[kwlug disc.] Apache vs IIS system call chart

Unsolicited unsolicited at gto.net
Tue Feb 6 22:19:33 EST 2007 

 > Is it really so hard to believe that IIS/Windows are more poorly
 > coded than Apache/Linux?

Perhaps what is coming out is that there has been so much MS bashing 
that people are now taking a 2nd look before blindly accepting it.

I would agree it's more complex. I would agree the more complexity, 
the more points of vulnerability. (However, one would think over time 
that elements become secured and need not be revisited again. It would 
be interesting to know how much of that has happened.)

I do think: "The same page and picture. A system call is an 
opportunity to address memory. A hacker investigates each memory 
access to see if it is vulnerable to a buffer overflow attack."

is a bit of a FUD creator in and of itself. I expect it's a bit of an 
overstatement, particularly saying that by definition all function 
calls are by definition a vulnerability. That may be true, but it's 
just like something I recently read - 30% of Canadians are possibly 
susceptible to something or other, and 30% of them will die from it. 
OR, 9% will die from it. A less alarming number than the first '30%', 
which may be the only part you read before your heart starts to pound.

I too am curious about apples to apples vs. oranges - even having to 
mention C++ vs. whatever else not only makes one not only question the 
  true extent of the apparent problem, it makes me wonder as to nature 
of the inherent risk of C++, or anything else, in the first place.

But more than anything else, this makes me wonder again:
- the 'problem' with GNU/Linux is the plethora of choice to accomplish 
any given thing.
- in this particular case, Apache, is an application that has had a 
great deal of effort and eyeballs on it to do its thing.
- Windows, like Intel, has evolved and maintained backwards 
compatibility throughout. What level of the chart is solely due to 
backwards compatibility. And is it really still vulnerable in those areas.
- if both were completely rewritten today, for todays applications, or 
perhaps for ONLY tomorrow's applications (e.g. XML), how much would 
the complexity be reduced, and how far apart would they still be.
	- for example, the difference between the SMTP server built in to 
IIS, vs. Exchange.

Regardless, even before seeing the charts, I hope never to use IIS again.

I'd so like to have only ONE TRUE WAY.

But I recognize that my one true way is not everyone's one true way. 
Thus the plethora of choices. And thus a certain level of daily 
frustration and irritation.


Cheers.


John Van Ostrand wrote, On 2/06/2007 9:21 PM:
> On Tue, 2007-02-06 at 19:41 -0500, Chris Bruner wrote:
>> I wouldn't mind knowing how those graphs were made.  Can a non-FUD
>> version be done.
> 
> I've scanned through the FUD threads on slashdot and don't see anything
> that rings true with me. The comments on this are what seem to be FUD.
> 
> Is it really so hard to believe that IIS/Windows are more poorly coded
> than Apache/Linux?
> 
> I do agree that it would be nice to see the labels clearly.
> 
> --
> John Van Ostrand
>          Net Direct Inc.
>  
> CTO, co-CEO
> 564 Weber St. N. Unit 12
>    Waterloo, ON N2L 5C6 
>  map 
> john at netdirect.ca
>         Ph: 519-883-1172
>  ext.5102
> Linux Solutions / IBM
> Hardware
>         Fx: 519-883-8533
> 
> 
> 
> _______________________________________________
> KWLUG-Disc mailing list
> KWLUG-Disc at kwlug.org
> http://listserv.kwlug.org/mailman/listinfo/kwlug-disc
>

More information about the KWLUG-Disc mailing list