Simon Phipps's Blog

Monoculture Considered Harmful

I commented recently that, while we can each take steps to prevent virus and worm attacks on our computer systems, the biggest threat we actually face is the fact that we have a computer monoculture.

Most of the world’s computers run Microsoft’s operating systems, thus most of the world’s computers are vulnerable to the same viruses and worms at the same time. The only way to stop this is to avoid monoculture in computer operating systems, and for reasons just as reasonable and obvious as avoiding monoculture in farming. Microsoft exacerbates this problem via a wide range of practices that lock users to its platform. The impact on security of this lock-in is real and endangers society.

While appropriate remedies require significant debate, these three alone would engender substantial, lasting improvement if Microsoft were vigorously forced to: • Publish interface specifications to major functional components of its code, both Windows and Office. • Foster development of alternative sources of functionality through an approach comparable to the highly successful "plug and play" technology for hardware components. • Work with consortia of hardware and software vendors to define specifications and interfaces for future developments, in a way similar to the Internet Society's RFC process to define new protocols for the Internet

Before the usual and inevitable cries of 'Microsoft-hater' are raised, can I make a plea to people to look at the issue here (and read John Lettice's take too). It's actually not based on an instinctive hatred of Microsoft - as Geer himself says:

"If the monoculture was all Linux, it would be just as bad"

[Also posted to Webmink]

Comments

• I don't get it
  I'm sorry, but I just don't get it.
  In a biolgical system, if there is no genetic diversity then a single virus could come along and wipe out your species. I get that.
  What I don't get is the applicability of this principal to the internet. Yes, it is true that if everybody is running the same OS, then a single virus could bring all computers down (temporatilly), but the Internet would not go extinct, it would simply be rebooted by those pesky humans.
  In engineering systems, like nuclear power plants, it's actually a good thing to standardize. That allows you to analyze flaws as they appear, and apply the analysis to the surviving instances (assuming that there are surviving instances). Redundant systems (based on different designs) are a good thing to keep things running (based on the assumption that a single flaw won't cripple both designs). This would be a good thing for the infrastructure of the Internet (the IPs), but it doesn't apply to the end-users. Are the authors of the report suggesting that all end users should have both a Mac and a Windows box on their desks? If not, then how would the end-user be protected by a proliferation of OS'es?
  

  Posted by: johnreynolds on September 29, 2003 at 07:08 AM

• I don't get it
  In engineering systems, like nuclear power plants, it's actually a good thing to standardize. That allows you to analyze flaws as they appear, and apply the analysis to the surviving instances (assuming that there are surviving instances).

  This is not possible in the case of MS products, because their interfaces aren't public, and no alternative implementation is possible. All the alternatives are: new, not compatible products (like Linux, which can't run Windows binaries) or almost-compatible products, created from reverse engineering (samba, OpenOffice).
  But reverse engineering isn't easy, and almost never obtains exactly the same results. If all those interfaces (file format, protocol, and programming interfaces specifications) were publicly published (and respected by either Microsoft and other vendors), it would be possible, in theory, to create an operating system that runs like Windows, using its binaries, reading it's document files, and interoperating with other compatible systems.

  Posted by: ronaldtm on September 29, 2003 at 09:23 AM

• I don't get it
  Oops, I forgot. About the analysis, the software license you accept when you install any Microsoft product prohibit you from doing reverse engineering, publish security flaws, etc. So, how do you intend to do such analysis? When the blue screen apears, the only thing you can do is to send the memory dump to Microsoft, and wait for them to fix it...

  Posted by: ronaldtm on September 29, 2003 at 09:28 AM

• Monoculture or Microsoft?
  You seem to be saying that the dominant monoculture is the problem, not that monoculture itself is the problem. I don't think that we're in disagreement on that point.

  What I don't buy into is the idea that _any_ monoculture is bad. Note the statement that "a Linux monoculture would be just as bad".

  Posted by: johnreynolds on September 29, 2003 at 12:41 PM

• I don't get it
  OS Platforms are not standards - OS platforms *adhere* to standards.

  Having a variety of OS platforms is fine, as long as data is portable, as with XML.

  X11 is a standard, and there are various implementations of it. A bug in one doesn't affect the rest, unless there is a problem with the standard itself. And yet, from an X11 user's point of view, there is no difference between the implementations becasue they are all inter-compatible.

  Applied to the internet, we can see that the use of standard interfaces rather than single-vendor interfaces would prevent ALL computers going down, rather than a subset of all computers.
  Yes, of course you could just reboot, but you shouldn't have to. And in some cases, that reboot will cost you a lot of money - maybe even your entire business.
  

  Posted by: philwebster on September 30, 2003 at 03:17 AM

• Monoculture or Microsoft?
  1) Freedom of choice is important.
  2) So is not putting all your eggs in one basket.

  GNU/Linux is OK. So is BSD. They're compatible, roughly-speaking. Solaris ain't too bad either.

  Use each UNIX implemetation according to its strengths, and take advantage of standardisation efforts that allow these implementations of UNIX to communicate with each other.

  And if one doesn't work out how you'd like, drop it. The standardisation has then given you the freedom to switch to another platform. This principle applies to any operating system.

  
  Turning your question around - you imply that you think a GNU/Linux monoculture would be a good thing. Why would this be true?
  

  Posted by: philwebster on September 30, 2003 at 03:25 AM

• Monoculture or Microsoft?
  Good question, here's a stab at an answer:

  The original premise of this blog (as I understand it) is that the virtual monopoly of a single OS is by itself an intrinsic security flaw that dooms the Internet to constant disruption by nasty virus writers.

  The assumption is that a single target is so attractive to virus writers that they can't resist it, and the single target is bound to be breached since the attackers surely outnumber the defenders. The proposed solution is to have multiple targets so that the efforts of the attackers will be less concentrated, and they will be less effective.

  I would counter that a single open platform (for the end-points or the network) would allow the defenders to pool their resources and plug the holes in the defensive walls (Take a look at the NSA's security enhanced Linux as an example). Over time, the attackers actually provide a service by pointing out the flaws of the system, much as pathogens in biological systems lead to stronger immune systems.
  

  Posted by: johnreynolds on September 30, 2003 at 07:10 AM

• Community good, diversity better
  Your summary is good John, and I'd agree that a community-maintained platform would be likely to be more resistant to attack, especially one based on UNIX. But I'd still contend that diversity is in everyone's interests, so a diversity of community-based platforms implementing open standards is likely to be the best answer.

  Posted by: webmink on September 30, 2003 at 07:19 AM

• Monoculture or Microsoft?
  While it is true that open platforms allow defenders to pool resources, you are assuming that the platform in question will be sufficiently well-designed to allow modifications to be made without major re-writes. This may not always be the case, and some approaches to platform design may turn out to be better in certain circumstances.

  Open-source allows ideas to flow between different projects, so a multiple-platform approach will still retain the 'pooled resources' advantage that you are advocating in favour of a single open platform. This already happens today, with security features pioneered in OpenBSD being ported to other OS platforms, including GNU/Linux as well as to the other BSDs.

  The added advantage of having *multiple* open platforms is that if, for some reason GNU/Linux (for example) turns out to have a major design flaw, people can switch to a compatible-but-different system such as *BSD or GNU/HURD (if it ever gets finished!).

  Multiple platforms are an insurance policy, and as I mentioned in my earlier post, it is generally considered wise for people not to 'put all their eggs in one basket'.

  Posted by: philwebster on October 01, 2003 at 02:09 AM

This work is licensed under a Creative Commons License.