Go Back   Computer Forums > Welcome To Computer Forums .org > Social Lounge | Off Topic
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-16-2004, 07:34 PM   #1
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default A Software Empire, Mighty and Strong

Quote:
Originally Posted by MSNBC
Experts warn of Microsoft 'monoculture'
But critics say biodiversity analogy has its limits


Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology.
The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software "monoculture" that threatens global computer security.
Geer and others believe Microsoft's software is so dangerously pervasive that a virus capable of exploiting even a single flaw in its operating systems could wreak havoc. (MSNBC is a Microsoft - NBC joint venture.)
Just this past week, Microsoft warned customers about security problems that independent experts called among the most serious yet disclosed. Network administrators could only hope users would download the latest patch.
After he argued in a paper published last fall that the monoculture amplifies online threats, Geer was fired by security firm @stake Inc., which has had Microsoft as a major client.
Geer insists there's been a silver lining to his dismissal. Once it got discussed on Slashdot.org and other online forums, the debate about Microsoft's ubiquity gained in prominence.
"No matter where I look I seem to be stumbling over the phrase 'monoculture' or some analog of it," Geer, 53, said in a recent interview in his Cambridge home.
In biology, species with little genetic variation or "monocultures" are the most vulnerable to catastrophic epidemics. Species that share a single fatal flaw could be wiped out by a virus that can exploit that flaw. Genetic diversity increases the chances that at least some of the species will survive every attack.
"When in doubt, I think of, 'how does nature work?'" said Geer, a talkative man with mutton chop sideburns and a doctorate in biostatistics from Harvard University. (The interest persists in his hobby of backyard beekeeping.)
"Which leads you, when you think about shared risk, to think about monoculture, which leads you to think about epidemic. Because the idea of an epidemic is not radically different from what we're talking about with the Internet."
Geer isn't the first to argue that the logic of living viruses also applies to the computer variety, and that the dominance and tight integration of Microsoft operating systems and software makes the global computing ecosystem vulnerable to a cascading failure.
Geer's paper did little more than make the point with particular fervor which only intensified when Geer was fired.
"The hoopla around him losing his job gave the story some extra frisson," said Internet security expert Bruce Schneier, a co-author of Geer's. "He got fired because @stake wanted to be nice to their masters. But it's like the Christian Church boycotting a movie everybody wants to see it now."
Microsoft: Biodiversity analogy limited
Microsoft, which denies pressuring @stake to fire Geer, says the comparison between computers and living organisms works only so well.
"Once you start down the road with that analogy, you get stuck in it," said Scott Charney, chief security strategist for Redmond, Wash.-based Microsoft.
Charney says monoculture theory doesn't suggest any reasonable solutions; more use of the Linux open-source operating system, a rival to Microsoft Windows, might create a "duoculture," but that would hardly deter sophisticated hackers.
True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.
Another difference: computers can be unplugged from the network and rebooted; organisms cannot.
The theory also has skeptics outside of Microsoft.
Security consultant Marcus Ranum has emphasized that many network threats have little to do with the vulnerabilities of monoculture. Planting three strains of corn offers insurance against some diseases, he notes, but without a fence, deer will eat all three.
But Ranum also says the monoculture story "would barely be news" if @stake "hadn't done a brilliant surgical marketing strike on its left foot by firing Dan."
At an October hearing of the House Government Reform Committee's technology subcommittee, Steven Cooper the Homeland Security Department's chief information officer was questioned about the federal government's vulnerability to monoculture.
Cooper acknowledged it was a concern and said the department would likely expand its use of Linux and Unix as a precaution.
Could 'benign mutations' be built in?
The monoculture idea is also influencing how experts look for solutions to security problems.
Mike Reiter of Carnegie-Mellon University and Stephanie Forrest, a University of New Mexico biologist who has been gleaning lessons for computer security from living organisms for years, recently received a $750,000 National Science Foundation grant to study methods to automatically diversify software code.
Daniel DuVarney and R. Sekar of the State University of New York-Stony Brook are exploring "benign mutations" that would diversify software, preserving the functional portions of code but shaking up the nonfunctional portions that are often targeted by viruses.
Geer who continues to consult, lecture and work with a startup these days also believes monoculture theory points the way to possible solutions. But those solutions are dramatic, and haven't always been followed. They would require, for example, banning from the Internet computers whose software hasn't been updated with the latest anti-virus patches.
Geer doesn't believe breaking up Microsoft is the answer, even though his paper was published by the Computer and Communications Industry Association, which aggressively backed the antitrust case that tried to split up the company.
But Geer says the company should disentangle its tightly integrated products, such as Microsoft Word and Outlook.
Microsoft contends, as it did during its antitrust trial, that the integration of those products is the heart of what it offers consumers.
Still, Microsoft's Charney doesn't entirely dismiss the idea of examining computer security through a biological lens. "Although biodiversity-monoculture issues may be more complex than people have been thinking about them, it does not mean you can't learn from it and draw some parallels," he said.
Geer calls such comments proof the idea is resonating.
"You see Microsoft talking about it," he said, "when before, they didn't."
What the Devil! It is a point; and I think we have discussed it a little before about the idea of a Bug taking down everything. But i don't think the fears by any means outway the rewards of such a Monoculture of Computer Software.

Its basically the difference between Thousands of Waring Countries all wanting power, and a coherent Empire who can direct all resources to gaining more and more power to the inhabitance or 'users'. That is what Microsoft offers us; a Software Empire, United and Strong; and some of us (not me) shun this and moan about the worse points as if no body cares about them and nobody is always looking in to them.

There is only 1 Super-Power in the World of Software - Microsoft who are totally surronded by little annoying Countries who's only dream is the conquering of Microsoft. The funny thing being that none of them work together to this dream - and some, including Linux even fight between themselves within their tiny Country!

People moan about Monoculture and uneaven Software Power - yet they do nothing towards it. We have to go back to the old Saying (slighted edited for the situation): United we Win, Divided we Loose. Microsoft is United; nobody else is.
__________________

__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 02-16-2004, 07:53 PM   #2
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Quote:
True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.
Even three, it would seem is too many to make fully workable each of them with each other. Hardly anything works on Linux; and its only the points where Mac is the same as Windows where Mac can use Windows based software. If you want full intergration; even with a Million different OSs it will be the same as having one withmany variations and they would all therefore be vunerable. There will, but should always be Hackers - and they have no life nor indeed a soul - so they are not goiing to care whether they are attacking Windows XP or OS-That-Lady-Down-The-Street-XP are they?!
__________________

__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 02-17-2004, 04:13 AM   #3
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default

Quote:
True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.
That is a point.
__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 02-17-2004, 08:01 AM   #4
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Yeah!
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 02-17-2004, 10:26 AM   #5
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default Re: A Software Empire, Mighty and Strong

But there are many linux web servers! and they still work!
__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 02-17-2004, 10:52 AM   #6
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

That is true - but to be compatible with the Windows Users, and indeed Servers they have to have a certain amount of compatibility; and if the Windows Servers and Windows Users are down then those Windows Systems could be used to get into the Linux Severs through normal channels!
__________________

__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:59 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0