=> -----Original Message----- => From: [EMAIL PROTECTED] => [mailto:[EMAIL PROTECTED] On Behalf Of Bill Anderson => Sent: Wednesday, September 13, 2006 20:40 => To: ProFox Email List => Subject: [NF] -- IT Wrestles with Microsoft Monoculture Myopia => => => "When Microsoft announced in March 2006 that it would add => code-scrambling diversity to make Windows Vista more => resilient to virus and worm attacks, you could almost => visualize a wry smile from Dan Geer. => => Geer, a computer security guru with a doctorate in => biostatistics from Harvard University, lost his job as chief => technology officer of consulting company @Stake in 2003 => after co-authoring a report that blamed Microsoft's => operating system monopoly and complex code base for the => frailty of the Internet. => => Exactly three years later this month, Geer insists that the => risks associated with Microsoft's virtual monoculture remain => the same, but a quick glance at the future direction of the => world's largest software maker gives Geer a sense of "total => vindication." => => Indeed, three years ago on Sept. 24, Geer penned => "CyberInsecurity: The Cost of Monopoly," a 25-page report he => co-authored with a who's who of computer security experts, => including celebrated cryptographer Bruce Schneier and => intrusion detection systems specialist Rebecca Bace. => => The crux of the report was that software diversity was core => to securing the Internet." => => <http://www.eweek.com/article2/0,1895,2013820,00.asp> =>
Before there was an internet, before Al Gore was born, there was another network called The Bell System. And it worked. It was anything but diverse. A NY Telephone tech could go to a Pacific Bell central office and almost instantly replace a local tech who was no longer available. When a disaster struck a significant part of the infrastructure, that very lack of diversity made it extremely simple to reroute traffic around the breakdown while it was rebuilt or repaired. We don't have the Bell System anymore but we sure do have a lot of diversity in our telecommunications environment. How would you rate your telephone service today compared to 25 years ago (assuming you are old enough). No one ever said the internet had to be secure. Nothing is intrinsically secure. Doors do not come with locks on them; you have to add your own security. If you have something to protect then you damn well better figure out how you are going to protect it. If you leave the protection to someone else and that protection fails, you have only yourself to blame. At some point consistency is much more important than diversity. Predictability is not necessarily a failing; often it is a blessing. HALinNY _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
