General discussion


Does a Microsoft "monoculture" endanger security?

By debate ·
Do you agree with Jonathan Yarden that a Microsoft "monoculture" exists? Do you think it poses a threat to global Internet security? Does your organization rely primarily on Microsoft products? Share your comments about considering alternatives to Microsoft software, as discussed in the March 15 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Yes and yes.

by DC_GUY In reply to Does a Microsoft "monocul ...

I believe that the monoculture exists. Especially in the consumer market. Most people have resigned themselves to the level of service they get from computers running popular software. They assume that in order to get by in the Information Age, they simply have to learn to be competent software mechanics in addition to their regular jobs.

I believe this monoculture is a threat to civilization itself. We are passively allowing the "information infrastructure" to rapidly become essential to the functioning of the economy. Yet it is nowhere near as reliable as the plumbing, transportation, nutrition, or even communication infrastructures.

We are increasingly discovering that the security problems in the information infrastructure are caused by undetected and unrepaired software defects that have been in existence for six years or more, and have been passed down through two or three major system upgrades. What producer in any other industry could retain market share, much less dominate the market, by delivering products with defects that cause major disruptions in the business of its customers and the lives of its customers' clients? So frequently that each defect acquires a cute little nickname? Defects that it has failed to even notice, much less repair, since before the turn of the millennium?

American business is valiantly attempting to boost its IT shops up to higher levels on the SEI CMM in order to remain competitive in the world market. How can it do that if the software that underlies almost every one of its efforts is built by the "medieval guild" methodology of CMM Level One?

Collapse -

People are Missing the Whole Point

by evo_gsr In reply to Yes and yes.

I think people have been missing the point that in the first place, the basic rule of law whether written or not is that we shouldn't try breaking or stealing anything.

This is a case of say when you stumbled upon a house that had its door left open by accident or for some other reason - does that mean that it gives everyone the right to try and steal everything in the house?

Another question is - would you want to barricade your house with high walls, barbed wires, and several security personnel just to protect it? - similar to a jail house?

You see sometimes we blame others too much without thinking/reflecting on whether the premise that we are holding onto is correct or not.

Microsoft or be it other software companies are not to blame. Software was meant to aid people become more productive and provide ease on the stress of manual work. It's actually the hackers and other computer criminals that are at fault and they're the ones that we should get mad about.

Collapse -

Nice guys finish last

by M.W.S. In reply to People are Missing the Wh ...

Sorry that the world isn't living up to your standards, but it doesn't and probably never will.
Cars, houses, and businesses have locks and anti-theft systems. Banks have armoured glass and guards. The people who sell computer systems are aware of the threats to their customers caused by weakness in their code, and they are obligated to try to fix it. We pay them to do that, and we have a right to expect it.
There probably never will be a 100% secure operating system, the question is how hard should we expect a multi-billion dollar firm to work toward that goal?

Collapse -

People are NOT missing the point!

by jim.azeltine In reply to People are Missing the Wh ...

You said:
"This is a case of say when you stumbled upon a house that had its door left open by accident or for some other reason - does that mean that it gives everyone the right to try and steal everything in the house?"
That is not the point. People who buy MS OS's do so under the impression that "the house is locked", not that someone "left a door open by accident". The problem is that MS has left keys under many of the doormats and under rocks, and anybody with a brain and some determination can get in the house.

Collapse -

You still missed the point

by Underground_In_TN In reply to People are NOT missing th ...

You wrote, "People who buy MS OS's do so under the impression that 'the house is locked', not that someone 'left a door open by accident."

Oh, come one. With all the years of bad press about MS's insecure OS's, I really don't think that's the case. Even if it is, you are still blaming the home builder and home owner for not making the home secure enough, and you're not blaming the actual criminals who are breaking into the homes. That's like blaming the rape victim for her own rape, because she wore the wrong cloths and didn't carry enough mace or a handgun in her purse.

Collapse -

Too much point missing... How about some common sense?

by Tesla444 In reply to You still missed the poin ...

Your reason about 'not blaming the actual criminals' is correct,
up to a point. It seems to me that when Microsoft incompetence
or intent was realized 10 to 15 years ago the blame falls back to
them for not 'fixing the problems' that were clear at that time.
Clearly, it is their intent to NOT fix these problems. So once you
know (either MS or their customers) the blame does fall back on
them for making a conscious decision to use the systems they
know are flawed. Using your rape analogy, the victim is clearly
not to blame in the first incident but if she continues to put
herself in unsafe situations after that knowing the possible
consequences, she increases the risk of a 2nd rape... If she
apply's common sense about her activities, she minimizes the

MS system users ALL know the security issues with Microsoft
and they know that all Unix based systems (Unix, Linus, Mac,
etc.) are virtually 100% safe from forced entry and don't have any
of the countless security issues common in all Windows
products. So at this point I don't even think the 'rapist' can be
blamed, MS has made it a public issue for so long everyone
know of their questionable business practices and 'seive'
security issues. So the 'blame' can only fall back squarely on the
So the question is: Why would ANYONE use a Microsoft
system where ANY level of security is required???
Can anyone answer that question? I haven't seen any reasonable
answer to that question.

Collapse -

Actually I really like the rape analogy

by HAL 9000 Moderator In reply to Too much point missing... ...

Now I wonder how he explains who is responsible for Microsoft getting hit by the "Slammer" worm?

Well it wasn't the virus writer, it wasn't microsoft foe supplying a flawed product so it must be Microsoft's fault for not patching their servers. Right?

But back to reality if Microsoft couldn't keep their own systems up to date with the latest patches how can we as mere mortals be expected to do better then Microsoft?


Collapse -

That is just ridiculous

by keyguy13 In reply to Too much point missing... ...

Linux, Unix and Mac are not in any way impervious to forced entry. Every OS has its security flaws that can be and often are abused. Check out any study done on OS security and they all attest to this. They also state that the reason we see so much in the news about windows security is because windows machines are far more prevalent. That's just common sense. So if you're just looking to hack a system because you're some bored juvenile delinquent, you look for anything that can be hacked. There are alot more windows machines, people hate microsoft, people know microsoft products, so it stands to reason that they will be hacked more than linux or other OSes. Yes, it's true that windows has more inherant security flaws but that doesn't make linux or any other OS bullet proof by any means.

I don't think Microsoft ever intended to make computing insecure. Initially, back in the 80s there wasn't much of a concern for security by the average user and microsoft was focused on simply selling software that everyone would use. They were trying to make money. They did that. They did that better than anyone else out there. Now you have people that resent them for doing so well (even though they probably wouldn't be able to do half of what they do online or offline without them) out there hacking their systems and software. They are cutting off their noses to spite their face. I wish these stupid little punks would actually contribute something that makes a difference rather than focusing on vandalism. Ok, rant over.

Collapse -

Ridiculous is right in the wrong way

by pryan In reply to That is just ridiculous

Absolutely correct - no system is immune to security flaws. However, some are better than others. Absolutely correct that Microsoft were 'trying to make money' - they weren't interested in producing top quality software or systems, they were interested in blasting the competition and getting the goods to market. Now how would such a mentality promote inferior goods ?
Now, I think keyguy shows his true colors with the statement "though they (the users) probably wouldn't be able to do half of what they do online or offline without them". Microsoft brought goods to market, their record of inventiveness is less impressive. We wouldn't have had word processors (Word Perfect?). No web (Netscape, BSD Sockets, FTP, HTML et al ) ???. No servers (IBM, UNIX, LINUX et al ) ??? MS brought computing to the masses but they didn't invent computing and certainly the whole concept of dumbing down and churning out products to the lowest common denominator implies some sacrifice of reliabilty and/or security.
I would think that the concept of trying to create a world without criminals is unrealistic. So,for me, whether the criminal or the system is to blame, is a moot point. I want to protect my servers, not enter into some universal 'love in'. Microsoft products have serious flaws and the nature of their proprietry and monopolistic practises (sorry but they were found guilty of this in the US courts and are currently in the European courts for the same stuff) make it extremely difficult for me to do anything about fixing these problems - even though I have the training and the knowledge to do so in a more 'open' system such as Linux or Unix.
Is this forum about politics (ie: do you like Microsoft)or about reality (ie: are some products better than others?)

Collapse -

No, it's not ridiculous...

by felipe_alfaro In reply to That is just ridiculous

Windows is insecure and has a lot of worms and
viruses, not because it's, unfortunately, the
most used desktop OS, but becase:

a) It did ship with a firewall, but disabled by
b) It insists on defaulting to Administrator
privileges for newly created user accounts.
c) It's so stupid that it executes any code,
like scripts embedded in messages or ActiveX
controls from untrusted parties.
d) It's been programmed with ease of use in
mind, not security.

And I could go on and on.

Related Discussions

Related Forums