Beruflich Dokumente
Kultur Dokumente
4) System Calls
a) Windows used to use interrupts for system calls, but now it universally
uses MSRs (model/machine-specific registers) through the use of sysenter
which is optimized for calls that transition from user-mode to kernel-mode.
b) Variations of GNU/Linux implementations will use sysenter, but many still
use int 0x80 - they use an interrupt for a system call, regardless of it being
legacy. Developers also still do this.
c) Linux system calls that run long can cause priority inversion in threads
5) Control Flow Guard / Kernel Control Flow Guard
a) Windows has feature that is enabled in the kernel by default called control
flow guard (CFG). It’s optimized and works to prevent memory corruption
vulnerabilities while also tightly restricting code execution.
b) There is no equivalent for the Linux kernel; however, some compilers can
implement a feature called control flow integrity
6) Mandatory Security Controls
a) Windows uniformly implements mandatory integrity control - this controls
and mandates access for securable objects in Windows such as files.
b) Linux does not inherently have this feature, but SELinux is included in
distributions such as Fedora which implements mandatory access control,
this functions similar to MIC.
7) Security Access Control Lists
a) On Windows, security descriptors have DACLs (discretionary access
control lists) and SACLs (system access control lists)
b) DACLs describe permissions that certain users and groups have to
securable objects
c) SACLs are used for auditing users that try different types of access
requests to securable objects
d) ACLs and security descriptors are versatile on Windows. Files, processes,
threads, and even pipes are securable! There are of course, many other
securable objects on Windows.
e) Linux does have DACLs but they are not as extensive for objects as
Windows is
8) Graphical User Interface
a) Windows has a native GUI framework that is integrated with the operating
system. It handles all graphics operations in the kernel and has a dedicated
subsystem for processing graphics. This for performance reasons, avoids
constant kernel transitions.
b) Linux systems do have GUI frameworks such as the X Window System, but
they are not as performant as Windows due to the lack of total integration.
9) Kernel stacks
a) Windows has a more complex implementation and will swap kernel
memory such as kernel stacks to optimize system performance and
experience
b) Variations of Linux will prioritize kernel memory over anything else, when
memory is lacking, the system will begin terminating tasks - it may end up
crashing the system.
10) AppLocker
a) Windows has AppLocker which can restrict access and execution to
certain programs. AppLocker is used with rules which can be configured to
the specifications of the file such as it’s hash.
b) AppLocker can prevent users and groups from executing specific
programs.
c) AppLocker also allows policies which can let the administrator audit
access to certain files
d) There is no equivalent for Linux systems, but there are certain aspects of
the feature that exist in Linux
11) AppContainer Environment
a) Windows provides a highly powerful feature called AppContainer which
acts as a sandbox. AppContainer can isolate applications from the rest of
your working environment
b) Microsoft documented that AppContainer can isolate software from other
processes, files, networks, devices, credentials, and windows.
c) There is no Linux equivalent.
12) Processor Scheduling
a) The NT thread scheduler is quantum-based and is a preemptive priority
scheduling algorithm.
b) The scheduler optimizes thread quantums for the processor that it belongs
to. Running threads are not exactly given intervals per se, but must meet a
quantum target which is determined by the amount of CPU cycles a thread
has executed.
c) The NT thread scheduler is a queue that always takes a constant amount of
time to schedule a thread, making it an O(1) best case algorithm. A thread
will always be ready for scheduling.
d) GUI threads and foreground processes are given priority and quantum
boosts to increase the performance for user interaction.
e) Linux uses the Completely Fair Scheduler (CFS) which is an O(n) algorithm
that uses red-black trees. Since the Linux scheduler has to search through
a list of running tasks, it spends more time in the scheduler lock.
f) Real-time threads in Linux can starve lower-priority threads (which are
favored).