Windows Less Secure Than Linux?


Recommended Posts

Interesting article. I'm not an engineer or a windows expert for that matter. The pictures are intriguing. What do you think about the statements made in the article jcl, iccaros? Is it true that windows is harder to secure? I think windows is harder to secure, but, I'm very biased in favour of Linux.

link to article

Link to post
Share on other sites
The pictures are intriguing.

Unfortunately that's exactly what they are: intriguing. The article doesn't explain what the graphs represent ("system calls" is pretty damn vague) and the labels on the nodes (I assume those bars are labels) are illegible.

What do you think about the statements made in the article jcl, iccaros?

I think it's a troll. Unintentional, perhaps, but a troll nonetheless.

Edited by jcl
Link to post
Share on other sites
Interesting article. I'm not an engineer or a windows expert for that matter. The pictures are intriguing. What do you think about the statements made in the article jcl, iccaros? Is it true that windows is harder to secure? I think windows is harder to secure, but, I'm very biased in favour of Linux.

link to article

heheh .... great way to start a blood war... :)

I feel windows is not secured because 1) a MCSE does not teach best security methods (I have two of them.. one for NT4 and one for Windows 2000), it teaches best way to sell your management people on Windows.

I have meet lots of MCSE's who really know nothing about computers.. they know the key words.. maybe even build a computer, but when it comes to the guts, what the kernel does at boot, do they know windows does not ask for an address until you login, do they know that a windows network mount is in user space and as such is really hard to write programs to use mounts.

its knowledge that keeps a system secure, its understanding connections and the flow of events. most Windows Administrators really have no clue (I have to say the same for most Government UNIX Administrators as they only know the few task they do at work)

It rare to find people who really understand and know the windows system, I have found windows admins who can make windows do anything they want, but not understand simple concepts, like terminal services is a gaping hole and needs to be secured behind firewalls.

windows in its goal to become simple for anyone to use, has become harder to secure. Mac OSX is in the same boat. While most Mac installs are safe, have them put them up as web server, and see how many Mac users assume that the system is already secure and not do the homework and test to make sure..

when was the last time at anyones work, did they do penetration test. when did anyone say, we cant use active X or windows host scripting on a web server?? its a path to the system...

never ah...

the complexity of IIS is because its it so tightly interwoven into the OS, apache rides on top of a OS, IIS is stitched into the heart when installed. also I believe Visual studio is to blame for some of this, its easy ... anyone can write code... great tool when used correctly, but too easy to write crap code.

my two cents...

Link to post
Share on other sites

The pictures are intriguing.

Unfortunately that's exactly what they are: intriguing. The article doesn't explain what the graphs represent ("system calls" is pretty damn vague) and the labels on the nodes (I assume those bars are labels) are illegible.

What do you think about the statements made in the article jcl, iccaros?

I think it's a troll. Unintentional, perhaps, but a troll nonetheless.

Thanks, jcl. I'm also a bit curious about the credentials of the writer. This is posted as a blog, but, does not shed a lot of information on the background, knowledge base of the OP. This article is linked to from osnew.com.

I like the system call pictures, but, like you don't fully understand what they mean. Interesting stuff:-)

Link to post
Share on other sites

Interesting article. I'm not an engineer or a windows expert for that matter. The pictures are intriguing. What do you think about the statements made in the article jcl, iccaros? Is it true that windows is harder to secure? I think windows is harder to secure, but, I'm very biased in favour of Linux.

link to article

heheh .... great way to start a blood war... :)

I feel windows is not secured because 1) a MCSE does not teach best security methods (I have two of them.. one for NT4 and one for Windows 2000), it teaches best way to sell your management people on Windows.

I have meet lots of MCSE's who really know nothing about computers.. they know the key words.. maybe even build a computer, but when it comes to the guts, what the kernel does at boot, do they know windows does not ask for an address until you login, do they know that a windows network mount is in user space and as such is really hard to write programs to use mounts.

its knowledge that keeps a system secure, its understanding connections and the flow of events. most Windows Administrators really have no clue (I have to say the same for most Government UNIX Administrators as they only know the few task they do at work)

It rare to find people who really understand and know the windows system, I have found windows admins who can make windows do anything they want, but not understand simple concepts, like terminal services is a gaping hole and needs to be secured behind firewalls.

windows in its goal to become simple for anyone to use, has become harder to secure. Mac OSX is in the same boat. While most Mac installs are safe, have them put them up as web server, and see how many Mac users assume that the system is already secure and not do the homework and test to make sure..

when was the last time at anyones work, did they do penetration test. when did anyone say, we cant use active X or windows host scripting on a web server?? its a path to the system...

never ah...

the complexity of IIS is because its it so tightly interwoven into the OS, apache rides on top of a OS, IIS is stitched into the heart when installed. also I believe Visual studio is to blame for some of this, its easy ... anyone can write code... great tool when used correctly, but too easy to write crap code.

my two cents...

Heh-heh, Yes, iccaros that's why I didn't post this in the windows section of the forum. I have respect for the windows experts and don't want to seem like a troll. I don't want to start a blood war.

Thank you very much for your reply, iccaros. I really like hearing what master users like you and jcl think! :thumbsup:

It is very interesting to hear your point of view as a sysadmin. As a casual Linux hobbyist I'm not aware of a lot of the deeper issues.

I agree with your point of view about windows. I was not aware that OS X needed work to be ready to be a web server. I like your thoughts about doing security tests on your servers, penetration tests, and determining that your servers are indeed bullet proof. You are saying that sysadmins should battle test their network and not assume that everything is secure. That makes sense to me.

Very cool stuff, iccaros :D

Link to post
Share on other sites

Any OS improperly setup and used is insecure. The normal users are the ones at risk. You can take someone new to Linux, Mac and Windows unknowingly run a system open to attacks. I am not a true expert on any OS, but I can state none of my Windows PCs have ever been crippled due to outside forces in the past 6 years. That's not bad for someone who has only used a computer since 1998. Of course I haven't surfed for cracks, warez, and other such programs since 2000. The only Linux OS besides Live CD versions I have tried were Mandrake 8.1. I gave up on that after being chased out of the Linux forum at TechTV with the constant read the FAQ demand. :D

Just as browsers, no operating system is more secure than another in the hands of someone ignorant in the setup and safe use of it.

Edited by TheTerrorist_75
Link to post
Share on other sites
That's not bad for someone who has only used a computer since 1998.

I got you beat in that area. I just started using the computer in November of 2002(day after thanksgiving day sale). I took to it like an obsession.

Edited by shanenin
Link to post
Share on other sites
Any OS improperly setup and used is insecure. .

Agreed! Well-said! :thumbsup:

I've been using computers, windows and macs for 10-15 years. I remember the excitement of being on dial-up, 14.4 with Netscape 1.0. Netscape 3.04 seemed like the perfect browser at the time. I've used Linux for a little under four years. I'm no expert, but, a Linux hobbyist who likes to play with different OSs.

Link to post
Share on other sites
Thanks, jcl. I'm also a bit curious about the credentials of the writer. This is posted as a blog, but, does not shed a lot of information on the background, knowledge base of the OP.

His background looks okay. His ZD bio doesn't hint at any actual qualifications but that's not unusual. But we're treading close to argumentum ad hominem. His credentials are irrelevant to his argument.

Like I said, it could have been unintentionally trollish, a valid point compromised by a terrible presentation. Except... his comments about system calls, memory access, and buffer overflows are weird. Not really wrong but weird. It could be because he's writing for a layman audience I suppose.

This article is linked to from osnew.com.

It was the response from OSNews that inspired me to call it a troll. The comments there read like the reaction to a successful troll.

Edited by jcl
Link to post
Share on other sites
It was the response from OSNews that inspired me to call it a troll. The comments there read like the reaction to a successful troll.

Yes, I read those comments too at osnews.com, they were very animated indeed. If he is a troll he certainly riled them up and accomplished his goal.

Link to post
Share on other sites

Bored. strace'd Apache serving my (tiny) home page. Comments in brackets. Still don't understand his graphs.

  1. <accept resumed>
  2. getsockname
  3. fcntl64 [get socket flags]
  4. fcntl64 [set socket non-blocking]
  5. read [failed read on socket]
  6. poll [wait on socket]
  7. read [read on socket, get the HTTP request]
  8. gettimeofday
  9. open [/etc/passwd]
  10. fcntl64 [get /etc/passwd close-on-exec flag]
  11. fcntl64 [set /etc/passwd close-on-exec flag]
  12. _llseek [no-op]
  13. fstat64 [get /etc/passwd status]
  14. mmap2 [mmap /etc/passwd]
  15. _llseek [seek in /etc/passwd]
  16. munmap [unmap /etc/passwd]
  17. close [/etc/passwd]
  18. stat64 [stat index.html]
  19. open [.htaccess]
  20. fstat64 [.htaccess]
  21. read [.htaccess]
  22. read [.htaccess]
  23. close [.htaccess]
  24. lstat64 [index.html]
  25. open [/etc/passwd]
  26. fcntl64 [get /etc/passwd close-on-exec flag]
  27. fcntl64 [set /etc/passwd close-on-exec flag]
  28. _llseek [/etc/passwd]
  29. fstat64 [/etc/passwd]
  30. mmap2 [/etc/passwd]
  31. _llseek [/etc/passwd]
  32. munmap [/etc/passwd]
  33. close [/etc/passwd]
  34. open [index.html]
  35. mmap2 [index.html]
  36. writev [write HTTP headers + contents of index.html to socket]
  37. munmap [index.html]
  38. read [failed read on socket]
  39. write [log, I think]
  40. close [/etc/passwd again?]
  41. poll [wait on socket]
  42. read [favicon request]
  43. gettimeofday
  44. stat64 [favicon isn't at /var/www/favicon...]
  45. lstat64 [...walking /var...]
  46. lstat64 [.../var/www...]
  47. lstat64 [...and the favicon still isn't at /var/www/favicon.ico]
  48. open [/var/www]
  49. fstat64 [/var/www]
  50. fcntl64 [get /var/www close-on-exec]
  51. getdents64 [read /var/www, still looking for /var/www/favicon.ico?]
  52. getdents64 [finish reading]
  53. close [/var/www]
  54. gettimeofday
  55. write [log again, I think]
  56. writev [socket, 404 on the favicon]
  57. read [failed read on socket]
  58. write [log]
  59. poll [waiting on socket, stopped strace'ing here because the connection will linger for a while]

Extra credit if you can see the big userspace function call. Double extra credit if you can guess which function it is.

Aside: Super fun "Apache spawns 47 processes to be a PITA" strace invocation:

$ ps auxc | grep apache | awk '{print $2}' | xargs -n 1 echo -p | xargs sudo strace -o trace

Edited by jcl
Link to post
Share on other sites

I see a lot of file systems stuff and writing to sockets, are you talking about read,close ,open,fcntl64, write,mmap2

are all user space kernel calls.. and why you should create a user with no shell that runs apache.

with fcntl64 are you running perl or PHP?

Link to post
Share on other sites

And here's IIS 5.1 on WinXP. Fewer comments because the NT syscall interface isn't well-documented and I'm not set up for debugging.

  1. <coming out of NtWaitForSingleObject>
  2. NtQueryInformationToken
  3. NtSetInformationThread [switching impersonated user, similar to su'ing to different user]
  4. NtQueryAttributesFile [file attr for /]
  5. NtCreateFile [open /]
  6. NtQuerySecurityObject [on /, getting required buffer size]
  7. NtQuerySecurityObject [on /, with buffer]
  8. NtQueryVolumeInformationFile [on /]
  9. NtQueryInformationFile [on /]
  10. NtSetInformationThread [switching impersonated user]
  11. NtQueryInformationToken
  12. NtSetInformationThread [switching impersonated user]
  13. NtCreateFile [open /default.htm, doesn't exist]
  14. NtSetInformationThread [switching impersonated user]
  15. NtQueryInformationToken
  16. NtSetInformationThread [switching impersonated user]
  17. NtCreateFile [open /default.asp, also doesn't exist]
  18. NtSetInformationThread [switching impersonated user]
  19. NtQueryInformationToken
  20. NtSetInformationThread [switching impersonated user]
  21. NtCreateFile [open /index.htm]
  22. NtQuerySecurityObject [/index.htm, checking required buffer size]
  23. NtQuerySecurityObject [/index.htm, with buffer]
  24. NtQueryVolumeInformationFile [/index.htm]
  25. NtQueryInformationFile [/index.htm]
  26. NtSetInformationThread [switching impersonated user]
  27. NtClose [/index.htm]
  28. NtClose [/]
  29. NtQueryInformationToken
  30. NtSetInformationThread [switching impersonated user]
  31. NtCreateFile [/index.htm]
  32. NtQuerySecurityObject [/index.htm, checking required buffer size]
  33. NtQuerySecurityObject [/index.htm, with buffer]
  34. NtQueryVolumeInformationFile [/index.htm]
  35. NtQueryInformationFile [/index.htm]
  36. NtSetInformationThread [switching impersonated user]
  37. NtQueryInformationToken
  38. NtSetInformationThread [switching impersonated user]
  39. NtSetInformationThread [switching impersonated user]
  40. NtDeviceIoControlFile [i think this is initiating an I/O op...]
  41. NtRemoveIoCompletion [...that's completed here]
  42. NtClose [/index.htm]
  43. NtFlushVirtualMemory
  44. NtDeviceIoControlFile [same as above...]
  45. NtRemoveIoCompletion [...and again]

That's 14 fewer system calls than Apache and one more entry point. Around 22 of the 45 syscalls are related to security. It's possible that there's more happening here -- maybe a kernel-mode subsystem that didn't show up in the trace -- but it looks pretty good.

Edited by jcl
Link to post
Share on other sites
I see a lot of file systems stuff and writing to sockets, are you talking about read,close ,open,fcntl64, write,mmap2

You mean the "big userspace function call"? I meant the two identical sequences at lines 9-17 and 25-33. Looks like one of the libc passwd functions.

with fcntl64 are you running perl or PHP?

That's just Apache fiddling with file descriptors. It's a static page in no-scripting directory.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...