Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Windows: A Lower Total Cost of 0wnership

Posted by michael on from the you-go-girl dept.

bahamutirc writes "Dave Aitel of Immunity, Inc. has written an excellent report detailing the lower Total Cost of 0wnership Microsoft Windows has over Linux. Dave takes a unique approach in comparing the two operating systems, and the results are not surprising. The paper was submitted to Bugtraq today and is available in PDF and Open Office."

39 of 524 comments (clear)

  1. Astroturf? by neilcSD · · Score: 4, Funny

    I thought SCO were the ones supposed to be astroturfing on Slashdot...

    1. Re:Astroturf? by SpaceLifeForm · · Score: 3, Informative

      No, no, they're busy on Groklaw. Remember, the puppet-masters are busy everywhere.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    2. Re:Astroturf? by SlightlyOldGuy · · Score: 5, Funny

      If the marketdroids at Microsoft are no more perceptive than many slashdotters, we should be seeing a link to this paper on the "Get The Facts About Linux" page real soon now...

    3. Re:Astroturf? by ccalvert · · Score: 4, Insightful

      People forget that writing is a form of thought. In a sense, it even reflects the soul of the person who writes.

      The beauty of a satire like this is that it exposes not just the absurdity of the text being parodied, but the spiritual depravity that made such texts posssible. It shows the texture and opagueness of the shutters that have been drawn over the souls of people who actually believe that such writing can possibly have meaning.

      On a more practical note, the primary means that such people employ when constructing their deceptive texts is to make up non-sensical nouns or noun phrases and then treat them as if they had meaning. For instance, this satire contains the following sentence fragment: "These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems." As technical people, we read sentences like this all the time. Generally, such sentences mean absolutely nothing. We repeat phrases like "Attack Execution," too embarrassed and too confused to admit even to ourselves that we have no idea of what they mean, or even if they are capable of meaning. These are entirely exploitative sentences and phrases, and have no substance whatsoever beyond what we endow them with by virtue of our blindness and fear.

      Here, of course, the phrases are designed to have a meaning opposite to their apparent value. In other words, they are means of describing not legitimate forms of software analysis, but security exploits. Yet the fact that the parody has a level of meaning generally missing from the text being parodies is just part of the joke.

      As a form of thought, the texts being parodied here are primarily viral. They infect not just the reader, but the writer, and ultimately, an entire society.

  2. Before the anti-Trolls come out... by Short+Circuit · · Score: 5, Funny

    Read it. It's the best TC0 analysis I've ever seen.

    Scratch that, it's the only TC0 analysis I've ever seen.

    (hint hint)

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  3. Mirror by Meostro · · Score: 3, Informative

    Mirrored here and here in case of Slashdotting.

    And no, this isn't a joke, although it is kind of entertaining!

    MD5:
    19bd158b9e471db49acd91f0493b81ec *tc0.pdf
    5ca7eb699b94967ee2d255c021e1686f *tc0.sxw

    1. Re:Mirror by GoofyBoy · · Score: 3, Funny

      Only on slashdot would someone use a domain name like that to distribute an business/satrical OS analysis white paper. :/

      --
      The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
  4. Heh :) by Gilesx · · Score: 4, Insightful

    Lol I love it! I didn't actually realise that it was Total Cost of '0'wnership ;)

    This is a very clever way of making a very valid point - I can forsee this report landing on a free IT purchaser's desks mixed in with all the "real" (or MS-funded) TCO reports, because it is so well designed.

    And my favorite quote? "As clearly demonstrated, other than the toy OS Mac OS X, Windows has the lowest TC0 on the market." I love it!

    --
    Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
  5. not only by kin_korn_karn · · Score: 5, Funny

    not only does Windows have a TCO, it has a TCP - Total Cost of pwn3rsh1p

  6. What more would you expect... by Larne · · Score: 3, Funny

    ... from someone who stays up all night, every night, getting drunk? Oh, Dave Aitel, not Dave Attell. Never mind.

  7. Re:0wned? Please... by Short+Circuit · · Score: 5, Informative

    A couple of definitions of "parody" for you: Google's and Wikipedia's.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  8. Re:0wnership? by TopShelf · · Score: 5, Insightful

    Forget the (sic) part - the title of the document is indeed '0wnership'. This is a good case where those who don't RTFA will be totally off topic...

    --
    Stop by my site where I write about ERP systems & more
  9. I t0tally agree! by Anonymous Coward · · Score: 5, Funny

    Excellent paper!! I h0pe the Cx0's 0ut there take a l0ng hard l00k.

    In my 0rganizati0n, we've c0me t0 basically the same c0nclusi0n. In fact, the c0st 0f 0wnership f0r wind0ws f0r us has been *net negative*, due t0 the tremend0us number 0f an0nym0us v0lunteers we've f0und 0n the internet wh0 are m0re than willing t0 0wn 0ur machines f0r us!

    Linux can't even t0uch that!

  10. Re:Flamebait?? by shish · · Score: 5, Insightful
    We should be able to mod news stories as flamebait.

    And we should be able to mod posters as "Didn't RTFA" / "RTFA, but didn't get that it was a joke"...

    --
    I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  11. Mod Article Up! :-) by MooseByte · · Score: 4, Funny


    Too bad we can't mod articles up. That's the funniest thing I've read in quite awhile.

    Just in time too - bad Friday juju around the office at the moment. I think I'll forward this around and lift the collective mood before a coffee pot goes flying into a random cubicle.

  12. Re:Sick of lies about Ownership Costs by daveaitel · · Score: 5, Interesting

    Dude, did you even read my paper? It's hardly MS propoganda. That's a zero on the front of 0wn. It's a play on words.

  13. My other computer... by Dr.+Brad · · Score: 5, Funny

    T-shirt: My other computer is your Windows box.

    Take care,
    brad

    1. Re:My other computer... by bobbozzo · · Score: 5, Funny

      Another T-Shirt:

      I rooted you girlfriend's box and I didn't use a trojan!

      --
      Nothing to see here; Move along.
    2. Re:My other computer... by mt+v2.7 · · Score: 5, Funny

      A bumper sticker: My child reads your honor students email.

    3. Re:My other computer... by dmh20002 · · Score: 3, Informative

      Michael Howard, a longtime Microsoft Employee, wears a 'my other computer is your LINUX box' t-shirt when he gives talks on how to write secure code.

      saw him in it at directx meltdown last month.

  14. Re:A 189 KB PDF file... by Anonymous Coward · · Score: 5, Informative

    Uhm, you do realize that this is a joke report. It's TC0 (zero), not TCO. This report is about how 0wn1ng W1nd0z3 is easier than Linux, not "owning Windows." That should teach you to at least puruse the article before posting nonsense. To repeat: This is a JOKE!!!

  15. Re:0wned? Please... by fmachado · · Score: 5, Insightful

    Come on people, are we so paranoid that we cannot understand a parody anymore? Don't get so serious, it was one of the most fun thing I've read in a long time. And we get angry when they call us "zealots". Our advantage over the rest is that we are FREE to mock up ourselves (and mock with others, for sure) and this "paper" was amazingly competent in doing that.

    Good job! I do expect people realize it's unique "point of view".

  16. Re:TCO's can be written to defend either case by Marxist+Hacker+42 · · Score: 5, Informative

    It's a TC0, not a TCO- and I doubt you could come to any other conclusion with a TC0 comparing Linux to Windows. Total cost of 0wnership- that is, total cost to hack the box and get it to send out a bunch of spam or viruses.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  17. I'm missing something here by Lurker+McLurker · · Score: 5, Funny

    I can't find the -1 didn't get the joke mod anywhere

    --
    Mod parent up!
    1. Re:I'm missing something here by CheeseTroll · · Score: 3, Funny

      Let's put your .sig to the test...

      Mod parent up!

      Too bad I just let some mod points expire, I'd have burned through the "-1 Didn't get the joke" mods in about 5 seconds.

      --
      A post a day keeps productivity at bay.
  18. Re:Astroturf by the_mad_poster · · Score: 3, Insightful

    Well, considering this is a fairly humorous joke, you still haven't.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  19. Score - Dave: 1 Most slashdotters: 0 by Shoeler · · Score: 4, Informative

    I avoided using mod points just so I could post this tidbit:

    If you think it means Total Cost of Ownership, as it relates to some BS middle-to-upper-management measurement, then you didn't RTFA.

    That is all. :)

  20. wow by flynt · · Score: 5, Informative

    Apparently a large portion of the Slashdot commenters aren't aware of what '0wn' means in the hacker/cracker sense of the word. If you root a machine, you 'own' it. "I got 0wned" means "I got hacked/broken into". Now look at the title of this report, total cost of '0wnership', not 'Ownership'. Now do you understand the joke/point of the paper?

  21. Re:Nice by TXG1112 · · Score: 5, Insightful

    You seem to have missed the joke....

    FTFA:

    Summary

    Immunity's findings clearly show that the best platform for your targets to be running is Microsoft Windows, allowing you unparalleled value for their dollar. This result reinforces the fact that its important to consider more than just licensing fees when your targets choose their OS. Indeed, a variety of factors go into their choice, and over time, Windows has demonstrated itself to be the top contender in the, in both the server and the desktop space for Total Cost of 0wnership.

    (Emphasis mine)

    --
    I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered. My life is my own.
  22. Re:I stopped reading on the second page.. by pclminion · · Score: 4, Funny
    Because of this, I couldn't take the report seriously

    Trying to ever take it seriously in the first place was your mistake.

    I'm quite amused at the number of sub-6-digit Slashdotters being reeled in on this hook...

  23. For Non-acrobat or OOo Readers (Article Text) by MacGoldstein · · Score: 4, Informative

    I thought perhaps, that some reading this may not like to have to open up acrobat or Open Office... Enjoy:

    Microsoft Windows: A lower Total Cost of 0wnership

    August 12, 2004

    Introduction

    Microsoft has long asked third party analysts for accurate assessments of the total cost of ownership of Microsoft Windows deployments, especially against the Linux deployments commonly going into all segments of the market. However, Immunity, Inc. as a third party assessment provider has, until now, not done a thorough analysis, using Immunity proprietary data to tell the true story about the costs of Open Source.

    Other sources of 3rd party information can be found here: http://www.microsoft.com/mscorp/facts/default.asp

    The point of contact for this paper is Dave Aitel, Vice President of Media Relations, Immunity, Inc. He can be reached at mailto:dave@immunitysec.com. Further information on Immunity, Inc. is available at http://www.immunitysec.com/ .

    Executive Summary

    Based on our analysis, Microsoft Windows has one half the Total Cost of 0wnership (TC0) of modern Fedora Core Linux based technologies.

    Immunity's Methodology

    Immunity has four major services: Training on exploit development and vulnerability analysis, Application Security Consulting, the CANVAS assessment product, and the Immunity Vulnerability Sharing Club. In each of these, the costs to penetrate (0wn) systems based on Microsoft Windows Technologies was compared to the costs against a modern Linux system. In general there are three aspects to 0wning a system. These three things, Vulnerability Detection, Exploit Development, and Attack Execution, were used by Immunity to determine the costs to 0wn the different operating systems in configurations encountered during Immunity engagements. As Immunity is not in the rootkit (http://www.rootkit.com/) writing business, this paper does not cover the costs of maintaining 0wnership over a given OS.

    Vulnerability Detection

    There are several factors that affect how difficult it is to find vulnerabilities on a target platform. Some of these are listed below. Immunity's judgments are drawn from our current collection of remote 0day in the VSC, countless 0day in custom applications for Immunity Consulting customers across many different operating systems and over 80 remote exploits in CANVAS.

    Portability of common exploit development tools

    IDA-Pro, the premier disassembler and reverse engineering tool (a database and a disassembler together make for a powerful combination) is able to disassemble both Linux and Windows binaries, but only runs on Windows. A Linux version is, however, rumored to be in the works.

    PDB (Python Debugger), Immunity's newest tool in the armory, is available only for Windows (although the client is available on both Linux and Windows). This tool allows for many advanced scripts to be run, widely automating the exploit development process.

    Ollydbg (Visual Debugger), is far superior to GDB in many ways needed for exploit development. In addition, windbg and Softice provide valuable options for debugging at the kernel and user level.

    The TC0 advantage is clearly obvious for the Windows platform.

    Availability of Fish

    Finding a vulnerability is like finding a fish. If the pond is overfished, it's harder to find them. Hackers are rather evenly split between running Linux and running Mac OSX. As much as few professional NASCAR drivers drive Dodge Neons, a negligible amount of skilled hackers use Windows as their primary OS.

    Not to mention, many Win32 fish are given out for free by Microsoft when releasing patches. (See

    --
    Help a college student
  24. Re:CERT says myDoom cost $40 billion by pclminion · · Score: 3, Funny
    factor this!

    Um, 2^12 * 5^10?

  25. Re:0wnership? by pclminion · · Score: 3, Informative
    No, is means "this word is thus." Meaning, as original. It doesn't necessarily refer to a mistake. It is used in contexts where the reader might infer that it is a mistake.

    The word "sic" means "thus." Nothing more, nothing less.

  26. 3,2,1,karma-ignition by syrinje · · Score: 3, Insightful
    Such a laudable attempt at a parodic post.
    So tragic that the partial l337 mis-spell ruined it.

    I can see the author mentally doing "lines"...
    I must spell it 0wn3d I must spell it 0wn3d .....

    --
    See that long UID - that's what you get for lurking too long
  27. Re:Wait a minute! A lower cost of ownership? by ScottGant · · Score: 3, Funny

    also, couldn't he have just submitted the paper in fricken HTML like a normal person?

    --

    "Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
  28. Your sig explains it all... by mangu · · Score: 4, Informative
    I hope life isn't a big joke...because if it is, I don't get it.


    Well, you seem to be pretty bad at getting jokes. The article isn't about cost of ownership, it's cost of 0wnership.

  29. Do only Gen X'ers get satire anymore? by tylersoze · · Score: 5, Interesting

    I'm beginning to think the only people that can write and get jokes like this are the stereotypical, jaded, cynical, Daily Show watching, The Onion reading, Simpsons quoting Gen X'ers like myself. And I base this conclusion on absolutely nothing. :)

    I think we've raised satire into high art that only few can appreciate or even comprehend. From my point of view, I can't believe anyone that actually read the paper couldn't at least know it was intended to be joke even if they didn't actually understand it or why it was suppose to be funny.

    I suppose it's like that with anything though. Like someone who is an art expert sees some piece of abstract piece as brilliant, but most people wouldn't even recognize or know it was even suppose to be art.

    "Are you being sarcastic?"
    "Dude, I don't even know anymore."

  30. Re:What the hell ?!? No, it's not. by Ciderx · · Score: 5, Funny

    Its an attempt at satire. Unfortunately, it a total failure. About as funny as famine.

  31. Re:Nice by Anonymous Coward · · Score: 3, Informative

    I was getting ready to try out Mandrake 10 for my business, but then I realized that it often makes Windows XP unbootable on a dual boot machine.

    Hell, you don't need Mandrake! XP will make itself unbootable!

    True story - recently had an XP system with NTFS boot partition. It would not boot; gave an error message about corrupt NTFS. A call to Microsoft confirmed that this was "by design". Evidently booting on a corrupted NTFS partition may make data unrecoverable.
    "Well, then, how do I recover it?"
    "Reload with the recovery disk."
    "Hmmm, you realize that the recovery disk, from this OEM anyway, overwrites everything, don't you? How do I recover the data?"
    "There is no way."

    Bringing up a Linux live disk with NTFS read capability got all the user's data back. Memory and disk diags showed no problems, so I used the recovery disk, reloaded user data and it's been running 2 weeks now.