Developers have released a major update to the Metasploit security testing tool designed to run more smoothly on the Windows operating system.Metasploit 3.0, released early Tuesday morning, has been rewritten in the Ruby programming language to make the software faster and less buggy for Windows users, who make up the great majority of the software’s users according to Metasploit developer HD Moore.“Ninety-eight percent of our entire user base runs on Windows and they were really poorly supported,” Moore said. By rewriting the program, developers expect to attract new users who had previously been frustrated by the effort required to run Metasploit on Windows. “We’re guessing that we’ll probably get 20 to 30 percent more users just from our improved Windows support,” he said.Metasploit has been installed on more than 100,000 computers to date, Moore said. Within 12 hours of the 3.0 release, the new code had been downloaded by about 7,500 systems, despite a denial of service attack on the Metasploit.com Web site. The new version of the hacking tool includes a jazzed up Web interface and much more modest resource requirements on Windows PCs. Metasploit 2.7, which was written in the Perl language, uses between 128M bytes and 256M bytes of memory. With version 3.0 that requirement has dropped to 32M bytes, Moore said.With the rewrite, Metasploit now uses a modular architecture that will make it easy for developers to integrate new exploit code and testing tools into the software. Previously the framework was focused on developing exploits, but with the 3.0 changes, the software can now be used to do new things like test networks for flaws and merge new hacking tools within the Metasploit framework, Moore said. “We’re kind of the security tool amoeba at this point, where anytime anyone has an interesting security tool, we can go, ’Great, absorb.’”Metasploit developers have also tightened up the licensing terms for their software, which had previously been offered under both the GNU General Public License and the Artistic license, used by Perl.Under the new Metasploit Framework License used by version 3.0, companies will no longer be able to sell the core Metasploit software, a practice that had been on the rise, according to Moore.“We didn’t want other companies reselling and repackaging it,” he said. “We figured that people would be good community Samaritans and would contribute back to us … but that wasn’t happening.”Companies will be able to sell their own Metasploit modules, however, Moore said. -Robert McMillan, IDG News Service Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe