The pernicious characteristics of monocultures, by Paul Strassmann.
The following essay by a manager with clue, Paul Strassmann, is part of the special report on Internet security and hackers on the American public broadcaster PBS and worth reading. Source: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/threat.html === The purpose of this article is to explain the risks arising from a Microsoft software monoculture. The term "monoculture" is originally derived from agriculture. It is the practice of growing the same crop each year on a given acreage. Rotating crops helps control certain insects and diseases; farmers who repeatedly grow the same crop on the same land become increasingly dependent on chemical insecticides, and must resort to new disease-resistant plant varieties, and practice soil fumigation and similar methods of controlling insects and diseases that are usually controlled by crop rotation. If a large number of farmers, in proximate geography, adopt monoculture practices, even the dependency on chemical means will not be sufficient to protect the crops. Although the quantity of food is increased, the humans create an environment that is hospitable to vermin, pathogens, and diseases. Paradoxically, by increasing specialization monoculture farmers increase the threats to their food supply. The potentially destructive, injurious and deadly characteristics of monoculture practices are remarkably comparable to conditions one finds prevailing in computer networks. Therefore, it may be useful first to examine an agricultural case before venturing into an exploration of what it means to have Microsoft software present in most of the computers in the world. Agricultural Case: The Irish Potato Famine The "Great Potato Famine" or the "Irish Famine" occurred in 1845-49 when the potato crop failed in successive years. The crop failures were caused by blight that destroyed the potato plant. It was the worst famine to occur in Europe in the 19th century. By the early 1840s, almost one-half of the Irish population--but primarily the rural poor--had come to depend almost exclusively on the potato for their diet, and the rest of the population also consumed it in large quantities. A heavy reliance on just one or two high-yielding varieties of potato greatly reduced the genetic variety that ordinarily prevents the decimation of an entire crop by disease, and thus made the Irish vulnerable. In 1845 a fungus arrived accidentally from North America, and that same year Ireland had unusually cool, moist weather, in which the blight thrived. About 1.1 million people died from starvation or typhus and other famine-related diseases. Many emigrated, and by 1921 the population was barely half of what it had been in the early 1840s. The Software Case: Microsoft's Dominance Microsoft's dominance in operating systems represents a new threat to the national security and to the systematic reliability of our computer-based society. It is a fact that a large number of political institutions, both in the U.S. and in other countries, are becoming increasingly aware of the economic and security risks that arise from the ubiquitous presence of Microsoft. The U.S. government as well as a European Economic Community (EEC) Commission is trying to contain the expanding power of Microsoft by litigation. This is insufficient. One must also address the risks from attacks on a largely homogeneous systems management environment. Info-terrorists and criminals will continue to take advantage of the ever-growing proliferation of flaws in the gigantic Microsoft system, consisting of hundreds of millions of lines of failure-prone code. The Microsoft software monoculture is dangerous because this firm is pursuing its global expansion objectives with unconstrained ambition. Its strength is reflected in its share of all profits from the software business. That advantage has widened steadily from 24 percent in 1987 to 64 percent in 1998 and is likely to climb as Microsoft is expanding its reach as a vendor of software packages to becoming a networking services giant. In its recently announced .Net initiative, Microsoft has projected a vision of a world that is inter-connected with Microsoft centers from where each computer receives not only its operating software but also a continuous stream of data and applications. Microsoft now sets its sights not only on the control of local computing but also on the sources from which all program code and data originate. Upgrading Microsoft software has been a logical choice for customers who wished to keep up with changes in technology. The risks of an integrated family of operating systems running all global computers, a declared Microsoft objective, make selecting a Microsoft platform more than a purely technical choice. An all-encompassing operating system bares itself to hostile exploitation of paralyzing security flaws. The presence of a fatal defect is unavoidable as the complexity of Microsoft systems expands to bizarre proportions with each new release. It is the search for such a fault that occupies the minds of some of the brightest computer experts. Finding a crack through which one could induce mayhem with only a few keystrokes would be worth a great deal of money, especially when supporting an act of terrorism. Microsoft and the Information Monoculture It's only a question of time before the ubiquitous presence of Microsoft operating systems, supported by a software-updating network, reaches a level of interconnectivity that makes a universal systems crash feasible. All that will be required is inducement of a widespread information infrastructure collapse through a deliberately executed and pre-planned act of information warfare. The risk from a software monoculture has increased due to the shift from custom-made software to packaged applications residing on an integrated family of Microsoft operating systems. As a result, the risks from planned subversion of a software monoculture now overwhelm the demonstrable benefits of standardization of an otherwise chaotic software environment. The future of Microsoft should not be judged only by antitrust criteria or the commercial merits of its software. It should be also reflected in the unprecedented security risks to our civilization that a software monoculture generates. The Microsoft defense that it was only maximizing profits using common competitive methods is insufficient. Business practices that may be tolerable for a small competitor become perilous whenever scaled up to security-threatening proportions to global computer networks. Our computer-based information society is still in its early stages of development. Its resilience and dependability is still not adequately understood. If history teaches anything, it is the insight that monocultures of any kind--especially if they can propagate in a matter of seconds--should not be allowed to flourish without adequate safeguards. === Casper Aleva Dutch Security Information Network e: tonus@dsinet.org w: http://www.DSINet.org/ c: http://www.DSINet.org/casper/pubkey.txt == "Don't quote, I want to know what _you_ have to say." -Unknown
participants (1)
-
Casper Aleva