An independent blogger Richard Stiennon writes in his blog on ZDNet:
Windows is inherently harder to secure than Linux. There I said it. The simple truth.
The relevation that occured to Mr. Stiennon is actually based on two pictures:
These are maps of system calls of Apache on Linux and IIS on windows, provided by Sana Security.
To me, the only conclusion I can come to based on the pictures is that they look different. I tried to zoom in, and I encourage you to do same to make sure we don’t miss any significant detail that Mr. Stiennon is providing us with.
But let’s assume that IIS on Windows makes more API calls. What does it mean for security? Not much, I’d say. Simpler systems sometimes have fundamental shortcomings that make them insecure. Think of MS-DOS v Linux.
And one other thing. The diagrams remind me of certain organisational hierarchies – namely, Windows development organisation and a Linux distro workshop.