blogs

Threat Chaos

April 14, 2006

Why Windows is less secure than Linux

Posted by Richard Stiennon @ 8:35 am
Digg This!

Windows is inherently harder to secure than Linux. There I said it. The simple truth.

Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.

The first picture is of the system calls that occur on a Linux server running Apache.

 SysCallApachesmall.jpg

See larger image here

This second image is of a Windows Server running IIS.

 SysCallIISsmall.jpg

See larger image here. A picture is worth millions of words.

 

Thanks to Sana Security for generating and providing these images.

Please note that 1. I am not a journalist. 2. I do not work for ZDnet. 3. I am an independant blogger. 4. This is a blog entry not a news article.

Categories: Security

Read the latest Talkback post Why, oh why then...
...do you choose to justify Windows if its so great? So here is my declaration: I've used SUSE Linux... (Read the rest)

3 Trackback

The URI to TrackBack this entry is: http://blogs.zdnet.com/threatchaos/wp-trackback.php?p=311

  • Why Windows is less secure than Linux Threat Chaos ZDNet.com

    Why Windows is less secure than Linux | Threat Chaos | ZDNet.com. Ever wondered why impartial experts claim Windows is more difficult to secure? (Not less secure, more difficult to secure. Don’t flame me.) This article uses diagrams to …

    Trackback by Stephan Sokolow's Blog @ 3:31 am April 15, 2006

  • Windows+IIS vs. Linux+Apache (and baby vs. baby)

    Holy weblog observations, Batman! It's IT Blogwatch, in which it's "proven" than Windows+IIS is less secure than Linux+Apache. Not to mention the site that asks, "Which baby is cuter?"…

    Trackback by Computerworld Blogs @ 5:28 am April 17, 2006

  • Why Windows is less secure than Linux

    Why Windows is less secure than linux | Threat Chaos | ZDNet.com Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown …

    Trackback by JOURNAL MTEQC BLOG @ 2:16 am April 18, 2006

Popular white papers, webcasts, and case studies


Made with WordPress

Help | Advertisements | Feedback | Reprints | Newsletters