Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Operating Systems Software Windows It's funny.  Laugh. Linux

Microsoft Windows: A Lower Total Cost of 0wnership 524

bahamutirc writes "Dave Aitel of Immunity, Inc. has written an excellent report detailing the lower Total Cost of 0wnership Microsoft Windows has over Linux. Dave takes a unique approach in comparing the two operating systems, and the results are not surprising. The paper was submitted to Bugtraq today and is available in PDF and Open Office."
This discussion has been archived. No new comments can be posted.

Microsoft Windows: A Lower Total Cost of 0wnership

Comments Filter:
  • Astroturf? (Score:5, Funny)

    by neilcSD ( 743335 ) on Friday August 13, 2004 @02:50PM (#9961606)
    I thought SCO were the ones supposed to be astroturfing on Slashdot...
    • Re:Astroturf? (Score:4, Informative)

      by SpaceLifeForm ( 228190 ) on Friday August 13, 2004 @03:05PM (#9961807)
      No, no, they're busy on Groklaw []. Remember, the puppet-masters are busy everywhere.
    • by SlightlyOldGuy ( 805345 ) on Friday August 13, 2004 @05:59PM (#9963662)
      If the marketdroids at Microsoft are no more perceptive than many slashdotters, we should be seeing a link to this paper on the "Get The Facts About Linux" page real soon now...
    • Re:Astroturf? (Score:4, Insightful)

      by ccalvert ( 126669 ) on Friday August 13, 2004 @11:17PM (#9965317) Homepage
      People forget that writing is a form of thought. In a sense, it even reflects the soul of the person who writes.

      The beauty of a satire like this is that it exposes not just the absurdity of the text being parodied, but the spiritual depravity that made such texts posssible. It shows the texture and opagueness of the shutters that have been drawn over the souls of people who actually believe that such writing can possibly have meaning.

      On a more practical note, the primary means that such people employ when constructing their deceptive texts is to make up non-sensical nouns or noun phrases and then treat them as if they had meaning. For instance, this satire contains the following sentence fragment: "These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems." As technical people, we read sentences like this all the time. Generally, such sentences mean absolutely nothing. We repeat phrases like "Attack Execution," too embarrassed and too confused to admit even to ourselves that we have no idea of what they mean, or even if they are capable of meaning. These are entirely exploitative sentences and phrases, and have no substance whatsoever beyond what we endow them with by virtue of our blindness and fear.

      Here, of course, the phrases are designed to have a meaning opposite to their apparent value. In other words, they are means of describing not legitimate forms of software analysis, but security exploits. Yet the fact that the parody has a level of meaning generally missing from the text being parodies is just part of the joke.

      As a form of thought, the texts being parodied here are primarily viral. They infect not just the reader, but the writer, and ultimately, an entire society.
  • Read it. It's the best TC0 analysis I've ever seen.

    Scratch that, it's the only TC0 analysis I've ever seen.

    (hint hint)
  • 0wnership? (Score:2, Funny)

    by michael path ( 94586 ) *
    I imagine that yes, due to the cheap labor of script kiddies that Windows does indeed have a lower cost of '0wnership' (sic).
  • Mirror (Score:3, Informative)

    by Meostro ( 788797 ) * on Friday August 13, 2004 @02:51PM (#9961622) Homepage Journal
    Mirrored here [] and here [] in case of Slashdotting.

    And no, this isn't a joke, although it is kind of entertaining!

    19bd158b9e471db49acd91f0493b81ec *tc0.pdf
    5ca7eb699b94967ee2d255c021e1686f *tc0.sxw
  • Heh :) (Score:5, Insightful)

    by Gilesx ( 525831 ) * <sjw&diepls,com> on Friday August 13, 2004 @02:51PM (#9961629)
    Lol I love it! I didn't actually realise that it was Total Cost of '0'wnership ;)

    This is a very clever way of making a very valid point - I can forsee this report landing on a free IT purchaser's desks mixed in with all the "real" (or MS-funded) TCO reports, because it is so well designed.

    And my favorite quote? "As clearly demonstrated, other than the toy OS Mac OS X, Windows has the lowest TC0 on the market." I love it!

    • My question- why does OSX have a lower TC0 than Windows? Wouldn't fewer vunerabilities make exploiting those vunerabilities harder?
    • Re:Heh :) (Score:3, Insightful)

      Toy? Mac OSX is arguably more ready for the corporate world than linux, and it's not that I don't think linux is ready.

      OSX has M$ Office, for the pointy-haired types that insist on it. It has a better browser (Safari) and a decent enough email client (though I believe outlook is also available). It is as solid as a rock. Working with literally hundreds of OSX machines, I've only ever seen crashes that were the result of bad hardware. Even the software glitches turned out (99.8% of the time) to be HD's dyin
  • I know I could make more money if I had more *nix chops

    damn me and my stupid Windows Ninja Skills!
  • Your primary business is creating mal-ware!!

  • not only (Score:5, Funny)

    by kin_korn_karn ( 466864 ) on Friday August 13, 2004 @02:52PM (#9961637) Homepage
    not only does Windows have a TCO, it has a TCP - Total Cost of pwn3rsh1p
  • by Larne ( 9283 ) * on Friday August 13, 2004 @02:52PM (#9961639)
    ... from someone who stays up all night, every night, getting drunk? Oh, Dave Aitel, not Dave Attell. Never mind.
  • Of which I have not previously been aware! Good job! And a much better apples-to-apples comparison than I've seen done by either the open or closed source side- since this form of 0wnership totally removes the initial cost of licensing the install.
  • by Anonymous Coward
    My first response was "Great. Another MS funded piece of crap."

    My first clue otherwise was the pie chart in the Executive Summary; "Difficulty of owning Windows vs Difficulty to make this graph".

    Now, once I see the 0 in 0wning, I'm laughing my ass off...

  • by Anonymous Coward on Friday August 13, 2004 @02:58PM (#9961721)
    Excellent paper!! I h0pe the Cx0's 0ut there take a l0ng hard l00k.

    In my 0rganizati0n, we've c0me t0 basically the same c0nclusi0n. In fact, the c0st 0f 0wnership f0r wind0ws f0r us has been *net negative*, due t0 the tremend0us number 0f an0nym0us v0lunteers we've f0und 0n the internet wh0 are m0re than willing t0 0wn 0ur machines f0r us!

    Linux can't even t0uch that!
  • by MooseByte ( 751829 ) on Friday August 13, 2004 @03:00PM (#9961747)

    Too bad we can't mod articles up. That's the funniest thing I've read in quite awhile.

    Just in time too - bad Friday juju around the office at the moment. I think I'll forward this around and lift the collective mood before a coffee pot goes flying into a random cubicle.
  • Windows is indeed a cheap system to 0wn!
  • by Dr. Brad ( 19034 ) on Friday August 13, 2004 @03:04PM (#9961790)
    T-shirt: My other computer is your Windows box.

    Take care,
  • Hidden costs (Score:2, Informative)

    by vuvewux ( 792756 )
    In the same way that IE is faster than IE (because it's part of the OS), Windows has a lower TOC because a lot of the training costs have been absorbed by the Government - the average high school student gets hundreds of hours of Windows specific training, and no Linux training.
  • What the Fuck are they talking about? I understand it's a parody article, but I couldn't make sense of the gibberish in the article. Someone please explain!
  • Total cost of 0wnership? Hmmm...

    I like the graphic on page 3 of the PDF... comparing "Difficulty of 0wning Windows vs. Difficulty to make this Graph" ... LOL
  • What a difference a 0 vs an O can make. So I can assume that my board has no clue what it means to 0wn a system, show them the PDF, and get a pat on the back for choosing Windows. Or, I can show them this huge satire and have them ask why I chose Windows when Linux is clearly more secure, then have them fire my rear. Ah, the perplexities of IT...
  • I can't find the -1 didn't get the joke mod anywhere
  • All the colors of the rainbow! (well, i guess maybe not all ;)

    Pretty greeen []

    Nice and red []

    Pasionate purple []

    A nice dull grey []

    uhhh, brown? []

    All of them easier on the eyes than puke color.
  • by Shoeler ( 180797 ) on Friday August 13, 2004 @03:11PM (#9961896)
    I avoided using mod points just so I could post this tidbit:

    If you think it means Total Cost of Ownership, as it relates to some BS middle-to-upper-management measurement, then you didn't RTFA.

    That is all. :)
  • I wasn't particularly impressed. First it was the glamor shots of the employees, then the pie chart and the 0 in ownership. I guess I'm starting to get old when I expected to see something marginally professional from people have their own Incorporated entity.

    Computer security enthusiasts will never achieve any measure of professional acceptance as long as script kiddies somehow manage to form business organizations. It reeks like the Joker from Batman.

    What is CANVAS but a GUI over a database of known
  • TCOM = Total Cost Of Malware. Just don't install a service pack from a network, hard drive, or CD ROM and try to get to Windows Update before malware gets installed on your system. Chances are the malware will get on your system before the service pack.
  • Okay, for those of you out there like me that don't live and breath jargon, this paper is a joke, a satire, a ha-ha (and a very good one from what I can tell).

    By Lowest Total Cost of 0wnership (spelled with a zero), they mean that Windows is easier to "0wn" i.e. hack into.

    0wning (with a zero instead of an O) a computer is high-falutin' jargon meaning that you have hacked into it and can do as you please.

    So the point here (joke explained): that the cheapest, easiest system to hack is Windows. That's not e
  • by btempleton ( 149110 ) on Friday August 13, 2004 @03:13PM (#9961925) Homepage
    Ok, a funny joke, but still.

    I notice this paper still uses terms like "vulnerability." Instead of calling these things holes or vulnerabilities, the term I prefer is "window." As in, "Somebody found a window into the IIS web server" and so on.

    The plural is left as an exercise to the reader.
  • wow (Score:5, Informative)

    by flynt ( 248848 ) on Friday August 13, 2004 @03:14PM (#9961939)
    Apparently a large portion of the Slashdot commenters aren't aware of what '0wn' means in the hacker/cracker sense of the word. If you root a machine, you 'own' it. "I got 0wned" means "I got hacked/broken into". Now look at the title of this report, total cost of '0wnership', not 'Ownership'. Now do you understand the joke/point of the paper?
  • I thought perhaps, that some reading this may not like to have to open up acrobat or Open Office... Enjoy:

    Microsoft Windows: A lower Total Cost of 0wnership

    August 12, 2004


    Microsoft has long asked third party analysts for accurate assessments of the total cost of ownership of Microsoft Windows deployments, especially against the Linux deployments commonly going into all segments of the market. However, Immunity, Inc. as a third party assessment provider has, until now, not done a thorough analysis, using Immunity proprietary data to tell the true story about the costs of Open Source.

    Other sources of 3rd party information can be found here: []

    The point of contact for this paper is Dave Aitel, Vice President of Media Relations, Immunity, Inc. He can be reached at [mailto]. Further information on Immunity, Inc. is available at [] .

    Executive Summary

    Based on our analysis, Microsoft Windows has one half the Total Cost of 0wnership (TC0) of modern Fedora Core Linux based technologies.

    Immunity's Methodology

    Immunity has four major services: Training on exploit development and vulnerability analysis, Application Security Consulting, the CANVAS assessment product, and the Immunity Vulnerability Sharing Club. In each of these, the costs to penetrate (0wn) systems based on Microsoft Windows Technologies was compared to the costs against a modern Linux system. In general there are three aspects to 0wning a system. These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems in configurations encountered during Immunity engagements. As Immunity is not in the rootkit ( []) writing business, this paper does not cover the costs of maintaining 0wnership over a given OS.

    Vulnerability Detection

    There are several factors that affect how difficult it is to find vulnerabilities on a target platform. Some of these are listed below. Immunity's judgments are drawn from our current collection of remote 0day in the VSC, countless 0day in custom applications for Immunity Consulting customers across many different operating systems and over 80 remote exploits in CANVAS.

    Portability of common exploit development tools

    IDA-Pro, the premier disassembler and reverse engineering tool (a database and a disassembler together make for a powerful combination) is able to disassemble both Linux and Windows binaries, but only runs on Windows. A Linux version is, however, rumored to be in the works.

    PDB (Python Debugger), Immunity's newest tool in the armory, is available only for Windows (although the client is available on both Linux and Windows). This tool allows for many advanced scripts to be run, widely automating the exploit development process.

    Ollydbg (Visual Debugger), is far superior to GDB in many ways needed for exploit development. In addition, windbg and Softice provide valuable options for debugging at the kernel and user level.

    The TC0 advantage is clearly obvious for the Windows platform.

    Availability of Fish

    Finding a vulnerability is like finding a fish. If the pond is overfished, it's harder to find them. Hackers are rather evenly split between running Linux and running Mac OSX. As much as few professional NASCAR drivers drive Dodge Neons, a negligible amount of skilled hackers use Windows as their primary OS.

    Not to mention, many Win32 fish are given out for free by Microsoft when releasing patches. (See
  • by syrinje ( 781614 ) on Friday August 13, 2004 @03:34PM (#9962163)
    Such a laudable attempt at a parodic post.
    So tragic that the partial l337 mis-spell ruined it.

    I can see the author mentally doing "lines"...
    I must spell it 0wn3d I must spell it 0wn3d .....

  • by shish ( 588640 ) on Friday August 13, 2004 @03:36PM (#9962189) Homepage
    One wonders - if articles like this come up more often, how long until it becomes the norm (ie >50% of people do it) for people to RTFA? Maybe we'll just end up with a new class of "Glanced At The Fantastic Article"...
  • by tylersoze ( 789256 ) on Friday August 13, 2004 @04:02PM (#9962511)
    I'm beginning to think the only people that can write and get jokes like this are the stereotypical, jaded, cynical, Daily Show watching, The Onion reading, Simpsons quoting Gen X'ers like myself. And I base this conclusion on absolutely nothing. :)

    I think we've raised satire into high art that only few can appreciate or even comprehend. From my point of view, I can't believe anyone that actually read the paper couldn't at least know it was intended to be joke even if they didn't actually understand it or why it was suppose to be funny.

    I suppose it's like that with anything though. Like someone who is an art expert sees some piece of abstract piece as brilliant, but most people wouldn't even recognize or know it was even suppose to be art.

    "Are you being sarcastic?"
    "Dude, I don't even know anymore."
  • Not all jokes (Score:3, Interesting)

    by kasperd ( 592156 ) on Friday August 13, 2004 @04:05PM (#9962548) Homepage Journal
    Sure the article is a joke, but actually there is some serious stuff in it as well. If you made it all the way to page 6 and read the section about ExecShield and PaX, you would notice, that this section is not a joke. It actually explains about some real security meassures that exists in Linux. Of course there are large parts of the article, where I'm not sure if it is a joke or just talking about some stuff I don't know about.

Some people have a great ambition: to build something that will last, at least until they've finished building it.