Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Why Windows is less secure than Linux
Ziff Davis ^ | April 14, 2006 | Richard Stiennon

Posted on 04/14/2006 4:02:05 PM PDT by Halfmanhalfamazing

A picture is worth millions of words.

(Excerpt) Read more at blogs.zdnet.com ...


TOPICS: Computers/Internet
KEYWORDS: apache; capitalism; gebait; linux; security; windows
Navigation: use the links below to view more comments.
first 1-2021 next last
Linux and Apache...........

Now, Windows and IIS.......

(click for larger size)

1 posted on 04/14/2006 4:02:08 PM PDT by Halfmanhalfamazing
[ Post Reply | Private Reply | View Replies]

To: Halfmanhalfamazing

2 broken links?

I am underwhelmed


2 posted on 04/14/2006 4:03:18 PM PDT by freedumb2003 (Don't call them "Illegal Aliens." Call them what they are: CRIMINAL INVADERS!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: freedumb2003

What are you talking about, the links work fine.


3 posted on 04/14/2006 4:04:55 PM PDT by Halfmanhalfamazing (Linux, the #2 OS. Mac, the #3 OS. Apple's own numbers are hard to argue with.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Halfmanhalfamazing

I just get broken link icons and when I click my browser just hangs...


4 posted on 04/14/2006 4:07:23 PM PDT by freedumb2003 (Don't call them "Illegal Aliens." Call them what they are: CRIMINAL INVADERS!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Halfmanhalfamazing
What are you talking about, the links work fine.

The links don't work for me either, and no images are displayed.

5 posted on 04/14/2006 4:16:11 PM PDT by TChad
[ Post Reply | Private Reply | To 3 | View Replies]

To: freedumb2003

...must be using windows as fedora 4 linux and opera work just fine.


6 posted on 04/14/2006 4:19:34 PM PDT by xcamel (Press to Test, Release to Detonate)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Halfmanhalfamazing

The images are finally up and the link now works. I think that blogs.zdnet.com was down for maintenance.

Interesting images, that apparently come from somewhere (where?) on the Sana Security website. I would like more detailed info about what those images represent.


7 posted on 04/14/2006 8:05:31 PM PDT by TChad
[ Post Reply | Private Reply | To 3 | View Replies]

To: TChad
Yeah ...

It says the images show the system calls done to serve up a web page by Apache and IIS. But they don't look like that to me. They look more like a call graph.

System calls form a flat space - one such call does not nest a call to a second. These images show a nesting sort of graph structure.

Perhaps these images are the call graph of subroutines with Apache and IIS that are called while handling a request for a page.

If so, these images aren't showing anything about Linux and Windows, as operating systems, rather only showing something about two web servers, Apache and IIS. They show a more complex call graph for IIS, which is plausible.

I suspect that the blogger Richard Stiennon presenting these images on blogs.zdnet.com doesn't fully understand what he is presenting. Since he doesn't provide useful links back to the source of the images, or useful detail on what they represent, we'd be best not to make much of them.

8 posted on 04/14/2006 8:20:39 PM PDT by ThePythonicCow (The biggest Lie of all: that we are the Master of Knowledge.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ThePythonicCow; All
Anti-Gates Sarcasm Torpedo ARMED. FIRE!!

"I tell you, on this Mac I will build my church. And the Hell of Gates shall not prevail against it."

Cheers!

9 posted on 04/14/2006 10:21:56 PM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ThePythonicCow
I wish I worked with intelligent people like you - who understood (and could probably even generate w/CASE tools) call graphs, who know what BNF is used for, who know Amdahl's Law (80/20 performance rule), and generally have a good solid grasp of theory. This kind of stuff rekindles the love I once had for software engineering and system architecture.

I contract for a software company run by a female high-school dropout with little concept of what we sell (she got the company via a divorce settlement). Rush, rush, rush! Don't write specs, no time for that! Code! Type faster! </rant>

That aside, I am not certain what these images convey, but then I have not yet read the article...

10 posted on 04/14/2006 10:23:25 PM PDT by Lexinom
[ Post Reply | Private Reply | To 8 | View Replies]

To: Halfmanhalfamazing
Why Windows is less secure than Linux

Three words..."Security by Obscurity."

I'm sure that I will be refuted by the counter-culture Mac and Linux users that still haven't gotten over their anti-parent-rebellion issues...but it's a fact.

Windows is more prevalent, so it is more commonly attacked.

I'm not a big Windows fan, I like Linux and VMS, but I don't let this define my life. More people make more applications for Windows. Windows, therefore, rules. Get over it. If you can't handle it, go watch a movie on your Betamax or something.

11 posted on 04/14/2006 10:32:36 PM PDT by Washi
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad
Here is what they represent (excerpt from article):

Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.

He's spot-on, and I've experienced this for years. Taking an evolutionary approach to software design, whereby the software as a whole evolves organically to meet changing needs and demands, inherently leads to entropy. I know. I work for a company that, despite years of advice from seasoned senior-level developers, refuses to refactor on account of the time. Instead they spend far MORE time debugging the after-effects of short-term hacks - choosing a 1 week fix plus 5 weeks debugging over a single 3-week refactoring.

Microsoft is smarter than that but the O/S is inherently more organic (i.e. interdependent) than Linux. The lawsuit in '98 bore this out (I.E. being included as "part" of the O/S). More organicity means more interdependencies, as he notes.

Linux, by virtue of its very development model (open, worldwide), is inherently modular rather than organic. Hence it is easy to put different skins on X, and easy to secure individual daemons, which are discreet processes. It is better and more secure because it is simple.

I also cannot help but think that Linux developers are largely under far less pressure than Microsofties. Less pressure = more time to implement something simple with higher quality.

Just my thoughts.

12 posted on 04/14/2006 10:33:16 PM PDT by Lexinom
[ Post Reply | Private Reply | To 7 | View Replies]

To: Lexinom
Heck - I've designed and written a call graph analyzer for C, using a modified version of Steve Johnson's portable C compiler.

(thanks for the excuse to do a little braggin')

13 posted on 04/14/2006 10:44:56 PM PDT by ThePythonicCow (The biggest Lie of all: that we are the Master of Knowledge.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: ThePythonicCow

Hey, I've used a tool like that!

That's cool.

I thought it would be neat to write a canonical parser which actually takes in the definition of the language in BNF-grammar-like form and actually generates the grammar internally, which it then uses for the actual parsing. A multi-linguistic parser, if you will. This would be the food for the Lexical Analyzer, Semantic Analyzer, and the third one which escapes me right now (it's been a little while).

Tricky part would be generating output.

I suppose this is the sort of thing the .NET framework is based off of, but I never get to work the new and cool stuff. That's why I'm getting the heck out of software in favor of business. But I still love software and elect. engineering, and probably always will.


14 posted on 04/14/2006 10:51:14 PM PDT by Lexinom
[ Post Reply | Private Reply | To 13 | View Replies]

To: Lexinom
He may be spot on about the general idea that poorly factored spaghetti code is harder to maintain and hides more bugs.

But what he actually says is confused gibberish.

Even the number of subroutine calls is a poor indicator. When I refactor a program to reduce code duplication and remove the special case logic that is the bain of reliable programs, I usually end up with more subroutines, not less, as subroutines are one of the most useful tools for organizing and isolating program complexity.
15 posted on 04/14/2006 10:57:42 PM PDT by ThePythonicCow (The biggest Lie of all: that we are the Master of Knowledge.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Lexinom
The canonical parsers are tools such as YACC, which generate parsers from a BNF like language description.
16 posted on 04/14/2006 11:01:06 PM PDT by ThePythonicCow (The biggest Lie of all: that we are the Master of Knowledge.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: ThePythonicCow
Actually, I was thinking that part of the bottom image looked sort of like a tugboat.

I scanned through the Sana Security site. The Sana security software attempts to recognize patterns of system calls that identify a healthy computer system/network. The software can then recognize changes in that pattern after malware infection. Maybe the images have to do with those patterns.

17 posted on 04/14/2006 11:14:59 PM PDT by TChad
[ Post Reply | Private Reply | To 8 | View Replies]

To: ThePythonicCow

Right. That's the tool I've used. But iirc it does it at bind time not run time.

Oh well.


18 posted on 04/14/2006 11:16:10 PM PDT by Lexinom
[ Post Reply | Private Reply | To 16 | View Replies]

To: ThePythonicCow
Yes, his general idea. The spaghetti aspect grows out of years of evolutionary development and associated cross-dependencies. One of the most popular misnomers is that of Windows as an Operating System. It's not. It's an entire environment that, oh by the way, happens to include an O/S.

What you've observed is sharper and more concrete.

Having many subroutines is a trait of a well-designed layered system, among other things. You can also have too many subroutines, I believe. Having a subroutine, complete with error checking, for the most minute and atomic tasks (painting a pixel, for example) - requires needless repetition of potentially expensive operations that could be shared with a slightly more organic model. Session state blocks solve some of this (objects are a form of that). But that is a discussion for another time.

On the whole, I agree that I will end up with more subroutines on refactoring, esp. if the original code was written under incredible stress/duress.

19 posted on 04/14/2006 11:34:54 PM PDT by Lexinom
[ Post Reply | Private Reply | To 15 | View Replies]

To: ThePythonicCow

Interesting.


20 posted on 04/15/2006 5:37:29 AM PDT by Halfmanhalfamazing (Linux, the #2 OS. Mac, the #3 OS. Apple's own numbers are hard to argue with.)
[ Post Reply | Private Reply | To 8 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson