The Biology of Network Security

Bob Brown writes "A University of New Mexico researcher is taking lessons from biology and using them to try to stymie hackers and viruses. Projects such as RISE attempt to secure computers and networks by promoting application diversity." From the article: "Diversity of systems and applications can play a key role in safeguarding computers and networks from malicious attacks, Forrest said. Her team published a paper last year on a system dubbed RISE (Randomized Instruction Set Emulation) (PDF) that randomizes an application's machine code to stymie would-be attacks, such as those launched via binary code injection."

Re:Infrastructure doesn't work like biology

[Whiney+Mac+Fanboy]

Sure, in biology, differences help make the species stronger. Not true in IT.

Depends how big the difference are.

Take for example address space randomization (part of execshield). I'll quote redhat's explanation of it (as it's quite good):

The idea behind Address Space Randomization is to put program code at a different address each time it starts. This way, an exploit can't know where the return address pointer should point to.

Protects against many buffer overflow attacks (regardless of the hardware), with no cost to your 'standardized environment'.

Pity windows & macOS don't have something similar.