Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graph of Linux Vs. Windows System Calls

Posted by kdawson on from the linguini-or-angel-hair dept.

cgrayson recommends Richard Stiennon's blog on ZDNet — a post titled Why Windows is less secure than Linux shows a compelling graphical comparison between system calls on the two operating systems. The blogger tips Sana Security for the images. Quoting: "In its long evolution, Windows has grown so complicated that it is harder to secure... [T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."

14 of 302 comments (clear)

  1. Looks good. by bradsenff · · Score: 5, Funny

    Those pictures look great.

    Suddenly I am hungry for spaghetti.

    mmmMmm Food.

    Damn. Windows *is* evil. It is making me fat!

    1. Re:Looks good. by HomelessInLaJolla · · Score: 5, Insightful

      I just happened to think: Do you suppose it would be possible to refactor the Windows graph to make it look less tangled, or refactor the Linux graph to make it look more tangled? Imagine the graphs in 3-D space and being able to rotate around them or even view them from inside looking out in different directions. The concept is similar to adjusting the axes in the same manner as logarithmic paper can make some plots look like straight lines (once that concept is recognized then the math can become infinitely complex for defining the axes).

      To be perfectly fair: How do we know that the researcher who created the graphs optimized both for clean and concise 2-D layout?

      In response to my own question: No matter how you want to change the visualization the Linux graph looks to have far fewer multiple source intersection points and a larger prevalence of straight line heirarchical structure.

      --
      the NPG electrode was replaced with carbon blac
    2. Re:Looks good. by nberardi · · Score: 5, Insightful

      This shouldn't be titled why Windows is less secure than Linux. If the author actually had an integrity or an understanding of what he was writing about it should be title why IIS is less secure than Apache. Because I bet Apache running on Windows looks very close to the Apache running on Linux. Mostly because the Apache team has an excellent set of developers.

      This blogger should be shunned out of the internet world as a worthless hack.

    3. Re:Looks good. by Thrip · · Score: 5, Funny

      I just happened to think: Do you suppose it would be possible to refactor the Windows graph to make it look less tangled ...? Yes. The easiest way would be to throw out the Windows code base and start over with a set of competent programmers, then regenerate the graph.
      --
      I'm awake! The answer is BONK!
  2. nice pics by Anonymous Coward · · Score: 5, Funny

    what can I say? I'm impressed, you can click on the larger images and still not see a god damn thing

  3. Old and Pointless News by garcia · · Score: 5, Insightful

    The article is dated April 14th, 2006. Nice.

    The photos are completely unreadable and mean absolutely nothing. Let's see the entire graph with labels so that we can know exactly what's going on during the calls. From that graph, for all we know, we could be looking at more than what they claim.

  4. I call FUD by LighterShadeOfBlack · · Score: 5, Insightful

    Comparing the complexity of system calls made by two different programs on two different OSes and then using that solely to judge the two differing OSes seems like an astoundingly flawed comparison. Seeing as Apache runs on Linux and Windows it seems pretty obvious that they should've used at least used the same program to make this comparison even slightly relevant.

    I'm not saying Windows isn't worse than Linux in this respect, just that this article proves nothing.

    --
    Spelling mistakes, grammatical errors, and stupid comments are intentional.
  5. Re:Pudding graph by j00r0m4nc3r · · Score: 5, Insightful

    Well, not only that, but it has nothing to do with Windows and Linux. More like, Apache and IIS. You could run Apache on your Windows box, which I'm sure LOTS of people do.

  6. Very suspicious of what "syscall" means here. by Nevyn · · Score: 5, Insightful

    The normal usage of syscall is something that has to transfer control to the system, from your program. Things like accept(), write() and sbrk() but not strcpy() or malloc(). While I haven't done an strace on Apache-httpd I have done it on my own webserver and I find it hard to believe that Apache-httpd is as bad as the graph in the article implies. And given there's no text in the graph it's hard to check.

    At it's simplest a HTTP response is: accept(); read(); open(); fstat(); write(); sendfile(); close(); close();. A lot of servers will set options like: FD_CLOEXEC, O_NONBLOCK, TCP_CORK and call shutdown() at the end. You can also easily blow a few more syscalls on config. options which don't do anything for the simplest case, but the graph implies 50-100.

    The confusing thing, to me, is that if by "syscall" they meant something like "library calls" then I'd expect much more for Apache-httpd (as large bits of code are in libapr etc.) ... but the comparison is worthless then anyway.

    --
    ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
  7. Re:Linux developers should take note.... by Fred+Ferrigno · · Score: 5, Funny

    Obviously, the solution is to code everything as a single function. Then the graph will look very nice and tidy.

  8. Unavoidable. by Kadin2048 · · Score: 5, Interesting

    I think you'd have to resort to a lot of trickery, like stacking vertices on top of each other with zero-length edges, to make the Windows graph appear less complicated than the Linux one. Provided that you model them in the same way, it ought to be pretty apparent that one just has a lot more vertices and edges than the other, even if you did it in a multidimensional space.

    Really, the graphs are just a way of artfully showing a simple fact, which is that Windows requires more system calls than Linux, to complete a particular task. If you assume that each system call is a potential vulnerability, and that less calls are inherently better and more secure, than the result is a foregone conclusion. But those are pretty big "ifs," and it seems like someone who was pro-Windows would do better to attack those premises, rather than trying to dispute the graph, if it's indeed representative of the true number of system calls.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  9. Re:Poster? by letxa2000 · · Score: 5, Insightful

    Not defending Windows security, but it's entirely possible that the graphical depiction is not "optimized" so that it intentionally looks like spaghetti. It's hard to see what's going on with the resolution given, but some of the call "bubbles" seem to be unnecessarily placed far away from whatever called them with a long strand of spaghetti between them. This isn't necessarily an indication of spaghetti or bad design, but a bad graphical depiction. Also, just because lots of places make a call to the same API (which causes the graph to look like spaghetti) does not mean bad design--to the contrary, it can be very good design.

    I hate Windows as much as the next guy, but I'm not sure this is really a good case for why.

  10. Re:Pudding graph by hangareighteen · · Score: 5, Insightful

    He said 'syscall' right?

    [ pasted from http://en.wikipedia.org/wiki/Syscall ]
    System calls often use a special CPU instruction which causes the processor to transfer control to more privileged code, as previously specified by the more privileged code. This allows the more privileged code to specify where it will be entered as well as important processor state at the time of entry.
    When the system call is invoked, the program which invoked it is interrupted, and information needed to continue its execution later is saved. The processor then begins executing the higher privileged code, which, by examining processor state set by the less privileged code and/or its stack, determines what is being requested. When it is finished, it returns to the program, restoring the saved state, and the program continues executing.
    [ end paste ]

    So, forgive me.. I could just be naive; but what does C or C++ calling semantics / methods have anything to do with calls into the OS? Seems like you'd have to make the same calls regardless of the language that you use, or more to the point, that the calls represent the facilities that the OS has made available to you. Seems pretty language independent from my readings.

  11. Re:Vista by Fnord666 · · Score: 5, Funny

    Where is the Vista version?
    They're waiting for additional funding for the ink.
    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables