Linked by Thom Holwerda on Fri 14th Apr 2006 21:31 UTC, submitted by Dylan
Privacy, Security, Encryption "Windows has grown so complicated that it is harder to secure. Well, these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications."
Thread beginning with comment 115066
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Leap of logic
by Robert Escue on Sat 15th Apr 2006 11:25 UTC in reply to "RE[2]: Leap of logic"
Robert Escue
Member since:
2005-07-08

Let's not confuse the issue with facts, it's such a nice troll piece we wouldn't want to ruin it with publishing actual facts!

Reply Parent Score: 0

RE[4]: Leap of logic
by segedunum on Sat 15th Apr 2006 15:33 in reply to "RE[3]: Leap of logic"
segedunum Member since:
2005-07-06

Let's not confuse the issue with facts, it's such a nice troll piece...

Call it what you like, but it isn't a trolling. Feel free to look up the definition some time.

As Rayiner has already pointed out, complexity is quite a good estimator for vulnerability. It's not hard and fast, but there is a definite correllation which proves to be true in Microsoft's case. In Windows' (and IIS') case, a lot of that complexity is absolutely needless because you only need to look at what it does from a functional perspective and then compare with other systems.

There is already a reservoir of information out there as to how Windows and Microsoft software are less secure (can't even believe that is still being discussed), but this at least tries to fill in a small gap as to one of the reasons why.

Reply Parent Score: 1

RE[5]: Leap of logic
by Robert Escue on Sat 15th Apr 2006 15:44 in reply to "RE[4]: Leap of logic"
Robert Escue Member since:
2005-07-08

And I pointed out more than once that the piece is a troll since it contains ZERO documentation as to how any part of the test was conducted, how the systems used in the test were built, etc and used the standard Microsoft is insecure argument with nothing to back it up. The images are useless since there is no information about what is being displayed.

So maybe you and Raynier can enlighten the rest of us as to what system calls are being made and by what on those images?

Reply Parent Score: 1

RE[5]: Leap of logic
by sappyvcv on Sat 15th Apr 2006 15:55 in reply to "RE[4]: Leap of logic"
sappyvcv Member since:
2005-07-06

But is he using IIS6? If he is, then it's NOT true in Microsoft's case, as IIS6 has very few known flaws.

Reply Parent Score: 1