Penetration testing (AKA Pen test) is an authorized deliberate hacking of a corporate network and computer infrastructure to determine its vulnerability. The vulnerability report arising from pen test is a valuable part of the system audit, which will enable the production of a credible mitigation plan while preserving overall security and privacy of the system and its users. In penetration testing, a distribution of Linux is used. This is because the mainstream desktop OS, Windows is inefficient for pen test purposes due to the artificial restriction set by Microsoft. In Windows, the user does not fully control the OS, Microsoft maintains full authority and control of it.
Below are some of the reasons why Windows and penetration testing is virtually incompatible:
Windows have fewer aircrack-ng supported network card drivers compared to Linux
It may sound counter-intuitive, as Windows hardware drivers are much more accessible and plenty than Linux drivers at first glance. However, due to intensive development model of the Linux kernel, newer hardware support is added to Linux all the time. The Linux kernel improves almost on a weekly basis (kernel release candidates are scheduled under a weekly release cycle.), and Windows at best is updated once a month during Patch Tuesday.
Windows driver optimization depends on the manufacturer
Through Microsoft Windows Hardware Quality Labs since the days of Windows 95, 23 years ago, drivers are made by the hardware manufacturers to undergo Microsoft’s approval to be included in the Windows installation disc. The Linux drivers are built into the kernel and updated weekly through the Kernel release candidates. Aside from the hardware manufacturers themselves, volunteer developers handwrite the drivers for many hardware where its manufacturer had no interest of supporting Linux. Also for networking hardware, Linux can use Windows drivers using a technique called NdisWrapper. The Windows drivers operate using a compatibility layer, where Windows calls are converted to its corresponding Linux calls and API’s. Such technique cannot be done in reverse, Windows cannot use Linux drivers.
Incompatible operating system support:
For every iteration of Windows, new driver models are created. Old drivers for old hardware devices can run in Windows XP, it cannot be used for Windows 10 today. This is the reason why many are still using an outdated version of Windows, as the users are still heavily dependent on their old hardware, which no version of Windows 10 can use. The hardware may be in good working order physically, but with the lack of drivers, it is relegated to the function of a paperweight. Linux due to its extensive support of hardware in the kernel makes older hardware usable again.
Restricted features due to the emphasis on end-user security
Microsoft’s target market is the enterprise and the end-users, not for specialized applications. Hence, Windows is produced to protect its users from themselves, preventing advance geeky features from ever being exposed. One such function is the restricted capture of data packets under Windows compared to Linux’s liberal policies for application programs to do what needs to be done to the hardware. Windows also have. Microsoft for decades wants to secure Windows through more and more restrictions while Linux is secured due to its underlying architecture which it inherited from Unix.
Pentest apps are mostly command line driven
Microsoft has tried to improve the Windows command line through the use of PowerShell, to replace the anemic Command Prompt. However, Powershell is just an imitation of the bash shell but is not compatible with any bash interpreters. Aircrack-in tools are mostly command line applications under the Linux’s bash command line. This can change, as Microsoft has started introducing a user-mode Linux shell on top of Windows called WSL (Windows Subsystem for Linux). Improvements are in-progress at the time of this writing.
