Slashdot Mirror

I thought perhaps, that some reading this may not like to have to open up acrobat or Open Office... Enjoy:

Microsoft Windows: A lower Total Cost of 0wnership

August 12, 2004

Introduction

Microsoft has long asked third party analysts for accurate assessments of the total cost of ownership of Microsoft Windows deployments, especially against the Linux deployments commonly going into all segments of the market. However, Immunity, Inc. as a third party assessment provider has, until now, not done a thorough analysis, using Immunity proprietary data to tell the true story about the costs of Open Source.

Other sources of 3rd party information can be found here: http://www.microsoft.com/mscorp/facts/default.asp

The point of contact for this paper is Dave Aitel, Vice President of Media Relations, Immunity, Inc. He can be reached at mailto:dave@immunitysec.com. Further information on Immunity, Inc. is available at http://www.immunitysec.com/ .

Executive Summary

Based on our analysis, Microsoft Windows has one half the Total Cost of 0wnership (TC0) of modern Fedora Core Linux based technologies.

Immunity's Methodology

Immunity has four major services: Training on exploit development and vulnerability analysis, Application Security Consulting, the CANVAS assessment product, and the Immunity Vulnerability Sharing Club. In each of these, the costs to penetrate (0wn) systems based on Microsoft Windows Technologies was compared to the costs against a modern Linux system. In general there are three aspects to 0wning a system. These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems in configurations encountered during Immunity engagements. As Immunity is not in the rootkit (http://www.rootkit.com/) writing business, this paper does not cover the costs of maintaining 0wnership over a given OS.

Vulnerability Detection

There are several factors that affect how difficult it is to find vulnerabilities on a target platform. Some of these are listed below. Immunity's judgments are drawn from our current collection of remote 0day in the VSC, countless 0day in custom applications for Immunity Consulting customers across many different operating systems and over 80 remote exploits in CANVAS.

Portability of common exploit development tools

IDA-Pro, the premier disassembler and reverse engineering tool (a database and a disassembler together make for a powerful combination) is able to disassemble both Linux and Windows binaries, but only runs on Windows. A Linux version is, however, rumored to be in the works.

PDB (Python Debugger), Immunity's newest tool in the armory, is available only for Windows (although the client is available on both Linux and Windows). This tool allows for many advanced scripts to be run, widely automating the exploit development process.

Ollydbg (Visual Debugger), is far superior to GDB in many ways needed for exploit development. In addition, windbg and Softice provide valuable options for debugging at the kernel and user level.

The TC0 advantage is clearly obvious for the Windows platform.

Availability of Fish

Finding a vulnerability is like finding a fish. If the pond is overfished, it's harder to find them. Hackers are rather evenly split between running Linux and running Mac OSX. As much as few professional NASCAR drivers drive Dodge Neons, a negligible amount of skilled hackers use Windows as their primary OS.

Not to mention, many Win32 fish are given out for free by Microsoft when releasing patches. (See

http://www.rootkit.com

Of course I can. Never seen rootkit? Never seen either of the open-source Windows clones?