Graph of Linux Vs. Windows System Calls 302
cgrayson recommends Richard Stiennon's blog on ZDNet — a post titled Why Windows is less secure than Linux shows a compelling graphical comparison between system calls on the two operating systems. The blogger tips Sana Security for the images. Quoting: "In its long evolution, Windows has grown so complicated that it is harder to secure... [T]hese images... are a complete map of the system calls that occur when a web server serves up [the same] single page of [HTML] with a single picture."
Linux developers should take note.... (Score:2, Interesting)
KDE and Gnome developers also....lest XFCE surprise them both over time.
Unavoidable. (Score:5, Interesting)
Really, the graphs are just a way of artfully showing a simple fact, which is that Windows requires more system calls than Linux, to complete a particular task. If you assume that each system call is a potential vulnerability, and that less calls are inherently better and more secure, than the result is a foregone conclusion. But those are pretty big "ifs," and it seems like someone who was pro-Windows would do better to attack those premises, rather than trying to dispute the graph, if it's indeed representative of the true number of system calls.
More importantly these graphs show how Linux (Score:4, Interesting)
This explains why Linux server editions tested in the past tend to outperform Windows Server versions by a factor of two in number of users they can handle linearly.
They obviously are calling a hell of a lot less than Windows is.
And it's not clear that those Windows calls are really necessary. I suspect they are mostly redundant calls to multiple versions of the same code from multiple calling modules. This is a result of the size of the Microsoft development teams re-inventing each others code regularly with every new release of the OS. This is pretty clearly what is going on based on Jim Allchin's remarks two years ago about how Vista would "never" be done if they didn't change their development practices.
And it's the only thing that explains the millions of new lines of code in each new release of the OS, without a concomitant increase in OS capability. Vista has what, twenty million new lines of code? For what capability over XP - DRM? I doubt it.
Re:FUD? (Score:4, Interesting)
OK, but shouldn't that make a Unix syscall interface even more messy? After all, it was created thirty-five years ago.
On the other hand, you might want to count each ioctl and each read(2) or write(2) of different character devices as separate system calls ...
Re:Linux developers should take note.... (Score:2, Interesting)
On the other end of things, the way to get the fewest possible number of syscalls is to implement the entire web server in the kernel (in a single function, as the OP wrote). Then you just call the handle_http_request() syscall and walk away. This is, of course, the least secure and most dangerous possible way to implement a web server.
The only thing with which number of system calls actually correlates is request handling speed -- barring other performance issues, context switches take some amount of time, which is why microkernels typically have poor performance. Given the massively different software architectures involved, however, I would imagine that any important performance differences lie elsewhere.
IIS is more secure than is Apache (Score:3, Interesting)
So, not only does the article fail at attempting to say why Linux is more secure than windows, the example they use doesn't even show that apache is more secure than IIS.
Re:A *truly* inconvenient truth (Score:1, Interesting)