Slashdot Mirror


Microsoft, Monocultures, Security FUD & Other Fun

techiemac writes "Dan Geer, who has been mentioned on Slashdot before due to his warnings about Microsoft's "monoculture" has just been written up by AP for his warnings about the widespread use of Microsoft products and the serious security flaws that are being discovered. This story is quickly becomming big news (Yahoo is currently carrying it on their front page). For those who don't know, Dan Greer was fired from @Stake Inc for his criticism of Microsoft (they are a big client of @Stake Inc). " Somewhat related, there has been interesting reaction pieces on ORA and OSDN to a recent, some say ill-informed article run on DevX.

13 of 509 comments (clear)

  1. Re:MS Open Source Is Fertile Ground for Foul Play by syn3rg · · Score: 5, Interesting

    I hope no FOSS developers look at that source. It could "taint by association" -- which makes me wonder if that wasn't the real reason for the release. MS now realizes the fight is over source code. By releasing (through an agent: Mainsoft) the source they can now claim injury if similar methods appear in FOSS.

    --
    The contents of this message have been doubly encrypted by ROT13
  2. Interesting spin ... by Anonymous Coward · · Score: 5, Interesting

    ... on why the Microsoft monoculture is so important; from the AP article:

    True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.

    Really? Could someone more familiar with Microsoft and their products kindly give me examples?

    1. Re:Interesting spin ... by Airconditioning · · Score: 5, Interesting

      If Microsoft decides to support a product, piece of hardware, or whatever out of the box with their next version of Windows, that piece of technology starts to become very popular. That technology then gets refined and maybe, later on an integral part of a computer system.

      USB comes to mind but I think Apple beat them to it?

    2. Re:Interesting spin ... by Anonymous Coward · · Score: 5, Interesting

      USB comes to mind but I think Apple beat them to it?

      Let's start a bit earlier... can you say
      mouse
      GUI
      5 1/4" floppies
      cd-rom
      post-script printing
      true-type/open-type
      Firewire
      and the list goes on

  3. Re:They still don't get it by DangerSteel · · Score: 5, Interesting
    >>Microsoft still want us to believe that the only way to integrate is to run One System (theirs) everywhere. They don't get (more precisely: don't want to) common open standards and protocols.

    And not only do they want us to run thier OS, they want to make sure you are integrating thier Office, and collaboration (think .net) programs. To get the full value of Windows. I think I got enough "full value" of windows on my users machine affected by Blaster last fall...

  4. Re:MS Open Source Is Fertile Ground for Foul Play by swb · · Score: 5, Interesting

    You're totally right, but it'll be hard for a lot of people to not look at it. I say this tongue in cheek, but people will slow to look at a car wreck -- why not the "Windows" source code? Plus these are highly curious people.

    I think the better encouragement is not to *keep* the source code. It would be quite difficult for MS to "prove" that any given developer had seen the purloined source, barring the conspiratorial notion that MS is running false-flagged IRC channels and web sites and collecting evidence on who is grabbing it. But not keeping a copy of it (which would be illegal anyway), they remove the easiest proof that they have been tainted by it.

  5. The real problem is... by Noryungi · · Score: 5, Interesting

    I have thought about this whole monoculture thing recently, and here is my take on it...

    Microsoft made a conscious decision, a long long time ago, to make sure that everything in its Office applications (starting with Word) would be scriptable with VBA. And that the VBA scripts would have access to the entire underlying OS.

    At the time, it made perfect marketing sense: the king of word processors was Word Perfect, and it offered advanced scripting functions. Microsoft had to duplicate this functionalities if it wanted to kick WordPerfect ass and establish Windows and Word as the desktop champions. And it worked -- when was the last time you used WordPerfect on your PC?

    The only problem is, of course, that Windows security (3.x was a single user, single task operating system) was absolutely broken from the very beginning. After all, if you are the only user on your machine, you don't need a lot of security, do you? Wrong. You may need a different kind of security, but you still need some sort of framework to protect your resources. Windows never provided any kind of security at all.

    Then came the Internet. And, with it, a virus transmission vector of incomparable speed. The rest, as they say is history. Microsoft never bothered to create proper security and, because it completely ignored the Internet before 1995 (remember the Gates memo?), they were caught unprepared by the hordes of yahoos who write VBA viruses. VB is easy to use, viruses are easy to program in VB and, thanks to MS stupid decisions, they were allowed to run wild.

    In effect, most users and sysadmins are, today, paying the price of a marketing decision: Microsoft decided to design VBA, all the while ignoring the research that proved that application scripting needed to be severely limited and controlled. Emacs LISP scripts and shell files in the UNIX world were prohibited a loooooong time before VBA was even created.

    They kicked a competitor out of the field and, in doing so, created more problems for themselves (and for us!) than they solved...

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  6. The trouble with diversity by rqqrtnb · · Score: 5, Interesting

    Without a doubt, online security is a major concern. The idea of monoculturism may be applicable to the computer industry due to the prevalence of MS operating systems. This, of course, assumes everyone has the same version of an MS operating system, with a single, universal exploitable flaw. The fact that not everyone has the exact same operating system nor the exact same component and software configuration tends to undermine the argument of 'monoculture' somewhat more.

    However, diversity of computers fosters a much higher learning curve to a machine that is already far more complex than 80% of the people using them understand. I'm a proponent of unity in the field of computers in that the UI of any OS should be the same as EVERY OTHER UI. This promotes a uniform learning curve for everyone so that learning one machine or OS does not restrict a person to that particular product or platform for life.

    People want to learn as much as they need to - and not have to constantly relearn it - in order to do the things they want to do with the computer. Imposing 'bio-diversity' on the operating systems of the world will only create sub-monocultures between which comparability issues and cross learning would be difficult for most to handle unless the UI for each system is essentially the same.

    I'd REALLY like to see Linux be available to anyone without having to have any knowledge of Unix protocols, have the same driver support and always be able to run ANY program regardless of the original OS requirements without having to constantly tweak everything into compliance. If anyone knows a way of doing this, or if it's already been done and you know how, PLEASE post it here.

  7. Limited Genetic Diversity by Phoe6 · · Score: 5, Interesting

    Nature deals with breakdowns in a complex system with evolution, and a very important part of evolution is the extinction of particular species. It's a sort of backtracking mechanism that corrects an evolutionary mistake. The Internet is an ecology, so if you build a species on it that is vulnerable to a certain pathogen, it can very well undergo extinction. By the way, the species that go extinct tend to have limited genetic diversity. -Atrributed to Bill Joy - Had preserved in my Blog Dan Greer's writings bear the same too.

    --
    Senthil
  8. M$ tight integration could cause more harm ... by verrol · · Score: 5, Interesting

    than good. yes, this is not a new idea, but the fact that M$ continues to do it is to me, evidence that they are not serious about security.

    Last week a client of mine wanted me to do some work on his computer and to remove M$ IM on WinXP. You try it, it will tell you that WinXP depends on some functionality of IM. What? The OS needs this crummy application you can get for free somewhere? If that is really true, then no wonder their system is so freaking vulnerable to all kinds of things.

    just about anyone who write large software knows that u have make it modular design and if possible striving independent modules as possible to reduce risk and propagation of faults. consider this, even after the trial, M$ still continues to bind unrelated OS functionality with applications. Apps and OS services are completely different.

    while M$ tries to give you a big bloated piece of software with OS and THEIR apps tightly integrated. look at what the people doing micro-kernels are doing. they are trying to make the kernel as simple as possible (hence easier to debug, understand, etc.). Then, the OS services are just apps (again, very independent form each other--though they may use the services provided by the other). but their is no need for that particular app, just any app providing that service. .v

  9. Re:I guess ... by fewnorms · · Score: 5, Interesting
    And here I thought all this time it was "No one ever got fired for choosing IBM".
    You are correct of course, but I think the saying should be changed to "No one ever got fired for choosing $MONOPOLY", which would be true. From personal experience I can tell you people in my enviroment actually have been fired for suggesting/choosing a hardware/software solution which is not industry standard and 10 times more expensive.
    Luckily, the climate is changing, but it is ever so slowly...
    --
    Veni, Vidi, Velcro!
  10. Re:Apple's worse by Nexum · · Score: 5, Interesting

    I have to disagree, Apple dropped certain technologies when they were replaced by superior ones, and were thus 'not that useful any more.'

    PC manufacturers dropped certain technologies when they were finally perceived not to be useful any more.

    Apple can act as the gentle motivational herder, because they have complete control over their flock, as long as they make sure they replace the things they phase out with generally superior technologies, and they have (floppy > email, legacy ports > USB).

    PC manufacturers have no choice, as there is less unity and it is human nature to be wary of new things, and to want to stick to what is tried and tested. In this scenario where it is impossible to move the flock forward as a whole (as the direction of the industry is dictated by many) it must first be shown and proven that the newer technology is superior.

    So I would hardly call this scenario a 'blunder' on Apple's behalf! Quite the opposite in fact - I'm sure it was of great benefit to both Apple and their users to make a swift concerted step forward.

    --

    This sig has been deprecated.
  11. Nothing new by jkabbe · · Score: 5, Interesting

    Monoculture (or, the problems associated with it) are not a new concept. When I was studying at U of Mi in 1992-93 (or thereabouts) we discussed the internet worm in my system administration class. The instructor pointed out that U of M was only moderately affected because of the variety of Unix systems comprising the network. The lesson was that a diverse network makes one less succeptible to attack affecting a single platform.