Microsoft Windows: A Lower Total Cost of 0wnership

bahamutirc writes "Dave Aitel of Immunity, Inc. has written an excellent report detailing the lower Total Cost of 0wnership Microsoft Windows has over Linux. Dave takes a unique approach in comparing the two operating systems, and the results are not surprising. The paper was submitted to Bugtraq today and is available in PDF and Open Office."

A 189 KB PDF file...

[tcopeland]

...I foresee problems. Thus, a mirror [rubyforge.org].

Mirror

[Meostro]

Mirrored here [wetsexygirl.com] and here [wetsexygirl.com] in case of Slashdotting.

And no, this isn't a joke, although it is kind of entertaining!

MD5:
19bd158b9e471db49acd91f0493b81ec *tc0.pdf
5ca7eb699b94967ee2d255c021e1686f *tc0.sxw

Re:0wned? Please...

[Short Circuit]

A couple of definitions of "parody" for you: Google's [google.com] and Wikipedia's [wikipedia.org].

Looks like you didn't RTFA

[GillBates0]

The article is indeed about 0wnership, and the Total Cost thereof which is defined in the article as the "cost to penetrate systems".

Pretty interesting, though it could be argued that the article is biased/flaimbate.

Re:0wned? Please...

[Awptimus Prime]

Hmm, I've been in Information Security for 7 years and almost everyone I have worked with uses phrases like "sk1llz", "0wn3d" and "l33t d00d" on a regular basis.

Not that it is proper terminology, but it is a lot more fun than being an anal, angry arse about every pleasant or immature phrase spoken in one's vacinity. Then again, I tend not to underestimate someone for the phrases they use. This can be a terrible mistake. :)

Re:A 189 KB PDF file...

[Anonymous Coward]

Uhm, you do realize that this is a joke report. It's TC0 (zero), not TCO. This report is about how 0wn1ng W1nd0z3 is easier than Linux, not "owning Windows." That should teach you to at least puruse the article before posting nonsense. To repeat: This is a JOKE!!!

Re:Astroturf?

[SpaceLifeForm]

No, no, they're busy on Groklaw [groklaw.net]. Remember, the puppet-masters are busy everywhere.

Hidden costs

[vuvewux]

In the same way that IE is faster than IE (because it's part of the OS), Windows has a lower TOC because a lot of the training costs have been absorbed by the Government - the average high school student gets hundreds of hours of Windows specific training, and no Linux training.

Re:TCO's can be written to defend either case

[Marxist Hacker 42]

It's a TC0, not a TCO- and I doubt you could come to any other conclusion with a TC0 comparing Linux to Windows. Total cost of 0wnership- that is, total cost to hack the box and get it to send out a bunch of spam or viruses.

thanks for the laugh

[Anonymous Coward]

man that's a funny article, but to be honest, if you stick 2 firewalls infront of your windows box, it's perfectly safe. That and use a real virus scanner/blocker. I could be paranoid, but I use the router to block all inbound port scans, zone alarm on my gateway server and install virus protection on the systems. so far, no virii for 2 years. It's kinda like wearing 3 condoms, but hey it works.

Score - Dave: 1 Most slashdotters: 0

[Shoeler]

I avoided using mod points just so I could post this tidbit:

If you think it means Total Cost of Ownership, as it relates to some BS middle-to-upper-management measurement, then you didn't RTFA.

That is all. :)

Explanation of the joke

[Bad Vegan]

Okay, for those of you out there like me that don't live and breath jargon, this paper is a joke, a satire, a ha-ha (and a very good one from what I can tell).

By Lowest Total Cost of 0wnership (spelled with a zero), they mean that Windows is easier to "0wn" i.e. hack into.

0wning (with a zero instead of an O) a computer is high-falutin' jargon meaning that you have hacked into it and can do as you please.

So the point here (joke explained): that the cheapest, easiest system to hack is Windows. That's not exactly a joke (since it's true), but it's a joke since they're using the Total Cost of Ownership metric...just redefining Ownership to be 0wnership (with a zero).

Why is it spelled with a zero? That's because that's the way (cue menacing music) the hackers do it.

Clever paper, but too clever for people who don't use the terminology. Extra points for the in-jokes.

No astroturf here. Well done!

wow

[flynt]

Apparently a large portion of the Slashdot commenters aren't aware of what '0wn' means in the hacker/cracker sense of the word. If you root a machine, you 'own' it. "I got 0wned" means "I got hacked/broken into". Now look at the title of this report, total cost of '0wnership', not 'Ownership'. Now do you understand the joke/point of the paper?

Dumb Asses

[Anonymous Coward]

For God sake. You guys who are so confident of your awsome intelligence just don't get this!

0wned = hacked
Owned = purchased

High cost of 0wnership = good thing
High cost of Ownership = bad thing

Now RTFA again.

For Non-acrobat or OOo Readers (Article Text)

[MacGoldstein]

I thought perhaps, that some reading this may not like to have to open up acrobat or Open Office... Enjoy:

Microsoft Windows: A lower Total Cost of 0wnership

August 12, 2004

Introduction

Microsoft has long asked third party analysts for accurate assessments of the total cost of ownership of Microsoft Windows deployments, especially against the Linux deployments commonly going into all segments of the market. However, Immunity, Inc. as a third party assessment provider has, until now, not done a thorough analysis, using Immunity proprietary data to tell the true story about the costs of Open Source.

Other sources of 3rd party information can be found here: http://www.microsoft.com/mscorp/facts/default.asp [microsoft.com]

The point of contact for this paper is Dave Aitel, Vice President of Media Relations, Immunity, Inc. He can be reached at mailto:dave@immunitysec.com [mailto]. Further information on Immunity, Inc. is available at http://www.immunitysec.com/ [immunitysec.com] .

Executive Summary

Based on our analysis, Microsoft Windows has one half the Total Cost of 0wnership (TC0) of modern Fedora Core Linux based technologies.

Immunity's Methodology

Immunity has four major services: Training on exploit development and vulnerability analysis, Application Security Consulting, the CANVAS assessment product, and the Immunity Vulnerability Sharing Club. In each of these, the costs to penetrate (0wn) systems based on Microsoft Windows Technologies was compared to the costs against a modern Linux system. In general there are three aspects to 0wning a system. These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems in configurations encountered during Immunity engagements. As Immunity is not in the rootkit (http://www.rootkit.com/ [rootkit.com]) writing business, this paper does not cover the costs of maintaining 0wnership over a given OS.

Vulnerability Detection

There are several factors that affect how difficult it is to find vulnerabilities on a target platform. Some of these are listed below. Immunity's judgments are drawn from our current collection of remote 0day in the VSC, countless 0day in custom applications for Immunity Consulting customers across many different operating systems and over 80 remote exploits in CANVAS.

Portability of common exploit development tools

IDA-Pro, the premier disassembler and reverse engineering tool (a database and a disassembler together make for a powerful combination) is able to disassemble both Linux and Windows binaries, but only runs on Windows. A Linux version is, however, rumored to be in the works.

PDB (Python Debugger), Immunity's newest tool in the armory, is available only for Windows (although the client is available on both Linux and Windows). This tool allows for many advanced scripts to be run, widely automating the exploit development process.

Ollydbg (Visual Debugger), is far superior to GDB in many ways needed for exploit development. In addition, windbg and Softice provide valuable options for debugging at the kernel and user level.

The TC0 advantage is clearly obvious for the Windows platform.

Availability of Fish

Finding a vulnerability is like finding a fish. If the pond is overfished, it's harder to find them. Hackers are rather evenly split between running Linux and running Mac OSX. As much as few professional NASCAR drivers drive Dodge Neons, a negligible amount of skilled hackers use Windows as their primary OS.

Not to mention, many Win32 fish are given out for free by Microsoft when releasing patches. (See

Pseudo-Latin

[Anonymous Coward]

For those who, like me, were mildly confused by this showing up, it seems it's an old typesetting exercise [straightdope.com]. Google the first few words and you'll find plenty of information on it.

Re:0wnership?

[Anonymous Coward]

sic means "thus"

Re:0wnership?

[pclminion]

No, is means "this word is thus." Meaning, as original. It doesn't necessarily refer to a mistake. It is used in contexts where the reader might infer that it is a mistake.

The word "sic" means "thus." Nothing more, nothing less.

Re:Errrrrmmmm...

[daveaitel]

Keep in mind, that CANVAS has an entire compiler and gas-compatable assembler into it. We didn't write that because we thought it would be fun - we thought it added a lot of value to the product in terms of reliability and features no other product can have (as hinted at by the paper.) These components are available under the LGPL, and we fund and support two other GPL projects.

Our exploit code is all custom written by Immunity - so it plays nicely with the engine itself and, we like to think, is better than things like Metasploit. (Which makes sense, since we have 4 people on full time salaries to do so!)

There's a lot of other stuff to it, but let me just say that cutting and pasting is certainly something that is not a part of our development process, for many reasons. :>

Re:WTFATTA?

[Marxist Hacker 42]

0wnership= box hacked and turned into a zombie. Understand now?

This one does.....

[cbiltcliffe]

....hence, why it says it's cheaper to 0wn a Windows box than Linux.

It mentions nothing about Total Cost of Ownership.
It does, however, mention Total Cost of 0wnership, which is completely different....

Re:Cost of Ownership of a PC

[dtfinch]

0wnership!=Ownership.

Your sig explains it all...

[mangu]

I hope life isn't a big joke...because if it is, I don't get it.

Well, you seem to be pretty bad at getting jokes. The article isn't about cost of ownership, it's cost of 0wnership.

Re:Apple can't supply the F500...

[smack.addict]

Any company that needs the ability to procure hardware on less than 2 months notice is foolish to use an XServe for their operations.

It is a wonderful machine (lacking only redundant power supplies and the damn hardware RAID card listed in the options). However, Apple cannot meet demand. And while that sounds great for Apple, it sucks ass for companies that depend on their servers.

Re:Pseudo-Latin

[Anonymous Coward]

And this is the most probable source: http://www.lipsum.com/ [lipsum.com]

Spelling Mistake

[LoD at MIT]

An excellent article. Highly informative and well researched. However, the author made a blatant spelling mistake in the fourth word of the title. How anyone can mispell "0wnz0rship" so baddly is beyond me... :-)

Re:Apple can't supply the F500...

[NoMoreNicksLeft]

Actually, everything I've said is with the exception of the Xserve. Haven't known anyone that didn't have some problem with them.

Re:Nice

[Anonymous Coward]

I was getting ready to try out Mandrake 10 for my business, but then I realized that it often makes Windows XP unbootable on a dual boot machine.

Hell, you don't need Mandrake! XP will make itself unbootable!

True story - recently had an XP system with NTFS boot partition. It would not boot; gave an error message about corrupt NTFS. A call to Microsoft confirmed that this was "by design". Evidently booting on a corrupted NTFS partition may make data unrecoverable.
"Well, then, how do I recover it?"
"Reload with the recovery disk."
"Hmmm, you realize that the recovery disk, from this OEM anyway, overwrites everything, don't you? How do I recover the data?"
"There is no way."

Bringing up a Linux live disk with NTFS read capability got all the user's data back. Memory and disk diags showed no problems, so I used the recovery disk, reloaded user data and it's been running 2 weeks now.

Re:Nice

[mattyrobinson69]

Its actually a bug in windows xp. GRUB creates a proper boot sector, which on rare occasions, windows XP cant understand (like i said, its XP apparently thats a fault). no, i dont have to back this up - if you care, research it yourself.

Sweeping generalizations

[einhverfr]

I have earned the NT4 MCSE, the Windows 2000 MCSA, the LPI certification level 2, and numerous other certs from CompTIA.

Linux and Windows are from very different worlds of administration and troubleshooting. In general, I have found Linux to be easier to troubleshoot (with exceptions). Most mature Linux applications give one actually useful error messages (much more useful than similar messages from Windows software). The time I take to troubleshoot such a product is very low.

There are exceptions (XFree86 comes to mind) where error messages such as permission or disk space errors are not transparent or easy to comprehend. Of course this has improved heavily in the last four years, but X is still one area where I really don't relish troubleshooting. Not long ago, I spent 2 hours troubleshooting an XFree86 problem where the mouse and/or keyboard stopped working when I moved the hard drives from one computer to another (everything worked elsewhere). I eventually figured it out with the help of Google, but it was not easy.

But these problems are rare. In general the problems I have had on Windows software *are* harder to troubleshoot and repair.

Mac?

[Frobozz0]

I take it he didn't bother to compare it to the Mac, since it has a cheaper TCO than Windows.

http://www.architosh.com/news/2004-01/2004c-0124 -m ac-tco.phtml

Let's face it

[tobar mersa]

michael [slashdot.org] has pulled a fast one on the Slashdoterati: taking into account that not reading the article is widespread enough on /. that it has its own abbreviation, by submitting a story [securityfocus.com] which could not be judged by its cover has managed to pull a large prank which will not be forgotten by those who were here today.

I wonder if this will motivate /.ers to read the article before posting.

Re:Your sig explains it all...

[pjrc]

To "0wn" a computer is to remotely hack in and obtain control.

Re:My other computer...

[dmh20002]

Michael Howard, a longtime Microsoft Employee, wears a 'my other computer is your LINUX box' t-shirt when he gives talks on how to write secure code.

saw him in it at directx meltdown last month.

Re:WTFATTA?

[Alsee]

The total cost of developing and using and maining hacks to "0wn" Windows is far lower than the cost of pulling off an attack against a Linux machine.

-

Re:Apple can't supply the F500...

[smack.addict]

I have had no problems with my xserves except the shipping delays. Thankfully, my business does not require quick delivery.