Microsoft dominance creates dangerous digital monoculture

February 19, 2004|By MIKE HIMOWITZ

AT FIRST GLANCE, computer scientists and plant researchers don't have much in common, but these days, they're both talking about the dangers of a monoculture.

The term comes from the world of biology, where it refers a single species of vegetation that covers a large area. A pine forest is a monoculture; so is the "perfect" lawn, or a county planted with one type of cotton.

When everything goes right, monocultures can be efficient. A farmer who grows only one crop has to buy one type of seed and fertilizer, one type of pesticide. He can harvest his grain with one type of tractor or combine.

The problem with a monoculture is that a single pest or disease can wreak havoc. A classic example is the boll weevil, which wiped out much of the cotton in Texas, Oklahoma, Alabama and Georgia in the late 19th and early 20th centuries. By destroying the sole crop in so many areas, it ruined their economies, too.

Another is the Dutch elm. Because so many streets, parks and walkways in American's cities and towns were planted with the stately trees, the fungus known as Dutch elm disease destroyed a huge proportion of the nation's urban tree cover after 1930 - almost 40 million trees.

So what does all this have to do with computers? The answer is Microsoft.

Critics say that Microsoft operating systems and software are so dominant on the desktop, and so prevalent in the back-end world of servers and business systems, that viruses, worms and other attacks can spread far more quickly and cause more widespread disruption than they would if the world of computing were more diverse. In other words, the dominance of Microsoft Windows has created a dangerous digital monoculture.

Although computer scientists have grumbled about this for years, the issue bubbled into the public consciousness in September, when a group of security experts, backed by the Computer & Communications Industry Association, issued a report warning that the growth of the Internet and Microsoft's hegemony (including its dominance on government desktops) posed a threat to national security.

This was particularly troublesome, they said, in light of Microsoft's miserable record of writing insecure software - and its frequent security patches, which corporate and individual users may or may not learn about or bother to install.

To be fair, the authors of the report and the trade group that backed them are longtime critics of Microsoft's monopoly. But their conclusions ring true. Just look how fast worms and viruses such as MyDoom, Bagle.a, Sobig, MsBlast and other recent invaders that target flaws in Windows have spread. That's a testament to the danger of a monoculture.

Even more disturbing: These attackers are becoming more sophisticated - by some estimates, a third of the spam that inundates our mailboxes is relayed by "zombie" programs planted on individual PCs without the owner's knowledge. A scheme like that can only succeed in a near-monoculture.

Want more bad news? Microsoft's most recent security patch, released this month, revealed a networking flaw so deep and so serious in Windows XP, NT, 2000 and Windows Server 2003 that it could allow even more serious attacks.

On top of that, hackers recently penetrated the system of a Microsoft contractor and stole large portions of the source code for Windows 2000 and NT - potentially exposing more vulnerabilities to virus and worm writers.

What's the solution? To critics, it would be a more "biodiverse" computing environment, with a better mixture of operating systems and software. But what are the chances of that? The only alternatives are the Apple's Macintosh operating system, and Linux or other variants of Unix.

Experts say both are more secure than Windows, but neither is perfect. Nor are any alternatives close to Windows in market penetration. Apple has less than 5 percent of the PC market, while Linux - popular for Web servers and other back-end systems - isn't a factor in the consumer world. It's hard to imagine a scenario in which either would threaten Microsoft's share of the desktop market.

Also, their relative safety lies in their obscurity. After all, who wants to write a virus for 5 percent of the market? If either were to make considerable inroads with users, it would generate far more interest among hackers, worm and virus writers than either has - and undoubtedly prove far less secure.

Nor are most customers likely to set up digitally biodiverse environments solely for security. A mixed bag of Windows, Mac and Linux machines might be harder to put out of business, but from a management standpoint, it's a nightmare to maintain and support. Ditto for home users. Do you want three kinds of computers with incompatible software and different user interfaces, in your house?

In defense of its monopoly, Microsoft notes that the operating system is only one part of the risk. The common Internet protocols that allow computers of all stripes to communicate with one another also create avenues for hacker attacks.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.