Microsoft Windows: A Lower Total Cost of 0wnership 524
bahamutirc writes "Dave Aitel of Immunity, Inc. has written an excellent report detailing the lower Total Cost of 0wnership Microsoft Windows has over Linux. Dave takes a unique approach in comparing the two operating systems, and the results are not surprising. The paper was submitted to Bugtraq today and is available in PDF and Open Office."
Astroturf? (Score:5, Funny)
Re:Astroturf? (Score:4, Informative)
Re:Astroturf? (Score:5, Funny)
Re:Astroturf? (Score:4, Insightful)
The beauty of a satire like this is that it exposes not just the absurdity of the text being parodied, but the spiritual depravity that made such texts posssible. It shows the texture and opagueness of the shutters that have been drawn over the souls of people who actually believe that such writing can possibly have meaning.
On a more practical note, the primary means that such people employ when constructing their deceptive texts is to make up non-sensical nouns or noun phrases and then treat them as if they had meaning. For instance, this satire contains the following sentence fragment: "These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems." As technical people, we read sentences like this all the time. Generally, such sentences mean absolutely nothing. We repeat phrases like "Attack Execution," too embarrassed and too confused to admit even to ourselves that we have no idea of what they mean, or even if they are capable of meaning. These are entirely exploitative sentences and phrases, and have no substance whatsoever beyond what we endow them with by virtue of our blindness and fear.
Here, of course, the phrases are designed to have a meaning opposite to their apparent value. In other words, they are means of describing not legitimate forms of software analysis, but security exploits. Yet the fact that the parody has a level of meaning generally missing from the text being parodies is just part of the joke.
As a form of thought, the texts being parodied here are primarily viral. They infect not just the reader, but the writer, and ultimately, an entire society.
Re:Wait a minute! A lower cost of ownership? (Score:4, Funny)
Your sig explains it all... (Score:5, Informative)
Well, you seem to be pretty bad at getting jokes. The article isn't about cost of ownership, it's cost of 0wnership.
Re:Your sig explains it all... (Score:3, Informative)
Before the anti-Trolls come out... (Score:5, Funny)
Scratch that, it's the only TC0 analysis I've ever seen.
(hint hint)
0wnership? (Score:2, Funny)
Re:0wnership? (Score:5, Insightful)
Re:0wnership? (Score:4, Informative)
The word "sic" means "thus." Nothing more, nothing less.
Mirror (Score:3, Informative)
And no, this isn't a joke, although it is kind of entertaining!
MD5:
19bd158b9e471db49acd91f0493b81ec *tc0.pdf
5ca7eb699b94967ee2d255c021e1686f *tc0.sxw
Re:Mirror (Score:4, Funny)
Where's the girl? (Score:2)
Heh :) (Score:5, Insightful)
This is a very clever way of making a very valid point - I can forsee this report landing on a free IT purchaser's desks mixed in with all the "real" (or MS-funded) TCO reports, because it is so well designed.
And my favorite quote? "As clearly demonstrated, other than the toy OS Mac OS X, Windows has the lowest TC0 on the market." I love it!
Re:Heh :) (Score:2)
Re:Heh :) (Score:3, Insightful)
OSX has M$ Office, for the pointy-haired types that insist on it. It has a better browser (Safari) and a decent enough email client (though I believe outlook is also available). It is as solid as a rock. Working with literally hundreds of OSX machines, I've only ever seen crashes that were the result of bad hardware. Even the software glitches turned out (99.8% of the time) to be HD's dyin
Re:Apple can't supply the F500... (Score:3, Informative)
It is a wonderful machine (lacking only redundant power supplies and the damn hardware RAID card listed in the options). However, Apple cannot meet demand. And while that sounds great for Apple, it sucks ass for companies that depend on their servers.
Re:Apple can't supply the F500... (Score:3, Informative)
Re:Apple can't supply the F500... (Score:3, Informative)
Prolly True (Score:2)
damn me and my stupid Windows Ninja Skills!
Especially if... (Score:2, Funny)
not only (Score:5, Funny)
What more would you expect... (Score:4, Funny)
Re:What more would you expect... (Score:3, Funny)
the title is
"Sloshed in translation"
best show there is..
This is a meaning of Cost of 0wnership (Score:2)
Yes, you got me. (Score:2, Funny)
My first clue otherwise was the pie chart in the Executive Summary; "Difficulty of owning Windows vs Difficulty to make this graph".
Now, once I see the 0 in 0wning, I'm laughing my ass off...
I t0tally agree! (Score:5, Funny)
In my 0rganizati0n, we've c0me t0 basically the same c0nclusi0n. In fact, the c0st 0f 0wnership f0r wind0ws f0r us has been *net negative*, due t0 the tremend0us number 0f an0nym0us v0lunteers we've f0und 0n the internet wh0 are m0re than willing t0 0wn 0ur machines f0r us!
Linux can't even t0uch that!
Mod Article Up! :-) (Score:5, Funny)
Too bad we can't mod articles up. That's the funniest thing I've read in quite awhile.
Just in time too - bad Friday juju around the office at the moment. I think I'll forward this around and lift the collective mood before a coffee pot goes flying into a random cubicle.
Funny stuff.. (Score:2)
My other computer... (Score:5, Funny)
Take care,
brad
Re:My other computer... (Score:3, Funny)
Re:My other computer... (Score:5, Funny)
I rooted you girlfriend's box and I didn't use a trojan!
Re:My other computer... (Score:5, Funny)
Re:My other computer... (Score:3, Informative)
saw him in it at directx meltdown last month.
Hidden costs (Score:2, Informative)
WTFATTA? (Score:2)
Re:WTFATTA? (Score:3, Informative)
Re:WTFATTA? (Score:3, Informative)
-
"It's a joke, son...laugh" (Score:2)
I like the graphic on page 3 of the PDF... comparing "Difficulty of 0wning Windows vs. Difficulty to make this Graph"
Showing it to the board... (Score:2, Funny)
I'm missing something here (Score:5, Funny)
Re:I'm missing something here (Score:3, Funny)
Mod parent up!
Too bad I just let some mod points expire, I'd have burned through the "-1 Didn't get the joke" mods in about 5 seconds.
Convenience color link (Score:2, Funny)
Pretty greeen [slashdot.org]
Nice and red [slashdot.org]
Pasionate purple [slashdot.org]
A nice dull grey [slashdot.org]
uhhh, brown? [slashdot.org]
All of them easier on the eyes than puke color.
Score - Dave: 1 Most slashdotters: 0 (Score:5, Informative)
If you think it means Total Cost of Ownership, as it relates to some BS middle-to-upper-management measurement, then you didn't RTFA.
That is all.
Re:Score - Dave: 1 Most slashdotters: 0 (Score:3, Funny)
Errrrrmmmm... (Score:2)
Computer security enthusiasts will never achieve any measure of professional acceptance as long as script kiddies somehow manage to form business organizations. It reeks like the Joker from Batman.
What is CANVAS but a GUI over a database of known
Yes but Windows has a higher TCOM (Score:2)
Explanation of the joke (Score:2, Informative)
By Lowest Total Cost of 0wnership (spelled with a zero), they mean that Windows is easier to "0wn" i.e. hack into.
0wning (with a zero instead of an O) a computer is high-falutin' jargon meaning that you have hacked into it and can do as you please.
So the point here (joke explained): that the cheapest, easiest system to hack is Windows. That's not e
That's a lot of work for one joke! (Score:3, Funny)
I notice this paper still uses terms like "vulnerability." Instead of calling these things holes or vulnerabilities, the term I prefer is "window." As in, "Somebody found a window into the IIS web server" and so on.
The plural is left as an exercise to the reader.
wow (Score:5, Informative)
For Non-acrobat or OOo Readers (Article Text) (Score:5, Informative)
Microsoft Windows: A lower Total Cost of 0wnership
August 12, 2004
Introduction
Microsoft has long asked third party analysts for accurate assessments of the total cost of ownership of Microsoft Windows deployments, especially against the Linux deployments commonly going into all segments of the market. However, Immunity, Inc. as a third party assessment provider has, until now, not done a thorough analysis, using Immunity proprietary data to tell the true story about the costs of Open Source.
Other sources of 3rd party information can be found here: http://www.microsoft.com/mscorp/facts/default.asp [microsoft.com]
The point of contact for this paper is Dave Aitel, Vice President of Media Relations, Immunity, Inc. He can be reached at mailto:dave@immunitysec.com [mailto]. Further information on Immunity, Inc. is available at http://www.immunitysec.com/ [immunitysec.com] .
Executive Summary
Based on our analysis, Microsoft Windows has one half the Total Cost of 0wnership (TC0) of modern Fedora Core Linux based technologies.
Immunity's Methodology
Immunity has four major services: Training on exploit development and vulnerability analysis, Application Security Consulting, the CANVAS assessment product, and the Immunity Vulnerability Sharing Club. In each of these, the costs to penetrate (0wn) systems based on Microsoft Windows Technologies was compared to the costs against a modern Linux system. In general there are three aspects to 0wning a system. These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems in configurations encountered during Immunity engagements. As Immunity is not in the rootkit (http://www.rootkit.com/ [rootkit.com]) writing business, this paper does not cover the costs of maintaining 0wnership over a given OS.
Vulnerability Detection
There are several factors that affect how difficult it is to find vulnerabilities on a target platform. Some of these are listed below. Immunity's judgments are drawn from our current collection of remote 0day in the VSC, countless 0day in custom applications for Immunity Consulting customers across many different operating systems and over 80 remote exploits in CANVAS.
Portability of common exploit development tools
IDA-Pro, the premier disassembler and reverse engineering tool (a database and a disassembler together make for a powerful combination) is able to disassemble both Linux and Windows binaries, but only runs on Windows. A Linux version is, however, rumored to be in the works.
PDB (Python Debugger), Immunity's newest tool in the armory, is available only for Windows (although the client is available on both Linux and Windows). This tool allows for many advanced scripts to be run, widely automating the exploit development process.
Ollydbg (Visual Debugger), is far superior to GDB in many ways needed for exploit development. In addition, windbg and Softice provide valuable options for debugging at the kernel and user level.
The TC0 advantage is clearly obvious for the Windows platform.
Availability of Fish
Finding a vulnerability is like finding a fish. If the pond is overfished, it's harder to find them. Hackers are rather evenly split between running Linux and running Mac OSX. As much as few professional NASCAR drivers drive Dodge Neons, a negligible amount of skilled hackers use Windows as their primary OS.
Not to mention, many Win32 fish are given out for free by Microsoft when releasing patches. (See
3,2,1,karma-ignition (Score:4, Insightful)
So tragic that the partial l337 mis-spell ruined it.
I can see the author mentally doing "lines"... .....
I must spell it 0wn3d I must spell it 0wn3d
Articles like this... (Score:3, Funny)
Do only Gen X'ers get satire anymore? (Score:5, Interesting)
I think we've raised satire into high art that only few can appreciate or even comprehend. From my point of view, I can't believe anyone that actually read the paper couldn't at least know it was intended to be joke even if they didn't actually understand it or why it was suppose to be funny.
I suppose it's like that with anything though. Like someone who is an art expert sees some piece of abstract piece as brilliant, but most people wouldn't even recognize or know it was even suppose to be art.
"Are you being sarcastic?"
"Dude, I don't even know anymore."
Not all jokes (Score:3, Interesting)
Astroturf (Score:2, Funny)
Re:Astroturf (Score:4, Insightful)
Well, considering this is a fairly humorous joke, you still haven't.
Re:What the hell ?!? No, it's not. (Score:5, Funny)
yhbt... (Score:2, Insightful)
Re:0wned? Please... (Score:5, Informative)
Re:0wned? Please... (Score:2, Insightful)
Seriously, of all the ways my modest little linux server has been nailed over the years, it's never been the installation of software itself.
Some heavy-duty software insists on root installation, but this is only ever well-known stuff for which md5s are available.
I agree, what a dumbass.
Re:0wned? Please... (Score:3, Interesting)
IMHO the problem isn't with SELinux vs traditional root stuff; it's that all the damn package managers require root to run.
I'd love to see a distro where all the non-core (anything beyond the kernel and /sbin?) packages installed under /usr/local/bin/ as some user other than the root user; instead of requiring root access just to install a web broser in the default location.
Re:0wned? Please... (Score:3, Informative)
Not that it is proper terminology, but it is a lot more fun than being an anal, angry arse about every pleasant or immature phrase spoken in one's vacinity. Then again, I tend not to underestimate someone for the phrases they use. This can be a terrible mistake.
Re:0wned? Please... (Score:3, Insightful)
I tend not to underestimate someone for the phrases they use.
I try not to underestimate anyone, but I do use the words that come out of their mouths to gauge them. If they sound like cretins, they usually are, which isn't a dangerous thing to know, but a useful one.
Re:0wned? Please... (Score:2, Insightful)
Wow... you just don't get it, do you?
Can someone tell me why the heck this was modded insightful? More like -1: Don't Get It.
Re:0wned? Please... (Score:5, Insightful)
Good job! I do expect people realize it's unique "point of view".
Re:0wned? Please... (Score:2)
It's funny. Laugh. [slashdot.org]
It's a clever piece of satire. Even so, the paper "defines" the use of "0wn" in the paper for those not L337 aware...
Dumb Asses (Score:2, Informative)
0wned = hacked
Owned = purchased
High cost of 0wnership = good thing
High cost of Ownership = bad thing
Now RTFA again.
Re:0wned? Please... (Score:2, Funny)
Re:0wned? Please... (Score:2, Insightful)
Most Important (Score:2, Insightful)
Sweeping generalizations (Score:3, Informative)
Linux and Windows are from very different worlds of administration and troubleshooting. In general, I have found Linux to be easier to troubleshoot (with exceptions). Most mature Linux applications give one actually useful error messages (much more useful than similar messages from Windows software). The time I take to troubleshoot such a product is very low.
There are exceptions (XFre
Re: (Score:3, Insightful)
Re:Most Important (Score:3, Insightful)
I grew up using Windows so it's natural that I'm more proficient with Windows than Linux and thus, Linux skills have some major ca
Re:Nice (Score:2, Insightful)
Also, its not just people thinking Linux is a scary beast, its the whole change of environment idea. People don't like changing because it takes time to get used to the changes. Because MS took control of the markets earlier, th
Re:Nice (Score:2)
Re:Nice (Score:2)
Re:Nice (Score:5, Insightful)
FTFA:
Summary
Immunity's findings clearly show that the best platform for your targets to be running is Microsoft Windows, allowing you unparalleled value for their dollar. This result reinforces the fact that its important to consider more than just licensing fees when your targets choose their OS. Indeed, a variety of factors go into their choice, and over time, Windows has demonstrated itself to be the top contender in the, in both the server and the desktop space for Total Cost of 0wnership.
(Emphasis mine)
Re:Nice (Score:3, Informative)
Hell, you don't need Mandrake! XP will make itself unbootable!
True story - recently had an XP system with NTFS boot partition. It would not boot; gave an error message about corrupt NTFS. A call to Microsoft confirmed that this was "by design". Evidently booting on a corrupted NTFS partition may make data unrecoverable.
"Well, then, how do I recover it?"
"Reload w
Looks like you didn't RTFA (Score:3, Informative)
Pretty interesting, though it could be argued that the article is biased/flaimbate.
Re:Michael strikes again (Score:2)
Re:Flamebait?? (Score:5, Insightful)
And we should be able to mod posters as "Didn't RTFA" / "RTFA, but didn't get that it was a joke"...
Re:Flamebait?? (Score:2)
[hangs head in shame]
You should (Score:2)
What incredible irony.
Not really (Score:2)
Re:Sick of lies about Ownership Costs (Score:5, Interesting)
Re:Sick of lies about Ownership Costs (Score:3, Funny)
No I'm not new here.
Re:Sick of lies about Ownership Costs (Score:2)
No, no. They've proved it; they even included the source code.
Re:Sick of lies about Ownership Costs (Score:2)
Re:A 189 KB PDF file... (Score:3, Funny)
Re:A 189 KB PDF file... (Score:5, Informative)
Re:TCO's can be written to defend either case (Score:5, Informative)
Re:Oh boy. (Score:2)
Re:I stopped reading on the second page.. (Score:5, Funny)
Trying to ever take it seriously in the first place was your mistake.
I'm quite amused at the number of sub-6-digit Slashdotters being reeled in on this hook...
Re:I stopped reading on the second page.. (Score:3, Funny)
Re:Missing Logic (Score:2, Funny)
Re:Unsupported (Score:3, Funny)
Re:CERT says myDoom cost $40 billion (Score:4, Funny)
Um, 2^12 * 5^10?
This one does..... (Score:3, Informative)
It mentions nothing about Total Cost of Ownership.
It does, however, mention Total Cost of 0wnership, which is completely different....