enormous investment in software for these systems made since
1960s caused most of the original computer manufacturers to
continue to develop compatible operating systems along with the
hardware. The notable supported mainframe operating systems
include:
Microcomputers
The first
microcomputers did not have
the capacity or need for the elaborate operating systems that had
been developed for mainframes and minis; minimalistic operating
systems were developed, often loaded from
ROM and known as
Monitors. One
notable early disk-based operating system was
CP/M, which was supported on many early microcomputers
and was closely imitated in
MS-DOS, which
became wildly popular as the operating system chosen for the
IBM PC (IBM's version of it was called IBM
DOS or
PC DOS), its successors making
Microsoft. In the 80's Apple Computer Inc.
(now
Apple
Inc.
) abandoned its popular Apple
II series of microcomputers to introduce the Apple Macintosh computer with an innovative
Graphical User Interface
(GUI) to the Mac OS.
The introduction of the
Intel 80386
CPU chip with
32-bit
architecture and
paging capabilities,
provided personal computers with the ability to run
multitasking operating systems like
those of earlier
minicomputers and
mainframes. Microsoft responded to this
progress by hiring
Dave Cutler, who had
developed the
VMS operating system for
Digital Equipment Corporation.
He would lead the development of the
Windows
NT operating system, which continues to serve as the basis for
Microsoft's operating systems line.
Steve Jobs, a
co-founder of Apple
Inc., started NeXT Computer Inc.,
which developed the Unix-like NEXTSTEP operating system. NEXTSTEP would later
be acquired by Apple
Inc. and used, along with code from FreeBSD as the core of Mac OS X.
Minix, an academic teaching tool which could
be run on early PCs, would inspire another reimplementation of
Unix, called
Linux.
Started by computer science student
Linus
Torvalds with cooperation from volunteers over the Internet, an
operating system was developed with the tools from the
GNU Project. The Berkeley Software Distribution,
known as
BSD, is the UNIX
derivative distributed by the University of California, Berkeley,
starting in the 1970s. Freely distributed and
ported to many minicomputers, it eventually also
gained a following for use on PCs, mainly as
FreeBSD,
NetBSD and
OpenBSD.
Features
Program execution
The operating system acts as an interface between an application
and the hardware. The user interacts with the hardware from "the
other side". The operating system is a set of services which
simplifies development of applications. Executing a program
involves the creation of a process by the operating system. The
kernel creates a process
by assigning memory and other resources, establishing a priority
for the process (in multi-tasking systems), loading program code
into memory, and executing the program. The program then interacts
with the user and/or other devices and performs its intended
function.
Interrupts
Interrupts are central to operating systems, since they provide an
efficient way for the operating system to interact with and react
to its environment. The alternative—having the operating system
"watch" the various sources of input for events (polling) that
require action—is a poor use of CPU resources.
Interrupt-based programming is directly supported
by most CPUs. Interrupts provide a computer with a way of
automatically running specific code in response to events. Even
very basic computers support hardware interrupts, and allow the
programmer to specify code which may be run when that event takes
place.
When an interrupt is received, the computer's hardware
automatically suspends whatever program is currently running, saves
its status, and runs computer code previously associated with the
interrupt; this is analogous to placing a bookmark in a book in
response to a phone call. In modern operating systems, interrupts
are handled by the operating system's
kernel. Interrupts may come from
either the computer's hardware or from the running program.
When a hardware device triggers an interrupt, the operating
system's kernel decides how to deal with this event, generally by
running some processing code. The amount of code being run depends
on the priority of the interrupt (for example: a person usually
responds to a smoke detector alarm before answering the phone). The
processing of hardware interrupts is a task that is usually
delegated to software called device drivers, which may be either
part of the operating system's kernel, part of another program, or
both. Device drivers may then relay information to a running
program by various means.
A program may also trigger an interrupt to the operating system. If
a program wishes to access hardware for example, it may interrupt
the operating system's kernel, which causes control to be passed
back to the kernel. The kernel will then process the request. If a
program wishes additional resources (or wishes to shed resources)
such as memory, it will trigger an interrupt to get the kernel's
attention.
Protected mode and supervisor mode
Modern CPUs support something called dual mode operation.
CPUs with this capability use two modes:
protected mode and
supervisor mode, which allow certain CPU
functions to be controlled and affected only by the operating
system
kernel. Here,
protected mode does not refer specifically to the
80286 (Intel's x86 16-bit microprocessor) CPU feature,
although its protected mode is very similar to it.
CPUs might have other modes similar to 80286 protected
mode as well, such as the
virtual 8086
mode of the
80386 (Intel's x86 32-bit
microprocessor or i386).
However, the term is used here more generally in operating system
theory to refer to all modes which limit the capabilities of
programs running in that mode, providing things like virtual memory
addressing and limiting access to hardware in a manner determined
by a program running in supervisor mode. Similar modes have existed
in supercomputers, minicomputers, and mainframes as they are
essential to fully supporting UNIX-like multi-user operating
systems.
When a computer first starts up, it is automatically running in
supervisor mode. The first few programs to run on the computer,
being the
BIOS,
bootloader and the operating system have
unlimited access to hardware - and this is required because, by
definition, initializing a protected environment can only be done
outside of one. However, when the operating system passes control
to another program, it can place the CPU into
protected mode.
In
protected mode, programs may have
access to a more limited set of the CPU's instructions. A user
program may leave
protected mode only
by triggering an interrupt, causing control to be passed back to
the
kernel. In this way
the operating system can maintain exclusive control over things
like access to hardware and memory.
The term "protected mode resource" generally refers to one or more
CPU registers, which contain information that the running program
isn't allowed to alter. Attempts to alter these resources generally
causes a switch to supervisor mode, where the operating system can
deal with the illegal operation the program was attempting (for
example, by killing the program).
Memory management
Among other things, a multiprogramming operating system
kernel must be responsible for
managing all system memory which is currently in use by programs.
This ensures that a program does not interfere with memory already
used by another program. Since programs time share, each program
must have independent access to memory.
Cooperative memory management, used by many early operating systems
assumes that all programs make voluntary use of the
kernel's memory manager, and do
not exceed their allocated memory. This system of memory management
is almost never seen anymore, since programs often contain bugs
which can cause them to exceed their allocated memory. If a program
fails it may cause memory used by one or more other programs to be
affected or overwritten. Malicious programs, or viruses may
purposefully alter another program's memory or may affect the
operation of the operating system itself. With cooperative memory
management it takes only one misbehaved program to crash the
system.
Memory protection enables the
kernel to limit a process'
access to the computer's memory. Various methods of memory
protection exist, including
memory
segmentation and
paging. All methods
require some level of hardware support (such as the
80286 MMU) which doesn't exist in all computers.
In both segmentation and paging, certain
protected mode registers specify to the CPU
what memory address it should allow a running program to access.
Attempts to access other addresses will trigger an interrupt which
will cause the CPU to re-enter
supervisor mode, placing the
kernel in charge. This is called a
segmentation violation or
Seg-V for short, and since it is both difficult to assign a
meaningful result to such an operation, and because it is usually a
sign of a misbehaving program, the
kernel will generally resort to
terminating the offending program, and will report the error.
Windows 3.1-Me had some level of memory protection, but programs
could easily circumvent the need to use it. Under Windows 9x all
MS-DOS applications ran in
supervisor
mode, giving them almost unlimited control over the computer. A
general protection fault
would be produced indicating a segmentation violation had occurred,
however the system would often crash anyway.
In most Linux systems, part of the hard disk is reserved for
virtual memory when the Operating system is being installed on the
system. This part is known as
swap space.
Windows systems use a
swap file instead of
a
partition.
Virtual memory
The use of virtual memory addressing (such as paging or
segmentation) means that the kernel can choose what memory each
program may use at any given time, allowing the operating system to
use the same memory locations for multiple tasks.
If a program tries to access memory that isn't in its current range
of accessible memory, but nonetheless has been allocated to it, the
kernel will be interrupted in the same way as it would if the
program were to exceed its allocated memory. (See section on memory
management.) Under UNIX this kind of interrupt is referred to as a
page fault.
When the kernel detects a page fault it will generally adjust the
virtual memory range of the program which triggered it, granting it
access to the memory requested. This gives the kernel discretionary
power over where a particular application's memory is stored, or
even whether or not it has actually been allocated yet.
In modern operating systems, memory which is accessed less
frequently can be temporarily stored on disk or other media to make
that space available for use by other programs. This is called
swapping, as an area of memory can be used by
multiple programs, and what that memory area contains can be
swapped or exchanged on demand.
Multitasking
Multitasking refers to the
running of multiple independent computer programs on the same
computer; giving the appearance that it is performing the tasks at
the same time. Since most computers can do at most one or two
things at one time, this is generally done via time-sharing, which
means that each program uses a share of the computer's time to
execute.
An operating system
kernel
contains a piece of software called a
scheduler which determines how much
time each program will spend executing, and in which order
execution control should be passed to programs. Control is passed
to a process by the kernel, which allows the program access to the
CPU and memory. Later,
control is returned to the kernel through some mechanism, so that
another program may be allowed to use the CPU. This so-called
passing of control between the kernel and applications is called a
context switch.
An early model which governed the allocation of time to programs
was called
cooperative
multitasking. In this model, when control is passed to a
program by the kernel, it may execute for as long as it wants
before explicitly returning control to the kernel. This means that
a malicious or malfunctioning program may not only prevent any
other programs from using the CPU, but it can hang the entire
system if it enters an
infinite
loop.
The philosophy governing
preemptive multitasking is that of
ensuring that all programs are given regular time on the CPU. This
implies that all programs must be limited in how much time they are
allowed to spend on the CPU without being interrupted. To
accomplish this, modern operating system kernels make use of a
timed interrupt. A
protected mode
timer is set by the kernel which triggers a return to supervisor
mode after the specified time has elapsed. (See above sections on
Interrupts and Dual Mode Operation.)
On many single user operating systems cooperative multitasking is
perfectly adequate, as home computers generally run a small number
of well tested programs.
Windows NT was
the first version of
Microsoft
Windows which enforced preemptive multitasking, but it didn't
reach the home user market until
Windows
XP, (since
Windows NT was targeted at
professionals.)
Kernel preemption
In recent years, concerns have arisen because of long latencies
associated with some kernel run-times, sometimes on the order of
100ms or more in systems with monolithic kernels. These latencies
often produce noticeable slowness in desktop systems, and can
prevent operating systems from performing time-sensitive operations
such as audio recording and some communications.
Modern operating systems extend the concepts of application
preemption to device drivers and kernel code, so that the operating
system has preemptive control over internal run-times as well.
Under
Windows Vista, the introduction
of the
Windows Display
Driver Model (WDDM) accomplishes this for display drivers, and
in Linux, the preemptable kernel model introduced in version 2.6
allows all device drivers and some other parts of kernel code to
take advantage of preemptive multi-tasking.
Under Windows prior to
Windows Vista
and
Linux prior to version 2.6 all
driver execution was co-operative, meaning that if a driver entered
an infinite loop it would freeze the system.
Disk access and file systems
Access to data stored on disks is a central feature of all
operating systems. Computers store data on
disks using
files, which are structured in specific ways
in order to allow for faster access, higher reliability, and to
make better use out of the drive's available space. The specific
way in which files are stored on a disk is called a
file system, and enables files to have names and
attributes. It also allows them to be stored in a hierarchy of
directories or folders arranged in a
directory tree.
Early operating systems generally supported a single type of disk
drive and only one kind of file system. Early file systems were
limited in their capacity, speed, and in the kinds of file names
and directory structures they could use. These limitations often
reflected limitations in the operating systems they were designed
for, making it very difficult for an operating system to support
more than one file system.
While many simpler operating systems support a limited range of
options for accessing storage systems, operating systems like
UNIX and
Linux
support a technology known as a
virtual file system or VFS. An operating
system like UNIX supports a wide array of storage devices,
regardless of their design or
file
systems to be accessed through a common
application programming
interface (API). This makes it unnecessary for programs to have
any knowledge about the device they are accessing. A VFS allows the
operating system to provide programs with access to an unlimited
number of devices with an infinite variety of file systems
installed on them through the use of specific
device drivers and file system drivers.
A connected
storage device such
as a
hard drive is accessed through a
device driver. The device driver
understands the specific language of the drive and is able to
translate that language into a standard language used by the
operating system to access all disk drives. On UNIX, this is the
language of
block devices.
When the kernel has an appropriate device driver in place, it can
then access the contents of the disk drive in raw format, which may
contain one or more file systems. A file system driver is used to
translate the commands used to access each specific file system
into a standard set of commands that the operating system can use
to talk to all file systems. Programs can then deal with these file
systems on the basis of filenames, and directories/folders,
contained within a hierarchical structure. They can create, delete,
open, and close files, as well as gather various information about
them, including access permissions, size, free space, and creation
and modification dates.
Various differences between file systems make supporting all file
systems difficult. Allowed characters in file names,
case sensitivity, and the presence of
various kinds of
file attributes
makes the implementation of a single interface for every file
system a daunting task. Operating systems tend to recommend using
(and so support natively) file systems specifically designed for
them; for example,
NTFS in Windows and
ext3 and
ReiserFS in Linux.
However, in practice, third party drives are usually available to
give support for the most widely used file systems in most
general-purpose operating systems (for example, NTFS is available
in Linux through
NTFS-3g, and ext2/3 and
ReiserFS are available in Windows through
FS-driver and
rfstool).
Device drivers
A device driver is a specific
type of computer software developed to allow interaction with
hardware devices. Typically this constitutes an interface for
communicating with the device, through the specific computer bus or
communications subsystem that the hardware is connected to,
providing commands to and/or receiving data from the device, and on
the other end, the requisite interfaces to the operating system and
software applications. It is a specialized hardware-dependent
computer program which is also operating system specific that
enables another program, typically an operating system or
applications software package or computer program running under the
operating system kernel, to interact transparently with a hardware
device, and usually provides the requisite interrupt handling
necessary for any necessary asynchronous time-dependent hardware
interfacing needs.
The key design goal of device drivers is
abstraction. Every model of hardware (even
within the same class of device) is different. Newer models also
are released by manufacturers that provide more reliable or better
performance and these newer models are often controlled
differently. Computers and their operating systems cannot be
expected to know how to control every device, both now and in the
future. To solve this problem, OSes essentially dictate how every
type of device should be controlled. The function of the device
driver is then to translate these OS mandated function calls into
device specific calls. In theory a new device, which is controlled
in a new manner, should function correctly if a suitable driver is
available. This new driver will ensure that the device appears to
operate as usual from the operating systems' point of view.
Networking
Currently most operating systems support a variety of networking
protocols, hardware, and applications for using them. This means
that computers running dissimilar operating systems can participate
in a common
network for sharing
resources such as
computing,
files, printers, and scanners using either wired or wireless
connections. Networks can essentially allow a computer's operating
system to access the resources of a remote computer to support the
same functions as it could if those resources were connected
directly to the local computer. This includes everything from
simple communication, to using networked file systems or even
sharing another computer's graphics or sound hardware. Some network
services allow the resources of a computer to be accessed
transparently, such as
SSH which allows
networked users direct access to a computer's command line
interface.
Client/server networking involves a program on a computer somewhere
which connects via a network to another computer, called a server.
Servers, usually running
UNIX or
Linux, offer (or host) various services to
other network computers and users. These services are usually
provided through ports or numbered access points beyond the
server's
network address. Each port
number is usually associated with a maximum of one running program,
which is responsible for handling requests to that port. A daemon,
being a user program, can in turn access the local hardware
resources of that computer by passing requests to the operating
system kernel.
Many operating systems support one or more vendor-specific or open
networking protocols as well, for example,
SNA on
IBM
systems,
DECnet on systems from
Digital Equipment Corporation,
and Microsoft-specific protocols (
SMB) on Windows. Specific protocols for
specific tasks may also be supported such as
NFS for file access.
Protocols like
ESound, or esd can be easily
extended over the network to provide sound from local applications,
on a remote system's sound hardware.
Security
A computer being secure depends on a number of technologies working
properly. A modern operating system provides access to a number of
resources, which are available to software running on the system,
and to external devices like networks via the kernel.
The operating system must be capable of distinguishing between
requests which should be allowed to be processed, and others which
should not be processed. While some systems may simply distinguish
between "privileged" and "non-privileged", systems commonly have a
form of requester
identity, such as a user name. To
establish identity there may be a process of
authentication. Often a username must be quoted, and each
username may have a password. Other methods of authentication, such
as magnetic cards or biometric data, might be used instead. In some
cases, especially connections from the network, resources may be
accessed with no authentication at all (such as reading files over
a network share). Also covered by the concept of requester
identity is
authorization; the particular
services and resources accessible by the requester once logged into
a system are tied to either the requester's user account or to the
variously configured groups of users to which the requester
belongs.
In addition to the allow/disallow model of security, a system with
a high level of security will also offer auditing options. These
would allow tracking of requests for access to resources (such as,
"who has been reading this file?"). Internal security, or security
from an already running program is only possible if all possibly
harmful requests must be carried out through interrupts to the
operating system kernel. If programs can directly access hardware
and resources, they cannot be secured.
External security involves a request from outside the computer,
such as a login at a connected console or some kind of network
connection. External requests are often passed through device
drivers to the operating system's kernel, where they can be passed
onto applications, or carried out directly. Security of operating
systems has long been a concern because of highly sensitive data
held on computers, both of a commercial and military nature.
The United
States Government
Department of Defense
(DoD) created the Trusted Computer
System Evaluation Criteria (TCSEC) which is a standard
that sets basic requirements for assessing the effectiveness of
security. This became of vital importance to operating
system makers, because the TCSEC was used to evaluate, classify and
select computer systems being considered for the processing,
storage and retrieval of sensitive or
classified information.
Network services include offerings such as file sharing, print
services, email, web sites, and
file transfer protocols (FTP), most
of which can have compromised security. At the front line of
security are hardware devices known as
firewalls or intrusion
detection/prevention systems. At the operating system level, there
are a number of software firewalls available, as well as intrusion
detection/prevention systems. Most modern operating systems include
a software firewall, which is enabled by default. A software
firewall can be configured to allow or deny network traffic to or
from a service or application running on the operating system.
Therefore, one can install and be running an insecure service, such
as Telnet or FTP, and not have to be threatened by a security
breach because the firewall would deny all traffic trying to
connect to the service on that port.
An alternative strategy, and the only
sandbox strategy available in
systems that do not meet the
Popek and
Goldberg virtualization requirements, is the operating system
not running user programs as native code, but instead either
emulates a processor or provides a host for
a
p-code based system such as
Java.
Internal security is especially relevant for multi-user systems; it
allows each user of the system to have private files that the other
users cannot tamper with or read. Internal security is also vital
if auditing is to be of any use, since a program can potentially
bypass the operating system, inclusive of bypassing auditing.
Example: Microsoft Windows
While the
Windows 9x series offered the
option of having profiles for multiple users, they had no concept
of
access privileges,
and did not allow concurrent access; and so were not true
multi-user operating systems. In addition, they
implemented only partial
memory
protection. They were accordingly widely criticised for lack of
security.
The
Windows NT series of operating
systems, by contrast, are true multi-user, and implement absolute
memory protection. However, a lot of the advantages of being a true
multi-user operating system were nullified by the fact that, prior
to
Windows Vista, the first user
account created during the setup process was an
administrator account, which was also
the default for new accounts. Though
Windows
XP did have limited accounts, the majority of home users did
not change to an account type with fewer rights – partially due to
the number of programs which unnecessarily required administrator
rights – and so most home users ran as administrator all the
time.
Windows Vista changes this by
introducing a privilege elevation system called
User Account Control. When logging in
as a standard user, a logon session is created and a
token containing only the
most basic privileges is assigned. In this way, the new logon
session is incapable of making changes that would affect the entire
system. When logging in as a user in the Administrators group, two
separate tokens are assigned. The first token contains all
privileges typically awarded to an administrator, and the second is
a restricted token similar to what a standard user would receive.
User applications, including the
Windows
Shell, are then started with the restricted token, resulting in
a reduced privilege environment even under an Administrator
account. When an application requests higher privileges or "Run as
administrator" is clicked, UAC will prompt for confirmation and, if
consent is given (including administrator credentials if the
account requesting the elevation is not a member of the
administrators group), start the process using the unrestricted
token.
Example: Linux/Unix
Linux and UNIX both have two tier security, which limits any
system-wide changes to the root user, a special user account on all
UNIX-like systems. While the root user has virtually unlimited
permission to effect system changes, programs running as a regular
user are limited in where they can save files, what hardware they
can access, etc. In many systems, a user's memory usage, their
selection of available programs, their total disk usage or
quota, available range of programs'
priority settings, and other
functions can also be locked down. This provides the user with
plenty of freedom to do what needs to be done, without being able
to put any part of the system in jeopardy (barring accidental
triggering of system-level bugs) or make sweeping, system-wide
changes. The user's settings are stored in an area of the
computer's file system called the user's home directory, which is
also provided as a location where the user may store their work, a
concept later adopted by Windows as the 'My Documents' folder.
Should a user have to install software outside of his home
directory or make system-wide changes, they must become the root
user temporarily, usually with the
su or sudo command, which is answered with
the computer's root password when prompted. Some systems (such as
Ubuntu and its
derivatives) are configured by default to allow select users to run
programs as the root user via the
sudo
command, using the user's own password for authentication instead
of the system's root password. One is sometimes said to "go root"
or "drop to root" when elevating oneself to root access.
- For more information on the differences between the Linux
su/sudo approach and Vista's User Account Control, see Comparison of
privilege authorization features.
File system support in modern operating systems
Support for file systems is highly varied among modern operating
systems although there are several common file systems which almost
all operating systems include support and drivers for.
Mac OS X
Mac OS X supports
HFS+ with journaling as its primary file system. It
is derived from the
Hierarchical File System of the
earlier
Mac OS. Mac OS X has facilities to
read and write FAT, NTFS (read-only, although an open-source cross
platform implementation known as
NTFS 3G
provides read-write support to Microsoft Windows NTFS file system
for Mac OS X users), UDF, and other file systems, but cannot be
installed to them. Due to its UNIX heritage
Mac
OS X now supports virtually all the file systems supported by
the UNIX VFS..
Solaris
The
Solaris Operating
System (as with most operating systems based upon
open standards and/or
open source) uses
UFS as its primary file system. Prior to
1998, Solaris UFS did not have logging/journaling capabilities, but
over time the OS has gained this and other new data management
capabilities.
Additional features include
Veritas
(Journaling)
VxFS,
QFS from
Sun Microsystems, enhancements to
UFS including multiterabyte support and UFS volume management
included as part of the OS, and
ZFS (open
source, poolable, 128-bit, compressible, and
error-correcting).
Kernel extensions were added to Solaris to allow for bootable
Veritas VxFS operation. Logging or
journaling was added to UFS in
Solaris 7. Releases of
Solaris 10, Solaris Express,
OpenSolaris, and other open source variants of
Solaris later supported bootable ZFS.
Logical Volume Management
allows for spanning a file system across multiple devices for the
purpose of adding redundancy, capacity, and/or throughput. Solaris
includes
Solaris Volume
Manager (formerly known as Solstice DiskSuite.) Solaris is one
of many operating systems supported by
Veritas Volume Manager. Modern
Solaris based operating systems eclipse the need for volume
management through leveraging virtual storage pools in ZFS.
Linux
Many
Linux distributions support some or all
of
ext2,
ext3,
ext4,
ReiserFS,
Reiser4,
JFS ,
XFS ,
GFS,
GFS2,
OCFS,
OCFS2, and
NILFS. The ext
file systems, namely ext2, ext3 and ext4 are based on the original
Linux file system. Others have been developed by companies to meet
their specific needs, hobbyists, or adapted from UNIX, Microsoft
Windows, and other operating systems. Linux has full support for
XFS and
JFS, along with
FAT (the
MS-DOS
file system), and
HFS which
is the primary file system for the
Macintosh.
In recent years support for Microsoft
Windows
NT's
NTFS file system has appeared in
Linux, and is now comparable to the support
available for other native
UNIX file systems.
ISO 9660 and
Universal Disk Format (UDF) are
supported which are standard file systems used on CDs, DVDs, and
BluRay discs. It is possible to install Linux on the majority of
these file systems. Unlike other operating systems, Linux and UNIX
allow any file system to be used regardless of the media it is
stored in, whether it is a hard drive, a disc (CD,DVD...), an USB
key, or even contained within a file located on another file
system.
Microsoft Windows
Microsoft Windows currently
supports NTFS and
FAT file
systems, along with
network file
systems shared from other computers, and the ISO 9660 and UDF
filesystems used for
CDs,
DVDs, and other optical discs such as
Blu-ray. Under Windows each file system is usually
limited in application to certain media, for example CDs must use
ISO 9660 or UDF, and as of
Windows
Vista,
NTFS is the only file system which
the operating system can be installed on.
Windows Embedded CE 6.0, Windows
Vista Service Pack 1, and
Windows
Server 2008 support
ExFAT, a file system
more suitable for
flash
drive.
Special-purpose file systems
FAT file systems are commonly found on
floppy disks,
flash
memory cards,
digital cameras,
and many other portable devices because of their relative
simplicity. Performance of FAT compares poorly to most other file
systems as it uses overly simplistic data structures, making file
operations time-consuming, and makes poor use of disk space in
situations where many small files are present.
ISO 9660 and
Universal Disk Format are two common
formats that target
Compact Discs and
DVDs.
Mount Rainier is a newer
extension to UDF supported by Linux 2.6 series and Windows Vista
that facilitates rewriting to DVDs in the same fashion as has been
possible with floppy disks.
Journalized file systems
File systems may provide
journaling, which provides safe
recovery in the event of a system crash. A journaled file system
writes some information twice: first to the journal, which is a log
of file system operations, then to its proper place in the ordinary
file system. Journaling is handled by the file system driver, and
keeps track of each operation taking place that changes the
contents of the disk. In the event of a crash, the system can
recover to a consistent state by replaying a portion of the
journal. Many UNIX file systems provide journaling including
ReiserFS,
JFS, and
Ext3.
In contrast, non-journaled file systems typically need to be
examined in their entirety by a utility such as
fsck or
chkdsk for any
inconsistencies after an unclean shutdown.
Soft updates is an alternative to journaling
that avoids the redundant writes by carefully ordering the update
operations. Log-structured file systems and
ZFS
also differ from traditional journaled file systems in that they
avoid inconsistencies by always writing new copies of the data,
eschewing in-place updates.
Graphical user interfaces
Most of the modern computer systems support
graphical user interfaces (GUI),
and often include them. In some computer systems, such as the
original implementations of
Microsoft
Windows and the
Mac OS, the GUI is
integrated into the
kernel.
While technically a graphical user interface is not an operating
system service, incorporating support for one into the operating
system kernel can allow the GUI to be more responsive by reducing
the number of
context switches
required for the GUI to perform its output functions. Other
operating systems are
modular, separating the graphics
subsystem from the kernel and the Operating System. In the 1980s
UNIX, VMS and many others had operating systems that were built
this way. Linux and Mac OS X are also built this way. Modern
releases of Microsoft Windows such as
Windows Vista implement a graphics subsystem
that is mostly in user-space, however versions between
Windows NT 4.0 and
Windows Server 2003's graphics drawing
routines exist mostly in kernel space.
Windows 9x had very little distinction between
the interface and the kernel.
Many computer operating systems allow the user to install or create
any user interface they desire. The
X
Window System in conjunction with
GNOME or
KDE is a commonly-found setup on most Unix and
Unix-like (BSD, Linux, Solaris) systems. A
number of
Windows shell
replacements have been released for Microsoft Windows, which
offer alternatives to the included
Windows
shell, but the shell itself cannot be separated from
Windows.
Numerous Unix-based GUIs have existed over time, most derived from
X11. Competition among the various vendors of Unix (HP, IBM, Sun)
led to much fragmentation, though an effort to standardize in the
1990s to
COSE and
CDE failed for the most
part due to various reasons, eventually eclipsed by the widespread
adoption of GNOME and KDE. Prior to open source-based toolkits and
desktop environments, Motif was the prevalent toolkit/desktop
combination (and was the basis upon which CDE was developed).
Graphical user interfaces evolve over time. For example, Windows
has modified its user interface almost every time a new major
version of Windows is released, and the Mac OS GUI changed
dramatically with the introduction of Mac OS X in 1999.
Examples of operating systems
Microsoft Windows (OS)
Microsoft Windows is a family of
proprietary operating systems that originated as an add-on to the
older
MS-DOS operating system for the
IBM PC. Modern versions are based on the
newer
Windows NT kernel that was
originally intended for
OS/2. Windows runs on
x86,
x86-64 and
Itanium processors. Earlier versions also ran on the
Alpha,
MIPS,
Fairchild (later
Intergraph)
Clipper and
PowerPC architectures (some work was done to port it
to the
SPARC architecture).
As of 2009, Microsoft Windows holds a large amount of the worldwide
desktop
market share. Windows is also
used on servers, supporting applications such as
web servers and
database
servers. In recent years, Microsoft has spent significant
marketing and research & development money to demonstrate that
Windows is capable of running any enterprise application, which has
resulted in consistent price/performance records (see the
TPC) and
significant acceptance in the enterprise market.
The most widely used version of the Microsoft Windows family is
Windows XP, released on October 25,
2001.
In November 2006, after more than five years of development work,
Microsoft released
Windows Vista, a
major new operating system version of Microsoft Windows family
which contains a large number of
new features and architectural
changes. Chief amongst these are a new user interface and visual
style called
Windows Aero, a number of
new security features such as
User
Account Control, and a few new multimedia applications such as
Windows DVD Maker. A server
variant based on the same kernel,
Windows Server 2008, was released in
early 2008.
On October 22, 2009, Microsoft released
Windows 7, the successor to Windows Vista, coming
three years after its release. While Vista was about introducing
new features, Windows 7 aims to streamline these and provide for a
faster overall working environment.
Windows Server 2008 R2, the server
variant, was released at the same time.
Mac OS X
Mac OS X is a line of partially proprietary, graphical operating
systems developed, marketed, and sold by Apple Inc., the latest of which is pre-loaded on all currently
shipping Macintosh computers. Mac
OS X is the successor to the original
Mac OS,
which had been Apple's primary operating system since 1984. Unlike
its predecessor, Mac OS X is a
UNIX operating
system built on technology that had been developed at
NeXT through the second half of the 1980s and up until
Apple purchased the company in early 1997.
The operating system was first released in 1999 as
Mac OS X Server 1.0, with a
desktop-oriented version (
Mac OS X
v10.0) following in March 2001. Since then, six more distinct
"client" and "server" editions of Mac OS X have been released, the
most recent being
Mac OS X v10.6,
which was first made available on August 28, 2009. Releases of Mac
OS X are named after
big cats; the current
version of Mac OS X is nicknamed "Snow Leopard".
The server edition,
Mac OS X Server,
is
architecturally identical
to its desktop counterpart but usually runs on Apple's line of
Macintosh
server hardware. Mac OS
X Server includes work group management and administration software
tools that provide simplified access to key
network services, including a
mail transfer agent, a
Samba server, an
LDAP
server, a
domain name server, and
others.
GNU/Linux and Unix-like operating systems
Ken Thompson wrote
B, mainly based on
BCPL, which he used to write Unix, based on his
experience in the
MULTICS project. B was
replaced by
C, and Unix
developed into a large, complex family of inter-related operating
systems which have been influential in every modern operating
system (see
History).The
Unix-like family is a diverse group of
operating systems, with several major sub-categories including
System V,
BSD, and
Linux. The name "
UNIX" is a
trademark of
The Open Group which
licenses it for use with any operating system that has been shown
to conform to their definitions. "Unix-like" is commonly used to
refer to the large set of operating systems which resemble the
original Unix.
Unix-like systems run on a wide variety of machine architectures.
They are used heavily for
servers
in business, as well as
workstations in
academic and engineering environments.
Free Unix variants, such as
GNU,
Linux and
BSD, are popular in these
areas.
Some Unix variants like HP's
HP-UX and IBM's
AIX are designed to run only on
that vendor's hardware. Others, such as
Solaris, can run on multiple types
of hardware, including
x86 servers and PCs.
Apple's
Mac OS X, a
hybrid kernel-based BSD variant derived from
NeXTSTEP,
Mach, and
FreeBSD, has
replaced Apple's earlier (non-Unix) Mac OS.
Unix interoperability was sought by establishing the
POSIX standard. The POSIX standard can be applied to
any operating system, although it was originally created for
various Unix variants.
Google Chrome
Google Chrome OS is an
open source-
operating system designed by Google to work
exclusively with web applications. Announced on July 7, 2009,
Chrome OS is set to have a publicly
available stable release during the second half of 2010. The
operating system is based on
Linux and targets
specifically designed hardware. The user interface takes a
minimalist approach, resembling that of the Chrome
web browser. Because the
browser will be the only application residing on the
device,
Google Chrome OS is aimed
at users who spend most of their
computer
time on the
Internet.At a November 19, 2009
news conference, Sundar Pichai, the
Google
vice president overseeing Chrome, demonstrated an early version of
the operating system, which included a desktop that closely
resembled the Chrome browser, but with tabs for frequently used
Web-based applications. The netbook running the
operating system booted up in seven
seconds, a time
Google is working to improve.
On the same day,
Google released Chrome OS's
source code under open source licensing as Chromium OS
Plan 9
Plan 9
Ken Thompson, Dennis
Ritchie and Douglas McIlroy at
Bell
Labs
designed and developed the C programming language
to build the operating system Unix. Programmers at Bell Labs
went on to develop
Plan 9 and
Inferno, which were
engineered for modern distributed environments. Plan 9 was designed
from the start to be a networked operating system, and had graphics
built-in, unlike Unix, which added these features to the design
later. Plan 9 has yet to become as popular as Unix derivatives, but
it has an expanding community of developers. It is currently
released under the
Lucent Public
License. Inferno was sold to
Vita Nuova Holdings and has been
released under a GPL/MIT license.
Real-time operating systems
A
real-time operating
system (RTOS1) is a multitasking operating system intended for
applications with fixed deadlines (
real-time computing). Such applications
include some small embedded systems, automobile engine controllers,
industrial robots, spacecraft, industrial control, and some
large-scale computing systems.
An early example of a large-scale real-time operating system was
Transaction Processing
Facility developed by
American
Airlines and
IBM
for the
Sabre Airline
Reservations System.
Embedded systems that have fixed deadlines use a
real-time operating system such
as
VxWorks,
eCos,
QNX,
MontaVista
Linux and
RTLinux.
Windows CE is a
real-time operating system that
shares similar APIs to desktop Windows but shares none of desktop
Windows' codebase .
Some embedded systems use operating systems such as
Symbian OS,
Palm OS,
BSD, and
Linux, although such operating systems do not
support real-time computing.
Hobby development
Operating system
development, or OSDev for short, as a hobby has a large
cult-like following. As such, operating systems, such as
Linux, have derived from hobby operating system
projects. The design and implementation of an operating system
requires skill and determination, and the term can cover anything
from a basic
"Hello World" boot
loader to a fully featured kernel. One classical example of this is
the
Minix Operating System—an OS that was
designed by
A.S. Tanenbaum as a teaching tool but was
heavily used by hobbyists before
Linux
eclipsed it in popularity.
Other
Older operating systems which are still used in niche markets
include
OS/2 from IBM and Microsoft;
Mac OS, the non-Unix precursor to Apple's Mac OS X;
BeOS;
XTS-300. Some,
most notably
AmigaOS 4 and
RISC OS, continue to be developed as minority
platforms for enthusiast communities and specialist applications.
OpenVMS formerly from
DEC, is still under active
development by
Hewlett-Packard.
There were a number of operating systems for 8 bit computers -
Apple's DOS (Disk Operating System) 3.2 & 3.3 for Apple II,
ProDOS, UCSD, CP/M - available for various 8 and 16 bit
environments,
FutureOS for the Amstrad
CPC6128 and 6128Plus. For the
Commodore 8 bit computers, separate operating
systems were designed for the host computers, printers, and disk
drives, with the result that a complex coordination of signals
(TALK/LISTEN protocol) was developed so they could work separately
or in tandem, depending on the tasks at hand.
Research and development of new operating systems continues.
GNU Hurd is designed to be backwards
compatible with Unix, but with enhanced functionality and a
microkernel architecture.
Singularity is a project at
Microsoft Research to develop an
operating system with better
memory
protection based on the .Net managed code model. Systems
development follows the same model used by other
Software development, which involves
maintainers, version control "trees",
forks, "patches", and
specifications. From the AT&T-Berkeley lawsuit the new
unencumbered systems were based on 4.4BSD which forked as FreeBSD
and NetBSD efforts to replace missing code after the
Unix wars. Recent forks include
DragonFly BSD and
Darwin from BSD Unix.
Diversity of operating systems and portability
Application software is generally written for use on a specific
operating system, and sometimes even for specific hardware. When
porting the application to run on another OS, the functionality
required by that application may be implemented differently by that
OS (the names of functions, meaning of arguments, etc.) requiring
the application to be adapted.
This cost in supporting operating systems diversity can be avoided
by instead writing applications against
software platforms like
Java,
Qt or for web browsers. These abstractions have
already borne the cost of adaptation to specific operating systems
and their
system libraries.
Another approach is for operating system vendors to adopt
standards. For example,
POSIX and
OS abstraction layer
provide commonalities that reduce porting costs.
See also
References
- http://www.research.ibm.com/journal/rd/255/auslander.pdf
External links
Wikis
Quiz
Facts
Map
Timeline
Search