Compatibility vs. Monoculture
Published February 15, 2004
With Microsoft controlling 95% of the computer operating system business, has this created a "monoculture" that is ripe for disaster? Surely this latest round of virus troubles emphasizes the vulnerability of the system:
- Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology. The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software "monoculture" that threatens global computer security.
Geer and others believe Microsoft's software is so dangerously pervasive that a virus capable of exploiting even a single flaw in its operating systems could wreak havoc.
Just this past week, Microsoft warned customers about security problems that independent experts called among the most serious yet disclosed. Network administrators could only hope users would download the latest patch. [AP]
- In biology, species with little genetic variation — or "monocultures" — are the most vulnerable to catastrophic epidemics. Species that share a single fatal flaw could be wiped out by a virus that can exploit that flaw. Genetic diversity increases the chances that at least some of the species will survive every attack.
"When in doubt, I think of, `how does nature work?'" said Geer, a talkative man with mutton chop sideburns and a doctorate in biostatistics from Harvard University. (The interest persists in his hobby of backyard beekeeping.)
"Which leads you, when you think about shared risk, to think about monoculture, which leads you to think about epidemic. Because the idea of an epidemic is not radically different from what we're talking about with the Internet."
....Charney says monoculture theory doesn't suggest any reasonable solutions; more use of the Linux open-source operating system, a rival to Microsoft Windows, might create a "duoculture," but that would hardly deter sophisticated hackers.
- Compatibility vs. Monoculture
- Published: February 15, 2004
- Type:
- Section: Sci/Tech
- Filed Under: Sci/Tech: Internet, Sci/Tech: Software
- Writer: Eric Olsen
- Eric Olsen's BC Writer page
- Eric Olsen's personal site
- Spread the Word
- Like this article?
- Email this
Save to del.icio.us
Comments on this articleComments
the other, sort of unrelated, aspect of this monoculture is the fact that millions of dollars in lost productivity due to the unending maintenance problems.
computer seized up? oh, did you reboot it?
while microsoft creates mountains of basically mediocre software, businesses flush away many, many hours on problems.
i'm probably less knowledgeable about this than some other folks on BC, but i think the main problem would be getting the two vastly different operating systems to talk to each other. connecting a network of Windows machines can be tough enough. throw in a different OS and you've got a major headache.
but i think his comment, "True diversity would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible" is right on target. The railroad metaphor is nice, but we would need too many OS's to make it worth the trouble. all that development would sap away resources that could be used toward developing new functionality for existing systems, or as is most likely the case, fixing the crap that goes wrong with the current ones.
In the short-term, it's not cost-effective for the software manufacturers. The long-term is a different story.
Add your comment, speak your mind
(Or ping: http://blogcritics.org/mt/tb/12764)
I think we'd see a lot fewer email viruses flying about if more people used email programs other than Microsoft Outlook, even if they continue to use Windows.
I use too many programs that don't run on Macintoshes or Linux, so I don't really have a viable alternative to using Windows. But I use Agent as my mailer.
Trouble is, the people smart enough to be able to download and install any one of the plethora of free mail programs out there are the same people that are smart enough not to click on suspicious attachments in the first place.