The topic of server security has been argued for several years. However, Richard Stiennon made an astounding contribution on 14th April, 2006, when he published an article entitled “Why Windows is less secure than Linux” on ZDNet. Stiennon begins his post by stating there is a huge database of literature on the topic of which server is in fact more secure, Linux or Windows, however, he goes on to state that he can prove that Windows is less secure through a few simple images that make his point very clear.
According to him over time as Windows has evolved it has grown more complex and therefore is harder to secure, whereas, Linux has evolved whilst adopting simplicity in server coding technology.
Through his post, Stiennon iterates that the images captured represent a map of system calls that occur when a web server attends a single HTML page with a picture. For the purpose of testing, he used the same page for both servers. Stiennon goes on to explain that a system call is basically an opportunity to address the memory of a server.
According to him a hacker can investigate this memory access to identify whether or not it is vulnerable to a buffer overflow attack. It is the duty of the developer to do a QA of each of these entry points. The basic gist being the higher the number of system calls, greater the vulnerability and therefore the greater the chances of the server security being breached, this in turn necessitates greater effort in terms of creating secure applications.
Stiennon generated the images through the use of Sana Security. The First image indicates the system call on a Linux server operating Apache System, whereas, the second image is of Windows server running IIS. The images very clearly indicate Linux to be far more secure than Windows.