Slashdot Mirror
Graph of Linux Vs. Windows System Calls
cgrayson recommends Richard Stiennon's blog on ZDNet — a post titled Why Windows is less secure than Linux shows a compelling graphical comparison between system calls on the two operating systems. The blogger tips Sana Security for the images. Quoting: "In its long evolution, Windows has grown so complicated that it is harder to secure... [T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."
Where can I get a high res version of that image to print out poster size? That's great!
Those pictures look great.
Suddenly I am hungry for spaghetti.
mmmMmm Food.
Damn. Windows *is* evil. It is making me fat!
Posted in last year sometime on zdnet. Is slashdot that out of touch?
what can I say? I'm impressed, you can click on the larger images and still not see a god damn thing
Can anyone verify the accuracy of the "graphs"?
Interesting, they look hand drawn. I wonder if arbitrary complexity could be visually added by using a suboptimal drawing pattern.
Where is the Vista version?
The article is dated April 14th, 2006. Nice.
The photos are completely unreadable and mean absolutely nothing. Let's see the entire graph with labels so that we can know exactly what's going on during the calls. From that graph, for all we know, we could be looking at more than what they claim.
and I thought goatse was taken down.
it is only after a long journey that you know the strength of the horse.
NO! This is a terrible, terrible misuse of information. The person who came up with those graphs should be forced to read "The Visual Display of Quantitative Information" Edward R Tufte until their eyes fall out!
IIS is written in C++.
Apache is written in C.
These graphs show the different calling models of C++ and C.
That is *all* they show.
Never have I seen papers or research that implies the number of system calls correlates to security. What's next, implying MS-DOS is more secure than Linux based on numbers of system calls and lines of code?
Comparing the complexity of system calls made by two different programs on two different OSes and then using that solely to judge the two differing OSes seems like an astoundingly flawed comparison. Seeing as Apache runs on Linux and Windows it seems pretty obvious that they should've used at least used the same program to make this comparison even slightly relevant.
I'm not saying Windows isn't worse than Linux in this respect, just that this article proves nothing.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Well, not only that, but it has nothing to do with Windows and Linux. More like, Apache and IIS. You could run Apache on your Windows box, which I'm sure LOTS of people do.
The normal usage of syscall is something that has to transfer control to the system, from your program. Things like accept(), write() and sbrk() but not strcpy() or malloc(). While I haven't done an strace on Apache-httpd I have done it on my own webserver and I find it hard to believe that Apache-httpd is as bad as the graph in the article implies. And given there's no text in the graph it's hard to check.
At it's simplest a HTTP response is: accept(); read(); open(); fstat(); write(); sendfile(); close(); close();. A lot of servers will set options like: FD_CLOEXEC, O_NONBLOCK, TCP_CORK and call shutdown() at the end. You can also easily blow a few more syscalls on config. options which don't do anything for the simplest case, but the graph implies 50-100.
The confusing thing, to me, is that if by "syscall" they meant something like "library calls" then I'd expect much more for Apache-httpd (as large bits of code are in libapr etc.) ... but the comparison is worthless then anyway.
ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
Windows is less sucure because more blimps are firing more laser beams at other blimps in its picture than in linux's picture. ??? Wouldn't the larger swarm of blimbs with more lasers make it more secure it has the better army?
Yeah, its Apache on Linux and IIS on Windows, but what about Apache on Windows. What are the system calls there. If they are about the same from Linux to Windows for Apache, then all this proves is that MS wrote a crappy Web server. But if there are more calls to be made with Apache on Windows, then I would say that Windows makes its programs do more system calls and possibly makes all programs more likely to be cracked into. But its not fair to put one program against another on different OSs, then say the OS is the problem.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
Obviously, the solution is to code everything as a single function. Then the graph will look very nice and tidy.
Twaddle. The report comes from a company that makes money selling security software for Windows. Scaremongering is good for their sales.
What would be interesting is an analysis of the types of system calls. What about a comparison of the functionality of IIS vs. Apache? Perhaps Windows provides some calls that Apache has had to implement in it's own application code. How many of those so called system calls trap in to the kernel?
This is just insubstantial FUD as far as I can see, backed up by indecipherable pictures.
In other words, number of system calls tells us nothing useful about security.
I think you'd have to resort to a lot of trickery, like stacking vertices on top of each other with zero-length edges, to make the Windows graph appear less complicated than the Linux one. Provided that you model them in the same way, it ought to be pretty apparent that one just has a lot more vertices and edges than the other, even if you did it in a multidimensional space.
Really, the graphs are just a way of artfully showing a simple fact, which is that Windows requires more system calls than Linux, to complete a particular task. If you assume that each system call is a potential vulnerability, and that less calls are inherently better and more secure, than the result is a foregone conclusion. But those are pretty big "ifs," and it seems like someone who was pro-Windows would do better to attack those premises, rather than trying to dispute the graph, if it's indeed representative of the true number of system calls.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This second image is of a Windows Server running IIS.
You are wrong.
http://blogs.zdnet.com/images/SysCallIIS.jpg 1. These are old
2. They have nothing to do with Linux vs Windows; they are Apache vs IIS
3. They are unlabeled, so they are only good for showing the difference between C (Apache) and C++ (IIS)
So this tells you that Apache is simpler than IIS, and C is simpler than C++.
The government can't save you.
The article says syscalls, not function calls. The difference between calling models has no relation to syscalls, which are between userland and kernel space.
More likely, the article shows the difference between Apache and IIS, on one side, and the glibc and however-it's-called windows' base library, on the other side.
I don't know what you're talking about. In TFA it's quite clear that the top graph is Apache on Linux, and the bottom is IIS on Windows, both serving the same page. So there are two factors (at least) between them, a different OS and a different webserver. It's not fair, as much as I'd like to, to attribute the increase in calls purely to the design of Windows -- that would only be possible if it was Apache vs. Apache (and even then, there would be other things to control for).
If you accept that more system calls are inherently bad, than the graphs might indicate that "IIS on Windows" is less secure than "Apache on Linux," but it says nothing about Apache on Windows, or Windows as a platform inherently.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Corporate Linux Fanboy: "As you can see here Gentlemen, the Linux web server has far less tubes going everywhere, which means the information travels a shorter distance through these tubes."
Board: "Oooohhh. Ahhhhh. Tubes..." *nod nod*
Corporate Linux Fanboy: "Now as we look at the Microsoft version of the same exact thing, you can see that the tubes snake every which way with no sense of order. Chaos ensues, and the tubes are tangled every which way. Obviously, less tubes means better."
Corporate Microsoft Fanboy: "Your Mom has more tubes!"
> This is just insubstantial FUD as far as I can see, backed up by indecipherable pictures
So your assertion is that an overhead road map of cities, such as New York, NY vs. Kalamazoo, MI, would be entirely useless in generalizing points of traffic congestion and points of traffic collisions?
Maybe you don't design operating systems (computer or civil), or, if you do, maybe you shouldn't.
the NPG electrode was replaced with carbon blac
I have prayed to the Flying Spaghetti Monster for guidance about these graphs, and yea, verily did He appear before me and said "What? No sauce?" Then he Frowned his Terrible Frown, and did drown my monitor in Parmesan, bellowing "Away, demons!" and vanished.
#1. Old news
#2. Apples and Oranges (IIS on Windows versus Apache on Linux? Which are we comparing?)
#3. Lack of detail: You can't see what system calls are really involved. No indication of configuration. No version numbers.
So that puts it in the realm of FUD, although the blogger does explain that its just a blog.
From my experience with Linux and Windows, the philosophical difference has to do with what is doing most of the work. In Windows a great deal of functionality is granted by the Windows API. As most programmers throughout the 90's know, Microsoft created their API around the functionality they needed for their own development, and then the rest of us had to buy the 'Secret' API manual with all the treats.
In Linux the Kernel where all those system calls go, is pretty limited compared to Windows. Where most functionality is added for developers is in shared libraries. Windows of course has the too, but its more a matter of where the real action is running. Is it in the kernel or in userspace. With Linux mostly its userspace, so there is less issues with software errors being capable of interfering with the machine itself. Still there are ways developers, especially of servers requiring some superuser priveleges (listening to ports under 1024) have provided security holes in basic interfaces (Sendmail and Bind for example). Still thats not reserved to Linux. Beyond that, we talk about the fact that Linux users don't run as root, but I have seen alot of irc session where the username of root is in the GID. So SOME folks do run as root. Whether the distributions now make that less necessary, that is also how Vista is going.
Apache is a bad project to compare other software too. It has been remarkably well developed both for stability and resisting sneaky security issues. Obviously one can muck up their configuration to reduce their security, but Apache itself (despite its initial moniker of being A patchy webserver) is a terrific example of well run coding projects.
IIS on the other hand is one of the posterchildren of security problems, with early versions not checking for navigation of parent directories, along with other trivial insecurites, based in some ways on permitting the developer to easily integrate IIS with other Microsoft tools.
So yes, IIS on Windows is more insecure than Apache on Linux. And Apache on Linux has always kicked IIS's ass in market share. I wonder if we compared Apache on Linux to Apache on Windows what we would find.
But IIS is probably one of their best products, and most secure as far as security bulletins go.
I think the rest has been covered ad nauseum, as far as C versus C++ procedure calls.
The price is always right if someone else is paying.
These pictures seem to show that IIS is much more tied in with the Windows OS than Apache is with the Linux OS.
I think that's credible, and that it illustrates that in case of Windows, the wider (and much more complicated) interface between applications and OS is real. I have no difficulty believing that this offers many more opportunities to compromise the OS, and hence is less secure.
but i think windows is clearly a more artistic operating system than linux
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
He said 'syscall' right?
[ pasted from http://en.wikipedia.org/wiki/Syscall ]
System calls often use a special CPU instruction which causes the processor to transfer control to more privileged code, as previously specified by the more privileged code. This allows the more privileged code to specify where it will be entered as well as important processor state at the time of entry.
When the system call is invoked, the program which invoked it is interrupted, and information needed to continue its execution later is saved. The processor then begins executing the higher privileged code, which, by examining processor state set by the less privileged code and/or its stack, determines what is being requested. When it is finished, it returns to the program, restoring the saved state, and the program continues executing.
[ end paste ]
So, forgive me.. I could just be naive; but what does C or C++ calling semantics / methods have anything to do with calls into the OS? Seems like you'd have to make the same calls regardless of the language that you use, or more to the point, that the calls represent the facilities that the OS has made available to you. Seems pretty language independent from my readings.
write to steveb@microsoft.com, I'm sure he'll let you have the video ;)
if this is supposed to be a new economy, how come they still want my old fashioned money?
KDE and Gnome developers also....lest XFCE surprise them both over time. More functionality is better, as long as the software is integrated in a sane way. The problem is functionality in the wrong places, not functionality itself. I think everyone here knows what harm the will to reduce functionality did to GNOME... (awaiting flames already
Except for the whole: "[T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."
RTFS: Read The Fucking Summary.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
If it were that unsecure, why would it have zealots in the first place? Why would anyone stick with it? What about all those secure apache servers out there?
Good protocol can secure bad encryption more easily than good encryption can help bad protocol.
The Sana Security diagrams show us just how bad the windows internal protocols really are. There is no securing this system with Digital Rights management or any other encryption scheme. Any security method placed on top of a such bad messaging protocols will fail miserably because even if the encryption or other security suite is perfect... windows isn't. And the system will be compromised by drilling down through windows... not through the security system.
What good is a bullet-proof pad lock if you put the combination on a yellow sticky note next to the lock itself?
[signature]
I dont know I would say it has *nothing* to do with Windows vs Linux.
It is a map of OS calls required to accomplish a task.
Your point is good, though, a better test would be apache on windows
versus apache on linux.
emt 377 emt 4
"If it were that unsecure, why would it have zealots in the first place?"
it's called money, as in, people make money from what they know about it, and lets face it, ms was just lucky, followed by having smart (for them) marketing practices, and finally, having good strong-arm tactics.
No they don't. They show *system calls*, into the kernel, not method or function calls within the user-space program. The language shouldn't make much difference at that level.
So, forgive me.. I could just be naive; but what does C or C++ calling semantics / methods have anything to do with calls into the OS?
/. of "I'm going to seem smart by discrediting the article, and the easiest way to do so is make something up without reading the article".
No, you're right, it has nothing to do with C/C++. The GP was just another example on
The enemies of Democracy are
As well as wanting to know what the nodes represent (system calls or procedure calls?), I'd like to know what the edges represent. Control flow? Data flow? What are they supposed to be?
This article is unbelievable, apparently presenting a conclusion that the writer doesn't understand, using meaningless data.
>north
You're an immobile computer, remember?
- or at least a Web server - is more efficient than Windows.
This explains why Linux server editions tested in the past tend to outperform Windows Server versions by a factor of two in number of users they can handle linearly.
They obviously are calling a hell of a lot less than Windows is.
And it's not clear that those Windows calls are really necessary. I suspect they are mostly redundant calls to multiple versions of the same code from multiple calling modules. This is a result of the size of the Microsoft development teams re-inventing each others code regularly with every new release of the OS. This is pretty clearly what is going on based on Jim Allchin's remarks two years ago about how Vista would "never" be done if they didn't change their development practices.
And it's the only thing that explains the millions of new lines of code in each new release of the OS, without a concomitant increase in OS capability. Vista has what, twenty million new lines of code? For what capability over XP - DRM? I doubt it.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
It seems clear which OS is preferred by the Flying Spaghetti Monster. I feel safe knowing that my web server is doing homage to His Noodly Goodness every time I refresh a page. After all, what is really going to help secure your site: a bunch of fancy-smancy kernel programmers or the divine protection of His noodly appendage?
The point is not perfectly on the mark, but it is not wholey off the mark either.
That's right. It's close enough to the mark that it looks like it's making a good point while masking the point that drawing any conclusions besides "this might be why Windows is less secure" is complete BS.
As to apache and iis as the choices, they have bearing in that apache will likely be the choice on linux, and iis will likely be the choice on windows.
Ahhhh, now might be a reasonable conclusion.
However, that's not what the article says. The article says "these graphs are why Windows is less secure", not "these graphs are why IIS/Windows is less secure than Apache/Linux" or even "this is why web servers on Windows are less secure than web servers on Linux."
And if iis has that much to do with the chart, then why is the graph *that* much more involved? Is it doing it's task inefficiently? Are the hooks for ASP or other things that numerous?
I don't know. It's not ASP, because they're serving the same page from both. At the same time, I can't imagine what all the additional system calls that Windows would need are either. Some investigation seems to indicate that the APIs are about the same, so why would you need more calls on one than the other?
The only other thing I can think of besides "IIS sucks" is that the Windows subsystem is making multiple syscalls for each library call. For instance, on a read or write the library hides the fact that sometimes not all the data is transfered by making multiple syscalls, while on Linux the kernel hides that fact. But this doesn't necessarily indicate a problem with Windows at all -- quite the contrary, it means that in that respect the Windows kernel is actually simpler because that logic moves to user space.
This actually makes a very good point. Some arguably secure coding styles (microkernels, for instance) involve a fantastic number of syscalls, as operations trampoline through kernel space.
On the other end of things, the way to get the fewest possible number of syscalls is to implement the entire web server in the kernel (in a single function, as the OP wrote). Then you just call the handle_http_request() syscall and walk away. This is, of course, the least secure and most dangerous possible way to implement a web server.
The only thing with which number of system calls actually correlates is request handling speed -- barring other performance issues, context switches take some amount of time, which is why microkernels typically have poor performance. Given the massively different software architectures involved, however, I would imagine that any important performance differences lie elsewhere.
Accept that IIS6 is more secure than Apache 2.x. Go to secunia.com and compare the two security records since 2003 (when IIS6 was released). IIS6 has had only three vulnerabilities since then, all minor, and all patch. During the same time period, Apache 2.x has had over 30 vunlerabilities, multiple them rated as "critical", and some are still unpatched today, and others are only partially patched.
So, not only does the article fail at attempting to say why Linux is more secure than windows, the example they use doesn't even show that apache is more secure than IIS.
-- "I never gave these stories much credence." - HAL 9000
I don't follow the argument that simple call graphs == simple functions. At the extremes you could argue that you can have a monster of a function that is a total of mess that doesn't call any other functions and has a simple call graph.
Knocking down straw men is fun.
My overall point is that a well factored program will more than likely have more function calls than a non-well factored one. If factoring a program better leads to better overall comprehensibility (and hence security according to a model), then these graphs might well imply the inverse.
My true belief is that call graphs won't provide a good data point for this type of analysis. I think program comprehensibility is tough analyze and requires a number of different metrics. Although Lisp is provably better than anything. Left as exercise to reader.
This is not Windows vs Linux, it is IIS vs. Apache. Where's the test running Apache on Windows?
(I can't believe I'm feeding a troll, but I couldn't let this just slip by.)
Wrong.
Linux uses standard encryption algorithms, just like Windows. 3DES and DSA are the same everywhere. Private keys are still private (Linus didn't pack his GPG key into the latest kernel source, if that's what you're thinking), and public keys public.
OSS isn't run on the Wiki model. All submissions to open-source projects are looked over and verified by the project maintainers. At least with OSS I don't have to worry about backdoors added by certain ill-intended Americans.
Wow! Shocking! A valid point! Not exactly a problem with Linux itself, though...
Yes, this can be a problem. Linux is good, but not perfect for everything. There are some things Windows just does better. The proper response is to fire these idiots. They'd do just as much damage administrating a Windows server
Really? You should let IBM know about this.
Prove it. I dare you to put a freshly installed M$ system and a freshly installed linux box side by side outside your firewall and see which gets pwned first. My last attempt the XP box lasted precisely 24 seconds. Try it, it will be an eye opener...
...of how NT-based Systems are misdesigned are the security design and implementation in general.
For example, to get the current SID (Security Identifier, "user id") of the current process on NT, one must:
* Open a handle to the current process
* With that handle, open a handle to the process token of the current process
* Call GetTokenInformation with a NULL pointer to query the length of the data it would return
* Allocate memory for a buffer receiving Token Information
* Call GetTokenInformation again with a pointer to that buffer
* Resolve a pointer in the data received to get the SID_AND_ATTRIBUTES structure
* Resolve a pointer in that structure to get the actual SID
The length of the SID is unknown, so to compare two ore more SIDs, one must use additional library functions
After using all that information, don't forget to close all the handles and to free the memory you've allocated.
NOW THE SAME THING ON UNIX:
uid_t myUID = getuid();
ONE line of code. Guess on what platform you can mess that up easier.
Or another example:
===================
As a privileged user, create a file in a certain directory.
On NT, you need SeTakeOwnership, SeRestore and SeBackup privileges.
You can't use existing applications, because CreateFile() / CreateFileEx() will fail, even when you have the privileges enabled. You have to write your own application, which uses the FILE_FLAG_BACKUP_SEMANTICS flag in these API calls, so the privileges will actually be used (well-designed operating systems use a unified method called privilege bracketing instead of different flags for every system call).
Now you could theoretically create the file regardless of the ACL, IF THE DIRECTORY ALREADY EXISTS.
If the directory does not exist, you have to create the directory first.
Unfortunately, CreateFile() / CreateFileEx() can OPEN directory handles, but you can't create directories using these APIs. But the API for creating directories does not have a FILE_FLAG_BACKUP_SEMANTICS flag, so the privileges are ignored, and you can't create the directory, if you don't have access because of the ACL of the parent directory.
So, what are you going to do?
One solution would be the following:
* Open a handle to the parent directory
* Backup the current security descriptor of the directory
* Initialize a new security descriptor for the directory
* Place your own SID into the security descriptor as owner (see above on how to get your SID, it's a lot of fun)
* Initialize a new empty discretionary access control list
* Initialize a new access control entry with your SID and a full-access permission
* Place the access control entry into the discretionary access control list
* Place the discretionary access control list into the security descriptor
* Write the new security descriptor to the directory
* Then CLOSE the handle and REOPEN the handle to the directory (with different access flags)
Now you can create the file. After you've done that, undo the operations above. If the program gets killed while you're doing that, you have messed up the ACL of the parent directory (because this method is not transaction-safe).
This is maybe the WORST API design I have ever seen.
If you want to do the exactly same thing on, for example, Solaris, you just enable file_dac_write and file_dac_search privileges (from the permitted privilege set into the effective privilege set), create the directory using mkdir() and the file using creat().
No need to write your own program, Solaris has utility programs to let you change the privileges of your shell. Even if you write your own program, privilege bracketing is much easier on Solaris than on NT, although the Solaris privilege model is much more powerful than the one of NT.
=============
There are numerous examples of that sort.
This is why I am totally convinced that NT is a poorly designed operating system. There is no unified API. One system call works c
1) Interestingly enough, the grandparent post was a Linux troll, and you responded about MS.
2) Whether or not you like MS (and i don't really, though i grudgingly call them useful at times) they weren't really lucky. They seized opportunities others didn't see, capitalized on other's mistakes, relentlessly focussed on how to usurp their competitors and steal their customers, saw the value of network effects and also leverage their dominance in one area to another. None of it was real luck. Though he likes to think of himself as a technical genius (which i don't really) Bill Gates really is a business genius, a true shark amongst techs without business acumen, and used it to amass a huge fortune.
MS strongarm tactics require them to have a market dominance in some field. At one time, MS was just another company, smaller than Lotus and others. Yet they grew to where they now can use strongarm tactics. They bought code from others, polished it, made it work together very well (to the exclusion of others) and make a lot of money from that.
As far as marketing, their consumer marketing really sucks. Seeing an ad saying "WOW" really isn't making me want to buy Vista. The dinosaur ads really don't make me want to buy Office.
If the Linux desktop is to succeed, they will need to take an honest look at how MS succeeded, and how to counter that. When MS saw a market dominated by a competitor (Lotus) they looked at every reason why someone would stay with Lotus and came up witha counter, when most Linux geeks look at MS market dominance, they say "luck" or "marketing" and just sit and wait for people to somehow realize Linux is technically better and then sit and wait until everybody switches.