Why Windows is less secure than Linux | Threat Chaos | ZDNet.com
Ever wondered why impartial experts claim Windows is more difficult to secure? (Not less secure, more difficult to secure. Don’t flame me.) This article uses diagrams to graphically illustrate the answer. In short, a Windows+IIS combination is more internally complex and therefore, offers more potential points of failure.
Why Windows is less secure than Linux | Threat Chaos | ZDNet.com by Stephan Sokolow is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
As I pointed out, this seems to be more of an indictment of IIS than Windows. IIS is known for being a really, really bad web server. Microsoft had to rewrite it from scratch in their last iteration, IIRC, because it was so bad in previous iterations. The fundamental point still stands that Windows is more complicated, but I don’t think this blog post makes that case.
An interesting contrast would be to see a third diagram, namely one that shows the system call behaviour when one serves up the very same web pages on an instance of Apache running on Windows.
That would drop out differences having to do with IIS, and show what Windows does when presented with what *ought* to be a similar set of OS requests.
In principle, that might be more of a direct “OS versus OS” comparison.
Although the Byzantine linkages between IIS and Win32 is very interesting to observe…
Both good points. As your comments make good counterpoints, I’ll leave this post as it is.
Besides, it’s unnecessary hassle to both correct the post and keep an unaltered copy in accordance with my personal policies regarding information. (It’s no accident that my main website uses a permissions-restricted wiki as a content management system)