| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
`Monoculture' debate hits Microsoft | |
|
||
| Time: 11:26 EST/16:26 GMT | News Source: The Star | Posted By: Byron Hinson | ||
|
Dan Geer lost his job, but gained his audience. The very idea that got the computer security expert fired has sparked serious debate in information technology. The idea, borrowed from biology, is that Microsoft Corp. has nurtured a software "monoculture" that threatens global computer security. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 250 Last | Next |
The time now is
3:59:45 PM
ET.
Any comment problems? E-mail us |
| #1 By 665 (64.126.80.41) at 2/15/2004 2:04:46 PM |
|
I think you are wrong parker. You say if each OS, router, firewall, etc. had written their own SSL routines the problem wouldn't have been so pervasive. That's true. However, if someone finds a flaw within Windows, there is a reasonably high possibility that the vulnerability may be found in most other Windows operating systems. So whereas in your example you are speaking about near 100% of the computers being vulnerable, if a vulernability is found that affects Windows 98, 2000 and XP, you have about 95% of the market share there. If you ask me, that's just as bad.
I usually back Microsoft and their security efforts, but their recent fix which took 200 days to release gives it a horrible imagine. In Microsoft's defense, the vulnerability was never used (that we know of). I bet it would have been dramatically sped up if the vulnerability were to go public. Anyway, that's where I stand. |
| #2 By 665 (64.126.80.41) at 2/15/2004 2:45:50 PM |
| I think your problem would be more related to liscenced software, not open source software. The problem you have observed could just as easily have been closed source. |
| #3 By 11888 (64.230.91.212) at 2/15/2004 3:09:10 PM |
|
#4, Exactly.
The pervasiveness of the problem wasn't a result of open source, but the that everyone was using the same code. Hence the discussion about monoculture here. Whether it was open source or not, all the parties involved could have just as easily licensed the same closed source code. |
| #4 By 135 (208.186.90.168) at 2/15/2004 4:37:24 PM |
|
Problem with the monoculture argument...
If a biological breed is susceptible to some disease, it takes a very long time to work against that. Years developing a drug, or a new breed that is less susceptible, etc. With software, it takes about an hour to patch. It used to be we'd have similar issues with hardware. You get a bad design out there, you have millions of units and they aren't easily fixable. You have to recall all of them, and send out new units. But because software is so easy to fix, we are now finding hardware manufacturers use flash memory. No more need to recall and build a new unit, now we just send out a software update and fix the problem. Sorry, but this monoculture argument is questionable at best. It's something put forth by people seeking desperately to find a question for their answer. |
| #5 By 12071 (203.185.215.149) at 2/15/2004 6:55:39 PM |
|
"True diversity, Charney said, would require thousands of different operating systems, which would make integrating computer systems and networks virtually impossible."
Yes, as long as companies "embrace and extend" standards then it will be virtually impossible, if on the other hand they simply follow the standards then everything will be fine. The internet manages to run just fine and it has the largest array of OS and hardware hook up to it. "They would require, for example, banning from the Internet computers whose software hasn't been updated with the latest anti-virus patches." This is a TAD drastic! #1 "If each of those had wrote their own SSL routines, it wouldn't have been so pervasive a problem." So why didn't Microsoft write their own then? Why in the world are they using someone else's code? Is it because that many developers believe in not re-writing the wheel? And how is this an Open Source issue? Would this vulnerability be any different if Microsoft used code from a commerical company? No it would not. You really need to stop and think before you see something potentially negative about Microsoft and then yelling out "no no! it's an open source issue!". Your criticism of ASN.1 vulnerability is absolutely no different to a remote exploit being found in IE's HTML rendering engine. Such an exploit would not only affect every single copy of Windows (94% of the desktop world or thereabouts) but also every single application that makes use of IE's HTML rendering engine, e.g. MS Money and the thousands of other application out there. Is your answer to all these people, "hey, if you written your own rendering engine you'd be unaffected!"? I don't know how accurately you can compare the monoculture of software in the biological sense, but there are some valid points made here. Monoculture in general is probably NOT the best thing, and it doesn't matter whether ir's closed source (aka potentially leaked source) or open source. The problem is common to both methodologies! #6 "With software, it takes about an hour to patch." Is this the time required to apply the patch once it's been released? Otherwise that should be 200 days and 1 hour. |
| #6 By 2960 (156.80.64.137) at 2/16/2004 8:32:29 AM |
|
"With software, it takes about an hour to patch. "
Or, maybe 200 days :) TL |
|
Write Comment
Return to News |
Displaying 1 through 25 of 250 Last | Next |
The time now is
3:59:45 PM
ET.
Any comment problems? E-mail us |
