Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graph of Linux Vs. Windows System Calls

Posted by kdawson on from the linguini-or-angel-hair dept.

cgrayson recommends Richard Stiennon's blog on ZDNet — a post titled Why Windows is less secure than Linux shows a compelling graphical comparison between system calls on the two operating systems. The blogger tips Sana Security for the images. Quoting: "In its long evolution, Windows has grown so complicated that it is harder to secure... [T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."

13 of 302 comments (clear)

  1. OLD news by sproketboy · · Score: 2, Informative

    Posted in last year sometime on zdnet. Is slashdot that out of touch?

  2. Re:FUD? by ejdmoo · · Score: 4, Informative

    Accurate or not, it's a graph of Apache vs. IIS calls, NOT Linux vs. Windows. Also old as hell.

    Another quality article from Slashdot.

  3. Re:Poster? by Anonymous Coward · · Score: 0, Informative

    If you had read digg about 10 months ago you would already have your poster hanging on the wall.

    http://digg.com/linux_unix/%C2%BB_Why_Windows_is_l ess_secure_than_Linux_

  4. Re:FUD? by ajs · · Score: 4, Informative

    It's good that Slashdot is covering it, though. I do like the fact that we periodically get the chance to debunk some of the misinformation on the Web.

    Taken completely out of its original context, the graphs are a useful way to compare real-world examples of C and C++ calling models, though. You'll notice that IIS (C++) has these "clusters" of activity where one routine acts as a nexus for calls into many others. This is fairly standard practice in C++ where you might have an accessor that triggers lots of behavior. In the C version, there's a much more visually procedural pattern where a function calls a few others, and then returns to a function that calls its tree of functions, but might overlap with a few calls to the previous function's utility functions, etc.

  5. Re:Interesting by 0xABADC0DA · · Score: 4, Informative

    It's not hand drawn. They obviously used dot from graphviz. You can't mistake that layout once you've seen it.

  6. Re:Pudding graph by iusty · · Score: 3, Informative

    The article says syscalls, not function calls. The difference between calling models has no relation to syscalls, which are between userland and kernel space.

    More likely, the article shows the difference between Apache and IIS, on one side, and the glibc and however-it's-called windows' base library, on the other side.

  7. Re:This is more a comparison of efficiency to me. by SatanicPuppy · · Score: 3, Informative

    Except for the whole: "[T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."

    RTFS: Read The Fucking Summary.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  8. Re:Poster? by EsbenMoseHansen · · Score: 3, Informative

    It looks as is if it was made by graphViz, which draws diagrams based on a textfile containing the dependencies. So it's probably fair enough in that sense, but the posting the number of edges and the number of nodes would probably be nice as well. Though I'd prefer the source for those 2 images :D

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  9. Re:FUD? by Red+Flayer · · Score: 2, Informative

    The link does nothing more than redirect to the front page. Was it supposed to do something else?
    I checked the link, it goes to firehose. Maybe you don't have access to firehose (it's in Beta, maybe it's karma-dependent for access)? Or maybe you just need to look a little closer, since FireHose does look a little like the main page.

    FYI, FireHose lets users affect submission acceptance by rating the submissions before (and after) they get approved -- this allows for pre-emptive action, and also feedback.
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  10. Re:Looks good. by Atmchicago · · Score: 3, Informative

    I agree with your question. I was thinking of a few ways to analyze the graphs:

    • Count the total number of nodes
    • Count the average number of edges coming out of each node

    The first gives us an idea of the total number of calls involved. The second gives us some idea of how many interactions each call is involved with - more branches would indicate more complexity.

    --

    You can lead a horse to water, but you can't make it dissolve.

  11. Re:Poster? by speculatrix · · Score: 2, Informative

    there are graphviz viewers which allow some interaction, so you could drag nodes about a bit to make it less messy.

  12. Re:Poster? by B.+Pascal · · Score: 2, Informative

    Hi Ietxa2000:

    I agree with your post.

    I like to further question the implicit assumption made by the author of this article: that simplicity is always equal to better security. Yes, a system with a simpler, more elegant design feels better to work with. Yet, it doesn't necessarily means better security.

    Rather than looking at a system's design, I think a more meaningful measurement of a system's security is to look at: 1) the number of people looking for new security flaws, and 2) the time it takes for patches to be released given an exploit. (1) measures how much effort is put into finding not-yet-discovered exploits. If there are not enough people who are looking for new security flaws, then at best, the system is secured by obscurity. (2) measures the responsiveness and effort to fix known exploits. Naturally, if an exploit is found, a user wants that exploit fixed ASAP.

    Looking a system's design (graph), then drawing conclusions about the system's security, is like saying that a system can be done right in the first cut. If the design is done well, then it necessarily results in a good implementation. (Granted, if design is poor, then it's harder to make the implementation good...)

    Cheers.

    B. Pascal

  13. Re:Linux is less secure than Windows by Anonymous Coward · · Score: 2, Informative

    (I can't believe I'm feeding a troll, but I couldn't let this just slip by.)

    All evidence shows that Linux is less secure than other operating systems, in particular Windows.

    Wrong.

    For one thing, this can be explained by the open nature of Linux where anybody has access to all of the encryption algorithms, sources and keys. In the computer world, just like in the human world, it is in environments where anything goes that the worst viruses come to existence.

    Linux uses standard encryption algorithms, just like Windows. 3DES and DSA are the same everywhere. Private keys are still private (Linus didn't pack his GPG key into the latest kernel source, if that's what you're thinking), and public keys public.

    Also, Linux distributions are filled with various backdoors since anyone, including ill-intended foreigners, can add anything to the kernel base and its surroundings. At some point, there was even a hacked version of a compiler that introduced backdoors in every program that it produced!

    OSS isn't run on the Wiki model. All submissions to open-source projects are looked over and verified by the project maintainers. At least with OSS I don't have to worry about backdoors added by certain ill-intended Americans.

    Finally, and probably most importantly, Linux growth happens through the actions of the low-key movement of techies that try to replace everything they can in their organisations with Linux. Apart from acting unprofessionally, these zealots let their feelings for the beloved OS trump any kind of common sense behavior, such as using the right tool for the job. Instead they carelessly introduce vulnerabilities in environments that were previously locked down.

    Wow! Shocking! A valid point! Not exactly a problem with Linux itself, though...

    Yes, this can be a problem. Linux is good, but not perfect for everything. There are some things Windows just does better. The proper response is to fire these idiots. They'd do just as much damage administrating a Windows server

    In short, organisations who value computer security should stay away from Linux, and refrain from hiring those who mention Linux in their resume.

    Really? You should let IBM know about this.