-1

I have heard that Linux is more secure than Windows. Is that true? I think they are equally secure because both has a Turing complete shell so if you management to do harm on one system, there is a method to do the same harm on another system. Is my reasoning correct?

junior
  • 25
  • 2
  • 9
    Turing completeness doesn't have a direct impact on security in that way. It doesn't require that any given method will work on every system. – Matthew Jul 06 '17 at 17:24
  • There are a number of turing-complete interpreters available [in this old stackoverflow question](https://stackoverflow.com/questions/1053931/creating-the-shortest-turing-complete-interpreter). See how much damage you can do to a system if your shell is set to one of those... – Jules Jul 07 '17 at 00:39
  • What does turing completeness have to do with security...? – Derek 朕會功夫 Jul 07 '17 at 01:17

4 Answers4

12

It is not possible to determine whether Linux is more secure than Windows or vice versa. Turing completeness is not a security metric that can be used to objectively compare to what degree two systems would be considered secure.

Given the architectural differences between them, Linux and Windows are incommensurable abstract constructs in the context of security. That is, given their considerable differences, absent an objective standard or rubric that can be used to evaluate how measurably secure a system is, these two systems can't be directly compared in terms of how secure/insecure they are.

  • The term "Linux" actually refers to the Linux kernel. Linux kernel architecture is monolithic, meaning the kernel implements all of the functionality expected of an operating system. This is not the case with the Windows operating system, whose architecture is hybrid kernel based, rather than monolithic kernel based.

    NT-based Windows is classified as a hybrid kernel (or a macrokernel) rather than a monolithic kernel because the emulation subsystems run in user-mode server processes, rather than in kernel mode as on a monolithic kernel, and further because of the large number of design goals which resemble design goals of Mach (in particular the separation of OS personalities from a general kernel design). Conversely, the reason NT is not a microkernel system is because most of the system components run in the same address space as the kernel, as would be the case with a monolithic design (in a traditional monolithic design, there would not be a microkernel per se, but the kernel would implement broadly similar functionality to NT's microkernel and kernel-mode subsystems).1

  • Even if the Windows NT kernel and the Linux kernel were both considered to be monolithic in design, there are still significant differences in implementation, and by extension, functionality. A stark example of this is the differences in the kernel interfaces (system call APIs): while the number of Linux system calls is approximately 340, there are far more Windows system calls(~700 to over 1000 (speculated), depending on which kernel). In addition to this, the manner in which syscalls are invoked differs between systems as well.
  • Given the differences in the design and implementation of the Windows and Linux kernels, it should come as no surprise that the the format a binary must have in order to be loaded into memory and executed differs between the two systems as well - both kernels enforce different application binary interfaces (ABIs) which describe how a process is to be created in virtual memory based on the various segments of an executable binary. In order for the Windows program loader to map into memory and execute a binary, the binary must conform to the Portable Executable (PE) format, whereas Linux binaries must conform to the Executable and Linkable Format (ELF).

Why is any of this relevant? Due to the above differences and many more besides between the Windows and Linux kernels, Windows and Linux processes are created from differently formatted and designed binaries, mapped and loaded into virtual memory by different kernels that enforce different ABIs, have different runtime environments, have different kernel invocation mechanisms, have different conceptions of dynamic linking, etc. These differences prevent direct comparisons between operating systems being made when it comes to security, since they will generally not share the same weaknesses. This is obviated when one attempts to compare the Windows shell with the Linux shell - even the term "shell" does not have a common meaning between the two systems. Linux does not have a registry, the COM, WMI, ASP.NET and so on. A concrete example of this is trying to compare bash with PowerShell in order to determine which is "best" - it can't be done.

1. MS Windows NT Kernel-mode User and GDI White Paper

julian
  • 1,269
  • 1
  • 8
  • 15
  • Minor nitpick - the binary format is surprisingly less important than it appears these days, as it is possible to run PE binaries on Linux (WINE) and ELF binaries on Windows (WSL), and these layers also expose many of the same APIs. Of course, the kernels are still very much different. – Bob Jul 07 '17 at 00:26
3

Turing completeness does not mean you can do everything. It means any program is expressible in the language. It does not mean that the underlying system will actually allow that program to do what it is expressed.

For instance, in Linux, a user level program (ie, not root), can indeed express and run "rm -rf /" to remove everything on the computer. However, it will not actually succeed as the user level program running in the user level shell simply cannot remove files that the user does not control.

crovers
  • 6,311
  • 1
  • 19
  • 29
2

Turing completeness and security are independent of one another. Linux has a reputation of being more secure due to its permission model and the fact that everything is open source. The reasoning behind open source being more secure is that more people are capable of reviewing the OS for security vulnerabilities.

Dan Landberg
  • 3,312
  • 12
  • 17
1

Turing completeness means that a machine can do any calculation that another Turing complete machine can do. This does not mean that it can do anything else. All computers have capabilities which extend beyond what a Turing machine does because all computers are expected to do more than just compute calculations.

A Turing machine does not:

  • Read from a keyboard
  • Craft ethernet packets
  • Display information on a screen
  • Read a clock or otherwise gauge the passing of time.

What being Turing complete does imply is that you can generally emulate any calculations another computer might do, so long as those calculations aren't time bound.

As a real life example, consider Google's Native Client (NaCl). In general, it is very risky to run unknown executables on your computer. You never know when they will be malicious. NaCl provides a strict subset of that native functionality which is designed to prevent clever ways to do damage. It does not, however, prevent these applications from being Turing complete. They're welcome to calculate anything they please within their little bubble... they just aren't allowed to have any unintended side effects outside of that bubble.

Cort Ammon
  • 9,206
  • 3
  • 25
  • 26