February 7, 2007 at 11:23Apache vs IIS
Scam Windows security and praise Linux - this is like a speech stamp. Nobody really thinks why this is happening, since the classic Microsoft suxx explains everything at once.
But the kind person Richard Stiennon took this more seriously . Using the same simple task as an example, the web server rendering an HTML page with a picture, he built a map of system calls.
According to its results, this is how the transfer of control looks when Apache runs on Linux:
Solving the same problem, IIS under Windows does a lot of work:
The author’s argument sounds reasonable: every extra call is an additional point at which an error may occur. Incorrect parameter transfer, insufficient control over the range of values, stack overflow, etc. - These are all potential problems that need to be tested and analyzed. And these are the problems that could potentially be used for hacking.
In this case, as it seems to me personally, it is necessary to take into account the fact that on the one hand we have open source software - and on the other hand, Microsoft’s policy of ignoring defects if they have not received wide publicity.
PS Richard Stiennon also posted some larger images for Apache and IIS - but, IMHO, not large enough.
But the kind person Richard Stiennon took this more seriously . Using the same simple task as an example, the web server rendering an HTML page with a picture, he built a map of system calls.
According to its results, this is how the transfer of control looks when Apache runs on Linux:
Solving the same problem, IIS under Windows does a lot of work:
The author’s argument sounds reasonable: every extra call is an additional point at which an error may occur. Incorrect parameter transfer, insufficient control over the range of values, stack overflow, etc. - These are all potential problems that need to be tested and analyzed. And these are the problems that could potentially be used for hacking.
In this case, as it seems to me personally, it is necessary to take into account the fact that on the one hand we have open source software - and on the other hand, Microsoft’s policy of ignoring defects if they have not received wide publicity.
PS Richard Stiennon also posted some larger images for Apache and IIS - but, IMHO, not large enough.
