Linked by Thom Holwerda on Fri 14th Apr 2006 21:31 UTC, submitted by Dylan
Privacy, Security, Encryption "Windows has grown so complicated that it is harder to secure. Well, these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications."
Thread beginning with comment 115095
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Leap of logic
by segedunum on Sat 15th Apr 2006 15:33 UTC in reply to "RE[3]: Leap of logic"
segedunum
Member since:
2005-07-06

Let's not confuse the issue with facts, it's such a nice troll piece...

Call it what you like, but it isn't a trolling. Feel free to look up the definition some time.

As Rayiner has already pointed out, complexity is quite a good estimator for vulnerability. It's not hard and fast, but there is a definite correllation which proves to be true in Microsoft's case. In Windows' (and IIS') case, a lot of that complexity is absolutely needless because you only need to look at what it does from a functional perspective and then compare with other systems.

There is already a reservoir of information out there as to how Windows and Microsoft software are less secure (can't even believe that is still being discussed), but this at least tries to fill in a small gap as to one of the reasons why.

Reply Parent Score: 1

RE[5]: Leap of logic
by Robert Escue on Sat 15th Apr 2006 15:44 in reply to "RE[4]: Leap of logic"
Robert Escue Member since:
2005-07-08

And I pointed out more than once that the piece is a troll since it contains ZERO documentation as to how any part of the test was conducted, how the systems used in the test were built, etc and used the standard Microsoft is insecure argument with nothing to back it up. The images are useless since there is no information about what is being displayed.

So maybe you and Raynier can enlighten the rest of us as to what system calls are being made and by what on those images?

Reply Parent Score: 1

RE[6]: Leap of logic
by segedunum on Sat 15th Apr 2006 20:44 in reply to "RE[5]: Leap of logic"
segedunum Member since:
2005-07-06

And I pointed out more than once that the piece is a troll since it contains ZERO documentation as to how any part of the test was conducted

It is not a troll. As mentioned, look up the definition.

There was no test conducted, so I don't know where you get that from. Look at the Apache diagram, and then look at the IIS diagram. This is additional information as a supplement to about seventeen thousand other studies and tests that have been conducted, and peoples' own experiences about what software causes most problems.

In addition to this, does the author then have to reproduce evidence and test conditions from every other study and test conducted just because people like you have a memory like a goldfish, or more likely, just don't want to see it?

Reply Parent Score: 1

RE[5]: Leap of logic
by sappyvcv on Sat 15th Apr 2006 15:55 in reply to "RE[4]: Leap of logic"
sappyvcv Member since:
2005-07-06

But is he using IIS6? If he is, then it's NOT true in Microsoft's case, as IIS6 has very few known flaws.

Reply Parent Score: 1