See your link here
Windows+IIS vs. Linux+Apache (and baby vs. baby)
3 commentsHoly weblog observations, Batman! It's IT Blogwatch, in which it's "proven" than Windows+IIS is less secure than Linux+Apache. Not to mention the site that asks, "Which baby is cuter?"...
Richard Stiennon nails his colors to the mast: "Windows is inherently harder to secure than Linux. There I said it. The simple truth. Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture ... The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications." [Here are the two images: Linux+Apache, Windows+IIS]
» Kent Newsome: "Imagine a house on which you add new rooms and wings every year or so. Eventually, there are so many windows and doors that anyone who tries can find a way in and the original burglar alarm isn't equipped to handle all the new stuff. That's probably a good way to think of the Windows security issues. That, of course, and the fact that everyone lives in houses, so the crooks know that's where the goods are kept. If everyone lived in trees, the crooks would focus on trees. In other words, the fact that most people use Windows means that the virus and spyware writers focus on Windows ... The smart choice may be Linux, but clearly the easy choice is Windows. In that race, I generally put my money on easy. When forced to choose between safe in a tree or vulnerable in a house, most people pick the house. Even if the tree is cooler."
» Google Ninja: "This does not necessarily mean that windows is less secure (the argument posted on that blog really isn't being objective.) What it does mean is that internally, windows is exponentially more complex then linux. that can be a good or bad thing, for example, adobe photoshop is far more complex then ms paint, but it also does so much more." To which Stiennon himself comments: "If one application required more system calls to perform exactly the same task I would call that application more complex and more prone to bugs. That is not to say that Adobe couldn't spend more on QA and patching. But they are bearing the burdon of a system that is more expensive to perfect. ( And something tells me that MSPaint would probably be less efficient anyway.)"
» Jonathan Hudson: "If a picture paints a thousand words ... How many words do two pictures paint ? 2×1000, 1000×1000, 1000^1000? Every so often we see Linux v A.N.Other OS security comparisons ... Look at the first [image] and think 'that's pretty complex'; then the second -- 'that's insane'."
» Caskey L. Dickson gives a deliberately concise treatment: "IIS on Win32 is simply a bad engineering choice when it comes to security. Every system call, every transition across the user/operating system boundary is an opportunity for the userspace program to exploit a potentially unknown hole in the underlying O/S. Why someone would choose to use an environment like this one is beyond me."
» Kris Wehner asks, "What hath god wrought? ... as a professional developer, I can't tell what the heck the graph is trying to show, but it sure looks complicated. The original writer is talking about the security implications of the complexity of the system, but what struck me most was the raw complexity of the system ... guess the point being, Microsoft is historically not a YAGNI sort of shop." [That's You Ain't Gonna Need It]
» Mel writes from Petaling Jaya, Malaysia: "IIS is significantly less secure than apache, and windows is obviously less secure than linux (or other *nixes), but we all know that already. the zen-like unix philosophy produces better and secure (and beautiful - code-wise) software than the mark twainish 'putting windows on every desktop in every home'."
Buffer overflow:
- James Kendrick: Two interesting new cell phone technologies
- Roman Strobl: NetBeans "out-of-the-boxness" vs. Plug-ins and Community Needs
- Robert Baillie: Measuring Performance
- Bruce Eckel: Grokking Twisted
- Gizmodo: Lucent Files Suit Against Microsoft Over Xbox 360
- Jeff Boles: Windows R2 File Servers - what's MS telling us about storage?
- Alex Scoble: Unplugging peripherals while computer is on
- Mitch Betts: Innovation: Does it really matter or is it just a fuzzy buzzword?
- Jerri Ledford: Google Analytics: Site Stats on Steroids
- Martin MC Brown: Converting your normal phone to Skype
- CJ Kelly: The demise of responsible disclosure
- John Monaghan: IT Management, just keep it under the radar
- Martin McKeay: Political Action Committee for geeks
- Eric Ogren: Spamming spins the disk
- Shark Tank: Timing is everything
- Douglas Schweitzer: End-to-End wireless security
And finally... Baby vs. Baby [hat tip: b3ta]
Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.
Print
Email this
Digg this
