“Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology. The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software ‘monoculture’ that threatens global computer security,” Justin Pope reports for The Rapid City Journal. “Geer and others believe Microsoft’s software is so dangerously pervasive that a virus capable of exploiting even a single flaw in its operating systems could wreak havoc.”
“Just this past week, Microsoft warned customers about security problems that independent experts called among the most serious yet disclosed. Network administrators could only hope users would download the latest patch,” Pope reports. “After he argued in a paper published last fall that the monoculture amplifies online threats, Geer was fired by security firm (at)stake Inc., which has had Microsoft as a major client.”
“Geer isn’t the first to argue that the logic of living viruses also applies to the computer variety, and that the dominance and tight integration of Microsoft operating systems and software makes the global computing ecosystem vulnerable to a cascading failure,” Pope reports. “Geer’s paper did little more than make the point with particular fervor – which only intensified when Geer was fired.”
“‘The hoopla around him losing his job gave the story some extra frisson,’ said Internet security expert Bruce Schneier, a co-author of Geer’s. ‘He got fired because (at)stake wanted to be nice to their masters,'” Pope reports.
Full article here.
MacDailyNews Take: A monoculture is risky, but only really risky when the culture decides, for some daft reasons, to coalesce around a flawed element – in this case, Microsoft Windows. Arguably the worst-designed Mac OS Classic-clone, the Windows OS is broken and IT people who chain their operations solely to Gates’ OS/Office products should be called upon to explain the reasons for making such a costly mistake. And, no, “job security” is not a valid reason, IT folks.
I have said it and I’ll say it again; diversity is key!
In the article you find an objection about the Greer report: that having two dominant OS’s (like Win and Linux) wouldn’t be diversity: just a duoculture, and still a target for hackers.
Tell that to the company who gets attacked by a Windows virus and still has HALF their machines running. Sure, if they ran 10 different OS’s, they’d have 90% running when one OS is attacked… but even 50% diversity is still useful.
Some MS defenders argue that biology isn’t identical to computers, and that the metaphor is being abused. But not being identical doesn’t mean it’s not a USEFUL analogy. And then, when people say that diversity in nature means thousands of species, which is impossible with OS’s… THOSE people are abusing the biology metaphor.
Or for that matter… take your Windows monoculture and mix in 5% Macs and have that 5% still running when SonOfMyDoom hits. As we’ve all seen stories of from real life.
…”In the article you find an objection about the Greer report: that having two dominant OS’s (like Win and Linux) wouldn’t be diversity: just a duoculture, and still a target for hackers.”…
Well that is why we have more than just 2 OS platforms to choose from. Windows, Mac, Linux, Amiga, and etc…
Here is a quote from that same idiot;
…”True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.”…
He claims that computer systems of different types cannot coexist… HOGWASH! All computers talk the same language of 1s and 0s. It’s the breakdown in communications (via interpretation) that is the problem. The proprietary standards including file formats and protocols is what keeps true integration from happening between different platforms, not the lack of a monoculture. Microsoft would like people to believe that being on a single platform is best for everyone, when in actuality, it’s the worse possible case scenario for the whole computer industry, especially for endangering computer security and innovation!
DudeMac: I’m with you, but I have a side comment. Innovation probably benefits from a monoculture in many ways. Computing innovation probably stagnates, but consider this:
Many different OSes provide a lot of opportunity to improve each one, so a great many creative thinkers are sucked into the computer industry to make their mark. With a single OS, those people (possibly) would be focusing their efforts on other things: going to Mars, extending life, cloning Jennifer Lopez, etc.
The innovation gets spread out a lot more, with less duplication of effort. Of course, Windows has blown this benefit because so many people get sucked into applying patches, re-imaging desktops, and looking for ways to doing the right job with the wrong tool. But, theoretically, a monoculture could have that benefit.
KennyLucius,
I think what meat of moose was trying to say was monocultures were not identical. Suppose for the sake of argument, the monoculture is based on linux. Since we know that linux is much more secure and better designed than Windows, the effect of worms or virus won’t be as fatal as the one on Windows. Furthermore, any security issue is addressed within weeks or even days. Compare this to 200 days to fix “critical” security issue. True that monoculture is bad whether it’s Mac OS X or Windows or linux or whatever. But Windows monoculture is the worst of them all.
As far as focusing on other things, are you sure? The way I see it is, people learn that sometimes, knowledge can cross over. Just recently I read that you can use software to do complex origami and origami can be used to solve real world problems such as fiber optics. You see, innovations in different OSs may even lead to solution in other areas. Besides, creative thinkers are best when they have a complete freedom to think problems they are interested in. Forcing creative thinker to solve problems they have no interest in usually does not work well.
“Microsoft paid SCO millions for something. What do you think they bought? There will be a lot of Linux hidden under the hood of Longhorn. Microsoft doesn’t code, it steals or buys what it needs.” – AI
It won’t happen. SCO does not have any right to linux even though they pretend to for the sake of unloading the executive shares during the lawsuit against IBM. Linux is GPL’ed, so whatever MS produces must be given back to the OSS community. If MS gets anything from SCO, it’s Unix, although I suspect the reason MS paid SCO at all is to keep SCO alive to try and discredit linux supporter and scare linux customers. But then again, MS does “innovate” by following Apple’s lead and Apple uses Unix-based kernel under the hood.
I’m not sure about the innovation thing. Just thinking out loud.