Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dan Geer's Monoculture Bomb Goes Off

Posted by ryuzaki0 on from the things-that-could-have-been-a-lot-worse dept.

Andy Updegrove writes "Three years ago, celebrated security expert Dan Geer lost his job at @stake when he co-authored a paper on the dangers that the Microsoft 'monoculture' represented for end-users. Last fall, he authored a similar warning in a Perspective piece he wrote for CNETNews.com, applauding the action of Massachusetts in adopting OpenDocument Format, thereby reducing its vulnerability to the same type of risk. Four days ago, Dan's prediction came true, when users of Word (but not those that only trade files created in StarOffice, OpenOffice, or other ODF compliant software) began to be infected with the Backdoor.Ginwui virus - a malicious Trojan program that hitches a ride on bogus Word documents. In short, an object lesson that in IT, as in biology, those that exist in diverse gene pools are at a lower risk, both individually and collectively, from those that subsist in a proprietary monoculture."

3 of 308 comments (clear)

  1. Did any bombs go off... by The+Bungi · · Score: 1, Troll

    When all the thousands of PHP/AWStats defacements were made last year as well? Or is the PHP/MySQL/Linux triad not considered a "monoculture"?

  2. Stupid Analogies by NutscrapeSucks · · Score: 0, Troll

    In IT, as in biology, those that exist in diverse gene pools are at a lower risk, both individually and collectively, from those that subsist in a proprietary monoculture

    Just because your analogy "sounds right" doesn't make make it a valid thesis. The fact is that computers are not biological organisms and "viruses" don't work the same way. And if you take the analogy for anything more than a mild curiosity, it really exposes your underlying idiocy.

    Not to mention it completely ignores the economic factors which created the "monoculture". It's cheaper for society to buy anti-virus than to support multiple OSes, and the analogists just have to deal with that. Computers are tools. Period.

    And how exactly does yet another word virus suddnely prove this theory? It's not like there haven't been many since the paper was published.

    --
    Whenever I hear the word 'Innovation', I reach for my pistol.
    1. Re:Stupid Analogies by NutscrapeSucks · · Score: 0, Troll

      How is this "targetted attack" any different from say a weaponized malaria?

      That's quite simple. The targetted attack is a computer virus. Weaponized malaria is not. Therefore very different conclusions and policies are potentially in order.

      I've read through this thread, and the only case that's been made is that certain modeling is analogous. That does not mean computer code is biological in any way. It does not mean that ecological mores are in order for the computing world. That you fail to understand this just shows that you are the one who doesn't know what he's talking about on a very, very fundemental level. Perhaps your head has gone so far up your butt, it's come back out your mouth.

      --
      Whenever I hear the word 'Innovation', I reach for my pistol.