Posted on 02/15/2004 9:59:24 AM PST by Willie Green
For education and discussion only. Not for commercial use.
CAMBRIDGE, Mass. (AP) -- Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology. The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software "monoculture" that threatens global computer security.
Geer and others believe Microsoft's software is so dangerously pervasive that a virus capable of exploiting even a single flaw in its operating systems could wreak havoc.
Just this past week, Microsoft warned customers about security problems that independent experts called among the most serious yet disclosed. Network administrators could only hope users would download the latest patch.
After he argued in a paper published last fall that the monoculture amplifies online threats, Geer was fired by security firm @stake Inc., which has had Microsoft as a major client.
Geer insists there's been a silver lining to his dismissal. Once it got discussed on Slashdot.org and other online forums, the debate about Microsoft's ubiquity gained in prominence.
"No matter where I look I seem to be stumbling over the phrase `monoculture' or some analog of it," Geer, 53, said in a recent interview in his Cambridge home.
In biology, species with little genetic variation - or "monocultures" - are the most vulnerable to catastrophic epidemics. Species that share a single fatal flaw could be wiped out by a virus that can exploit that flaw. Genetic diversity increases the chances that at least some of the species will survive every attack.
"When in doubt, I think of, `how does nature work?'" said Geer, a talkative man with mutton chop sideburns and a doctorate in biostatistics from Harvard University. (The interest persists in his hobby of backyard beekeeping.)
"Which leads you, when you think about shared risk, to think about monoculture, which leads you to think about epidemic. Because the idea of an epidemic is not radically different from what we're talking about with the Internet."
Geer isn't the first to argue that the logic of living viruses also applies to the computer variety, and that the dominance and tight integration of Microsoft operating systems and software makes the global computing ecosystem vulnerable to a cascading failure.
Geer's paper did little more than make the point with particular fervor - which only intensified when Geer was fired.
"The hoopla around him losing his job gave the story some extra frisson," said Internet security expert Bruce Schneier, a co-author of Geer's. "He got fired because @stake wanted to be nice to their masters. But it's like the Christian Church boycotting a movie - everybody wants to see it now."
Microsoft, which denies pressuring @stake to fire Geer, says the comparison between computers and living organisms works only so well.
"Once you start down the road with that analogy, you get stuck in it," said Scott Charney, chief security strategist for Redmond, Wash.-based Microsoft.
Charney says monoculture theory doesn't suggest any reasonable solutions; more use of the Linux open-source operating system, a rival to Microsoft Windows, might create a "duoculture," but that would hardly deter sophisticated hackers.
True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible. Without a Microsoft monoculture, he said, most of the recent progress in information technology could not have happened.
Another difference: computers can be unplugged from the network and rebooted; organisms cannot.
The theory also has skeptics outside of Microsoft.
Security consultant Marcus Ranum has emphasized that many network threats have little to do with the vulnerabilites of monoculture. Planting three strains of corn offers insurance against some diseases, he notes, but without a fence, deer will eat all three.
But Ranum also says the monoculture story "would barely be news" if @stake "hadn't done a brilliant surgical marketing strike on its left foot by firing Dan."
At an October hearing of the House Government Reform Committee's technology subcommittee, Steven Cooper - the Homeland Security Department's chief information officer - was questioned about the federal government's vulnerability to monoculture.
Cooper acknowledged it was a concern and said the department would likely expand its use of Linux and Unix as a precaution.
The monoculture idea is also influencing how experts look for solutions to security problems.
Mike Reiter of Carnegie-Mellon University and Stephanie Forrest, a University of New Mexico biologist who has been gleaning lessons for computer security from living organisms for years, recently received a $750,000 National Science Foundation grant to study methods to automatically diversify software code.
Daniel DuVarney and R. Sekar of the State University of New York-Stony Brook are exploring "benign mutations" that would diversify software, preserving the functional portions of code but shaking up the nonfunctional portions that are often targeted by viruses.
Geer - who continues to consult, lecture and work with a startup these days - believes monoculture theory points the way to possible solutions that are dramatic, and haven't always been followed. They would require, for example, banning from the Internet computers whose software hasn't been updated with the latest anti-virus patches.
Geer doesn't believe breaking up Microsoft is the answer, even though his paper was published by the Computer and Communications Industry Association, which aggressively backed the antitrust case that tried to split up the company.
But Geer says the company should disentangle its tightly integrated products, such as Microsoft Word and Outlook.
Microsoft contends, as it did during its antitrust trial, that the integration of those products is the heart of what it offers consumers.
Still, Microsoft's Charney doesn't entirely dismiss the idea of examining computer security through a biological lens. "Although biodiversity-monoculture issues may be more complex than people have been thinking about them, it does not mean you can't learn from it and draw some parallels," he said.
Geer calls such comments proof the idea is resonating.
"You see Microsoft talking about it," he said, "when before, they didn't."
97 percent can't afford a $795 computer? Wow, the poverty situation must be worse than anyone realized.
Man can this guy BS or what? MS does one thing well, it copys the inovations of others when it is forced to.
In the Linux world, when patches for security flaws are released, any competant programmer can examine them to ensure that they don't have any special backdoors in them. By contrast, Microsoft requires people to accept on faith that they're not putting anything malicious or devious into their patch code. I don't think it would take a genious to figure out the security implications of a major breach at Microsoft.
Why would Osama target Microsoft headquarters? That's his preferred operating system.
Personally, I wish that Microsoft would produce something besides low-quality crap.
This line gave me a headache.
Our only hope for uninterrupted computing bliss is to insure that we all have the highest attainable level of computing biodiversity, therefore, we each need to beef up our computing platforms and networks. Redundant broadband (ADSL/Cable/Sat) connections to our home networks with Windows, Linux, and Mac platforms. Backed up by Ham radio packet and TTY. On several wavelengths.
Despite technical advantages the Apple operating system has not gained more than a market niche largely because business users can find Windows based PCs made by more vendors at better pricing and the Windows based programs are the defacto standard. Ever wonder why Microsoft's ubiquitous Office is available for Macs? ....compatibility with the rest of the world.
What this author is advocating is a cyber version of the Tower of Babel
As we were moving into the mid 1980 the researchers into graphical user interfaces at Palo Alto came up with the Icon interface. Xerox was funding the research. The brilliant fools at Xerox thought the PC was a nothing and pulled the plug.
The researhers showed ther interface to both Jobs and Gates. Both were really impressed.
Gates decided to take a slow path. To gradually go to the grahpical user interface and its multi user, multi tasking, operation. Gates would stay compatable with DOS the single user, single taskingm operating system. GAtes customers could gradualy upgrade and gradually go to a graphical user interface. Users could do some DOS and som Windows on the same machine. Gate set a 10 year plan to get to true multi tasking multi user graphical interface. But it actully took 15 years. And GAtes managed to hold on to his customer base and took most of apples.
Jobs decided to gamble on doing it now. He would do a computer that did the multi tasking, multi user, grahical user interface as fast as possible.
That meant apple customers would have to buy all new software and hardware to go to the Mac. For those that had company networks, or wanted to share files, every one would have to go to Mac on the same day. That ment a massive expenditure and massive traning all at one time. No one did it. It was the dumbest move every made by a major company.
So Apple lost nearly all its customers and Gates kept all of his and gained most of Apples customers too.
Gates stayed compatable with existing hardware and software and companies over a 10 year period finally arrieved at Windows 95.
The final transistion to a fully Mac quality did not happen until 2001 and Windows XP.
It is very simple.
And then Apple released Mac OS X and set the new standard for technological excellence and ease of use. Microsoft will be struggling to catch up for years to come.
"Gates = smart Jobs = Dumb."
It was Sculley, Spindler and Amelio who were dumb - not Jobs. Jobs was not at Apple when they made their marketing blunders which were related to pricing and quality (not backward compatibility with the Apple ][ computer as you imply).
A lot of old geezers will go to their graves running the same Wintel junk they've gotten accustomed to using for decades, but Microsoft has passed their peak of industry dominance and their marketshare is eroding. The era is Microsoft fascism is ending.
BINGO!!!
Just look at the Monoculture...every Indian and Chinese and Russian learn the MICRO$OFT Monoculture so they can act as 'Parasites' eating American Jobs Alive!!!
This article caused me to take the APPLE Plunge!!!
Apple doesn't Overseas Outsource, hence there is NOT a huge base trained in the platform overseas, and at the Apple resellers, job losses to
'Offshoring' is a NON_ISSUE!!!
Thanks for opening my eyes...
Now, merely switching to non-M$FT like Linux MIGHT help, but it isn't just the Operating System that buys job protection through "Diversity!!!"
ROTFLMAO!!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.