1. Computing

Microsoft Monoculture

By

The Microsoft Windows operating system (OS) is fairly ubiquitous. Around the globe a good percentage of computers in existence use some version of the Windows OS.

In general this is not a problem. However, when a flaw is discovered in the Windows operating system or one of its components it provides a very "target-rich" environment for malicious attacks or for viruses and worms to spread rapidly.

There are really two parts to the issue. 1) Is it good security practice to have such a large percentage of machines all running essentially the same operating system, and 2) If you are going to run in an operating system "monoculture", should the OS itself be less flawed.

Vulnerabilities that are discovered in Microsoft Windows tend to generate a lot of press. It is necessary to some degree. With so many machines around the world being vulnerable to whatever the newly discovered flaw is, it is imperative to get the word (and the patch or fix for the problem) out as quickly as possible. But, the Microsoft-bashers love to point out how Linux or Apple's OS X are not vulnerable to whatever the exploit du jour is on the Microsoft platform as well.

What they don't generally tell you is that these other platforms have their issues as well. Often the flaws lie in application or utilities that are included in the operating system rather than the operating system itself, and these utilities are often created by 3rd parties not connected with the operating system. So, it would be an accurate statement in my opinion to say that the actual operating systems are more secure or less vulnerability prone than Windows. However, because these utilities are included and installed by default in most cases they still make the overall system vulnerable.

In my opinion- it comes down to the user knowing enough about their own system to keep it protected, regardless of what operating system it is. Read on to see other opinions on this hot topic.

Latest Developments

Background

When worms like the MSBlast (and / or Nachi) worm that struck the Windows operating system world in August of 2003 hit, many question the logic of continuing to rely on such a seemingly flawed operating system to run the majority of computer systems worldwide.

The CCIA (Computer & Communications Industry Association) released a paper titled CyberInsecurity: The Cost of Monopoly (How The Dominance of Microsoft Products Poses a Risk to Security). Authored by a group including many highly respected information security experts such as Dan Geer, Rebecca Bace and Bruce Schneier, this paper has drawn quite a bit of attention.

The basic premise of the paper is that because of its near-monopoly position in the world of operating systems, Microsoft Windows poses a significant risk to the security and stability of computing globally. A single virus or worm could impact or even wipe out a significant number of computers.

There are those who oppose this point of view however. That is not to say that they favor everyone in the world running the exact same version of Microsoft Windows- just that they feel that the analogy used in the paper is simplistic and does not represent reality.

Marcus Ranum, "father" of the proxy firewall, Senior Scientist at security firm TruSecure and author of The Myth of Homeland Security, in particular offers a paper which illustrates how an analogy can be used to prove a point, but that the point will only be valid in that analogous world- not reality.

Read on for some excerpts from both the CCIA paper and Marcus Ranum's counter-paper and form your own opinion on the subject. Is Microsoft Monoculture dangerous to the security of the computing world at large? Or, is Microsoft Monoculture really just anti-Microsoft hype aimed at trying to depose the King of the Hill? You can jump into the Forums to discuss your thoughts and opinions here: Microsoft Monoculture.

©2014 About.com. All rights reserved.