Slashdot Mirror


Microsoft, Monocultures, Security FUD & Other Fun

techiemac writes "Dan Geer, who has been mentioned on Slashdot before due to his warnings about Microsoft's "monoculture" has just been written up by AP for his warnings about the widespread use of Microsoft products and the serious security flaws that are being discovered. This story is quickly becomming big news (Yahoo is currently carrying it on their front page). For those who don't know, Dan Greer was fired from @Stake Inc for his criticism of Microsoft (they are a big client of @Stake Inc). " Somewhat related, there has been interesting reaction pieces on ORA and OSDN to a recent, some say ill-informed article run on DevX.

13 of 509 comments (clear)

  1. They still don't get it by archeopterix · · Score: 5, Insightful
    Microsoft, which denies pressuring @stake to fire Geer, says the comparison between computers and living organisms works only so well.

    "Once you start down the road with that analogy, you get stuck in it," said Scott Charney, chief security strategist for Redmond, Wash.-based Microsoft.

    Charney says monoculture theory doesn't suggest any reasonable solutions; more use of the Linux (news - web sites) open-source operating system, a rival to Microsoft Windows, might create a "duoculture," but that would hardly deter sophisticated hackers.

    True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.

    Microsoft still want us to believe that the only way to integrate is to run One System (theirs) everywhere. They don't get (more precisely: don't want to) common open standards and protocols.

    And they are wrong about "duoculture". Linux, having many parties behind it(many distros, different kernel versions) has much mure internal variety than all versions of Windows out there.

    1. Re:They still don't get it by tomstdenis · · Score: 5, Insightful

      You could argue all the levels at which windows boxen are patched counts as "diversity" ;-)

      KIDDING!!!

      The article does miss a more important point that they do touch upon [sadly I'm siding with MSFT here...] is that "if you don't fence in the crops deer will eat it all".

      A stupid windows user will be an even more stupid linux user. Sorry to tell y'all this. Them the breaks.

      What's worse is distros like Redhat which feature binary updates are totally not scalable. Gentoo is one decent approach but requires a hell of a lot of patience to get going [and update when things like KDE pop up].

      All in all, MSFT sucks for being slow with updates and for using proprietary standards. Most OSS sucks for being hard to configure [for newbies] and occasionally slow/tiresome to deal with.

      So moral? Update as much as you can, don't run every binary you find, use a virus scanner [keep it up to date] and use a firewall. Heck even the stupid WinXP firewall is sufficient to protect users from most default settings virii [e.g. messenger virus, etc].

      Tom

      --
      Someday, I'll have a real sig.
    2. Re:They still don't get it by passthecrackpipe · · Score: 5, Insightful

      Dude, you must have ducked the last time somebody started swinging the old cluebat around. "Them's the breaks" indeed.... a stupid windows user makes for a very good linux user. You fail, just like MS, to differentiate between machine user and machine admin. While a stupid windows user has full admin access out of the box to all his settings, config, hardware setup etc. a linux user does not. Simply by virtue of most of the distro's making a point of creating a seperate root account during setup, and explaining why, ensures you shield the user from the most common types of mayhem (s)he can create. The "stupid" user has to really go out of his/her way to actually screw things up bigtime, something they usually don't really set out to do.

      --
      People who think they know everything are a great annoyance to those of us who do.
  2. I hope he's wrong ... by Anonymous Coward · · Score: 5, Insightful

    As much as I dislike the company, there are too many critical systems that are relying on Windows Servers. The release of a kernel crippling virus or worm could result in loss of human life.

  3. Open for exploit by downix · · Score: 5, Insightful

    A great example of what can/will happen with the Microsoft monoculture can be found in the potato blight of Ireland. For those that lack any historical reference here, Ireland had a booming population due to the introduction of a nice, hardy breed of potato. For years, everything was going great, everyone had food, the potato became the staple of the diet. Everyone ate potatos, it is estimated to have been between 20-40% of all food consumed during this period.

    Then a viral attack that affected only this particular breed of potato struck. Within less than a year, whole crops failed, the economy collapsed as people literally starved to death.

    Yet, other breed of potatos were completely unaffected. It wasn't the reliance on potatos that was to blame, it was the reliance of one strain of potatos that was Irelands achilles heel.

    That is our economys achilles heel, Windows.

    --
    Karma Whoring for Fun and Profit.
  4. Hah! by arvindn · · Score: 5, Insightful
    True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible.
    But this is exactly what open source buys you! The diversity of thousands of operating systems. Several distros, several versions of each, custom configurations, choices in every application space... put all these together and you increase diversity a thousandfold. Easily. There's really a powerful analogy between open source and biological structures, because the code is out there in the wild. Splitting, mutating, recombining. Forking, patching, merging. No two systems are exactly alike. A software ecosystem. Enormous complexity and diversity, enormous robustness and strength, extremely high rate of progress. Linus often makes analogies to evolution when explaining kernel hacking. That's no coincidence.

    Diversity != incompatibility. One standard, many implementations. What the M$ guy says is pure FUD.

  5. unsound refutation from MS by tverbeek · · Score: 5, Insightful
    [MS mouthpiece] says monoculture theory doesn't suggest any reasonable solutions; more use of the Linux open-source operating system, a rival to Microsoft Windows, might create a "duoculture," but that would hardly deter sophisticated hackers.

    This neglects that fact that Linux itself has internal diversity that makes it less vulnerable to "disease".

    It's also not necessary to have "thousands of different operating systems" to gain some resilience. If (for example) half of all computers were Type A and the other half Type B, the rate of transmission of type-specific malware would be slowed dramatically. It wouldn't prevent pandemics, but it would slow them down.

    --
    http://alternatives.rzero.com/
  6. We suggest you reboot... by emtboy9 · · Score: 5, Insightful

    You know, there was, at one time, a long running joke about Microsoft tech support. The answer to any problem, according to MS support (and I heard this directly from them on more than a few occasions) was "We suggest you reboot to fix this problem" OR, Shut up and re-install.

    And now, here is the "Chief Security Strategist" for MS saying (regarding the monoculture analogy) "Another difference: computers can be unplugged from the network and rebooted; organisms cannot."

    So, is he really implying (God I hope not) that most exploits can be solved by unplugging the computer from the network and rebooting???

    I hope not, and maybe its just the way the AP story was written, but it sure sounds like a dismissal of most of the Windows security flaws.

    --
    "Our funds have never taken part in toxic or death spiral convertible financings of any sort" -BayStar's managing partne
  7. i hate this ... by torpor · · Score: 5, Insightful

    different operating systems, which would make integrating computer systems and networks virtually impossible.

    This is such utter bollocks I can't even handle it.

    The reason integration is difficult is because it is made difficult by those who do it.

    It has nothing whatsoever to do with 'operating systems'. It seems to me that 'operating systems' don't mean what they used to mean ... in the good ol' days, an "OS" was all you needed in order to get some basic work and programming done on some hardware.

    Nowadays, it seems that an "OS" == "all the crap I think I'm gonna need one day, bundled into a single directory structure".

    If the OS is doing its job then integration is not impossible, it is 100% feasible and easy.

    An OS which doesn't do its job, doesn't allow integration. Its very telling to me that Microsoft choose to redefine the task of an OS rather than actually make their OS do the job its supposed to do.

    Integration between OS's is supposed to be easy. That is what an OS is all about, after all. Maybe someone should tell that to the 'gurus' from Redmond that mouth off about operating systems all day long ...

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
  8. Re:cant deny msoft does good things also by Anonymous Coward · · Score: 5, Insightful

    I can deny it.
    What has microsoft actually created that anyone is intested in?

    The browser? no Netscape developed that.
    Graphic interface? No Xerox and Apple developed that
    digital music? no MP3 and Napster developed that
    Plug and Play? no Apple developed that
    desktop publishing? once again Apple
    multitastking? Unix
    desktop video? Amiga
    DOS? bought from another company

    Perhaps MS developed some business apps, but I suspect that eveything in the Office suite was developed by some one else first.

    Please give me some examples of any tech, that is worthwhile, that MS pioneered. I think virii and adware are the only techs that MS truly owns.

  9. Re:I guess ... by banzai51 · · Score: 5, Insightful

    Wonder how Slashdotians will feel when they fully explore the anti-monoculture philosophy and realize it means keeping Microsoft rather than eliminating it and creating a new monoculture?

  10. Open Standards can kill MS anyway by newdamage · · Score: 5, Insightful

    In the long run (think the next 10-25 years), Microsoft will be forced to go along with open standards or get left behind as Open Source picks up more momentum. As IBM, Novell, large countries, and other big gorillas put their weight behind Linux and Open Source, the standards they use could become "the standard". This isn't going to happen likely anytime soon, but it definately has to start with the corporate world. If XYZ Inc. decides to use Open Office and Linux to save money (and we know businesses aren't doing anything radical to save money these days), and suddenly their employees must use it, guess what software package could end up on their home computers? As I said, it's not going to be a fast process, but it is possible.

    --
    ce n'est pas un Sig.
  11. is not monoculture, is evolution. by cabazorro · · Score: 5, Insightful

    Q:What is the single protocol used by all computers
    connected to Internet in the world?
    A: IPV4
    Q:What is the single mail protocol used by all
    computers connected to the internet?
    A: SMTP
    Q:What is the single protocol used to search the
    Internet and exchange most information over the
    Internet?
    A: HTTP
    According to evolution, diversity is the
    consequence of adaptation.

    Specialization, Mutation, Adaptation.

    Adaptation is the
    consequence of a changing environment. A
    changing environment is the consequence of a
    finite amount of resources and competition.
    The Internet in it's current stage resources are
    plenty and competition is little.
    Internet is currently in the specialization
    stage. The Internet has not being forced(YET) to
    depart from it's standard protocols (mutate) to
    survive an attack.

    Forcing diversity (by mandate rather of natural
    competition) not only makes the system less
    robust, it slows down evolution.

    --
    - these are not the droids you are looking for -