C|NET: "Web on watch for common enemies"
Strange article at news.cnet.com titled: Web on watch for common enemies Published: November 29, 2004, 4:00 AM PST By Robert Lemos Staff Writer, CNET News.com
See, the article begins with talking about a security flaw in Java that was disclosed last week. Starting from that point, the author goes to great lengths to make Java look like a huge lurking menace about to destroy the Internet. Huh?
The main theme is the danger of monoculture. The danger of Monoculture is that if everything is exactly the same, e.g. all organisms share exactly the same biology, then any flaw becomes deadly when an attacker works out a way to use that flaw. That's what a virus, either biological or computer virus, is, namely a mechanism that implements a methodology of using a particular flaw to attack and destroy targets. In a biological entity, you have several mechanisms in the biological makeup which ensure the entity's integrity, and any biological virus has in its actions an ability to bypass some form of protection.
If all organisms had the same biological protections, then if a virus comes along that effectively bypasses those biological protections, the virus can quickly wipe out all organisms before those organisms develop protection against the new virus.
The planet's ecosystem has developed a wide range of organisms, specifically to avoid monoculture problems like this.
The same danger does hold true for the Internet, and the author of the C|NET article is acting well to raise this danger. It's clear to me that he's targeting the wrong culprit, however.
If there's anything on the Internet that is a monoculture and that is causing a problem, it is clearly Microsoft Windows. Windows has 95% or more market share, and there is virus after virus after virus that exploits the many flaws in Microsoft Windows. The virus's regularly cause huge amounts of damage, and the Windows monoculture allows them to spread very rapidly. Further, the situation has spawned a whole industry of software makers who study Windows virus's and sell software that detects and removes them.
Compare that to Java's track record for a moment. Instead of the flaw-of-the-week that is evident on Windows, Java has such rare instances of security flaws that it's major news when they happen.
Maybe the C|NET author is too accustomed to the Windows virus threat to see it. This would be kind of like the psychological process that happens for kidnap victums, that they begin to identify with their kidnappers.
The C|NET authors major point is very valid - a monoculture is dangerous - that's one of the reasons I use Mac OS X for my personal computing needs.
(2004-11-29 11:36:10.0) Permalink
