Experts warn Microsoft Windows ‘Monoculture’ is ‘dangerously pervasive’

“Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology. The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software ‘monoculture’ that threatens global computer security,” Justin Pope reports for The Rapid City Journal. “Geer and others believe Microsoft’s software is so dangerously pervasive that a virus capable of exploiting even a single flaw in its operating systems could wreak havoc.”

“Just this past week, Microsoft warned customers about security problems that independent experts called among the most serious yet disclosed. Network administrators could only hope users would download the latest patch,” Pope reports. “After he argued in a paper published last fall that the monoculture amplifies online threats, Geer was fired by security firm (at)stake Inc., which has had Microsoft as a major client.”

“Geer isn’t the first to argue that the logic of living viruses also applies to the computer variety, and that the dominance and tight integration of Microsoft operating systems and software makes the global computing ecosystem vulnerable to a cascading failure,” Pope reports. “Geer’s paper did little more than make the point with particular fervor – which only intensified when Geer was fired.”

“‘The hoopla around him losing his job gave the story some extra frisson,’ said Internet security expert Bruce Schneier, a co-author of Geer’s. ‘He got fired because (at)stake wanted to be nice to their masters,'” Pope reports.

Full article here.

MacDailyNews Take: A monoculture is risky, but only really risky when the culture decides, for some daft reasons, to coalesce around a flawed element – in this case, Microsoft Windows. Arguably the worst-designed Mac OS Classic-clone, the Windows OS is broken and IT people who chain their operations solely to Gates’ OS/Office products should be called upon to explain the reasons for making such a costly mistake. And, no, “job security” is not a valid reason, IT folks.

32 Comments

  1. You know, I have no problem with their being multiple different operating systems and although I’m partial to Mac OS X, I still believe there should be alternatives. Windows is the 800 pound gorilla right now but if we’re going to be “dependant” on one OS lets at least make sure it’s secure. I’m still baffled, as I’m sure many of you are, how people continue to let Microsoft continue to leave open holes in their OS and yet not get off without a penalty. I seriously believe that Congress needs to step in and start levying fine on the OS manufacturers for their major security flaws. It’s the only way to change their behaviour. Otherwise, we’re just going to keep getting hit with virus after virus and nothing more will be done with the exception of waiting 200 days for a patch.

  2. Matt,
    You’re “baffled” that people continue to let MS off the hook and Congress does nothing in the face of all of this loss and waste of time? Follow the money, my boy, follow the money. That path always tells the truth. You think shareholders or even people with thousands invested in MS-centered home computing garbage are going to admit there’s something wrong?

  3. What’s actually amazing is that it took so long for anyone – with a medium with which to speak through – to actually give voice to the fact that ‘genetic diversity’ in an ICT environment is desirable in some cases.

    When I started in this business back in the mid-Eighties, my mentor drummed into me that the quality of application or solution drives the choice of platform, now we seem to work on the basis of ‘Wait until solution_vendor$<>”Microsoft” ‘ or ‘If platform_requirement$<>”Windows 2000″, goto next solution’.

    Whilst there are many businesses where a commitment to homogeneity makes sense – particularly very small businesses with relatively simple requirements – the idea of building a 250-seat business that shackles itself and its competitive advantage to the MS yoke is simply not credible. After all, how can you be different when you’re just the same?

  4. I think that using the term �monoculture� is not appropriate for the current state of Microsoft�s problems. Microsoft�s error is its design of its operating system not its ubiquitousness.

    The use of genetical terms in describing Microsoft�s failures may be clever, but not accurate. For example, it is unlikely that we will ever have the term �transgressive segregation� linked with OS development.

  5. The real problem is that the windows zombies just can’t imagine things being different. No, seriously, they really don’t understand that there are OSs out there that work, aren’t riddled with security holes, and aren’t bloody annoying to use! That’s why BillyG keeps repeating the same bull about it being just about market share. The zombies can easily believe that. After all, all computers and OSs have to be just like Wintel, right?

  6. I have a feeling that when Schloghorn finally ships, it will be nearly as rock solid as OS X. I can’t believe that a company as hell bent on dominating everything would not take this opportunity to introduce the types of security that we enjoy via UNIX (true admin access, default ports closed, limited autoexecuting scripts, etc.) They are doing a major overhaul on the trash heap we know as Winblows and have the opportunity to do it right.

    They need a classic environment so they can isolate the f#cked-up code that currently exists, and finally leave it behind (like OS 9).

    While most of us here would never use it even if it were secure, we will be down to arguing over the more fluffy topics such as appearance, ease of use, etc. They have really already solved the instability problems. Thank God that Apple has a 4+ year head start. They need to use what time is left to make progress on the brain-dead corporate types.

  7. DrDude, I’m sure they are. One of the things they are trying to do with Shlonghorn is move away from the old windows APIs, and of course in doing that they could fix many of the problems they have now (like the whole thing being fundamentally flawed). The question is, how capable are M$ programmers of pulling it off. They aren’t exactly known for their “clean” coding.
    The other thing is, if they move towards managed code to aid security, how big would the performance hit be and would people be willing to shell out for something slower?

  8. DrDude:

    No doubt that Microsoft must present a better OS than it currently offers. Then again, Linux and, perhaps, some other OS will capture an increasingly larger percentage of the PC market. This competition will drive the development of better operating systems for all machines including Macs.

    Microsoft will not die, but it will likely have less of market share. And Apple? I reckon that in 4 more years OS 10.3.x will be discussed in historical terms. Whatever the improved Apple OS will be it will have first originated from people who truly �think different�.

  9. Great point Bo’ster. I bet that while Scloghorn is due out in 2 years, it will take them another 2-3 years to make it humm (like W3.0, like OS X 10.0, etc.).

    But on topic here, the brain-dead IT types will then have another reason to stick with M$ by saying that it will soon get better and it would cost too much to swich when a viable M$ upgrade is just arround the corner.

    Just trying to be realistic.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.