Skip to main content
Take Two Aspirin

I always believed that a monoculture preceded a dictatorship, at least in a political sense but perhaps I was wrong, because it is a term now increasingly connected with Microsoft by those who fear a future of cascading failures brought about by our reliance on the closed genetic sequence of the Windows Operating System.

Biology teaches us that species with little genetic variation, called monocultures, are the most vulnerable to catastrophic epidemics. Populations that share a single fatal flaw, such as the lack of immunity to smallpox, can and have been wiped out by a virus capable of exploiting that flaw, as happened in the Americas following the arrival of the Columbus. Genetic diversity in the population increases the chances of survival and the same can be said of software in today’s increasingly connected but hostile environment. A PC sneezes in China and twelve hours later, 100 million computers decide to call in sick with the flu.

When copies of the Windows source code escaped into the wild last week, observers started to worry that the stolen code would provide a potential springboard for even more serious virus and worm exploits than those we have witnessed over the last twelve months. It’s possible, as the records appear to show that a great many people are showing remarkable interest in the code but at the same time, Microsoft’s so-called ‘proprietary code’ isn’t as close a secret as many people think it is. After all, it’s been shared with partners and governments for a long time now and this is of course how some of the code entered the public domain, for the benefit of the curious, this month.

Back to the argument then. Unless instead of Windows, you happen to be using a Macintosh or have hand-coded and installed your own Linux PC, then the end of the world is near or to quote Dad’s Army’s ‘Private Frazer’, “We’re Doomed”.

But are we, I’m not so sure. Information security is not just a simple matter of increasing biodiversity in the software industry. If we remember back to the 1980’s then biodiversity was a problem in its own right, particularly among network Operating Systems and the industry has a habit, over time of moving towards a tighter and smaller set of standards and protocols that everyone eventually subscribes to and which in turn, creates its own ’Achilles Heel’.

If we concede that all software is vulnerable to attack and some software is more vulnerable and more popular than others then the biological model should in theory have Windows superseded by another and more resistant strain of software and when that one catches cold another follows. But life doesn’t work quite that way and security represents a complex mixes of processes, technologies and human factors. Neither Windows nor Linux are standing still. Patches and products such as Windows Server 2003, are the equivalent of antibodies and over time, what we are likely to witness is the arrival of a living Operating System, which increasingly responds to threats through anti-virus software and patches until the arrival, one day of the perfectly secure software environment, the foundation at least for Microsoft’s own Next Generation Secure Computing Base (NGSCB).

Let’s face it, Windows is getting hammered by one attack after the other but talk to most CSO’s and they’ll tell you that since Blaster, most attacks are bouncing off much better security processes that have locked-down the Windows environment.

This month Netcraft report that the number of hostnames found by its Web Server Survey running Windows Server 2003 overtook Windows NT 4.0 and that over 1.25 million hostnames are now running on Windows 2003, a 283% increase since August of 2003.

Comparing this with September of last year also shows the majority of the sites to have migrated from Windows 2000 (534,000), but also 55,000 of the sites to have migrated from Linux, 56,000 from FreeBSD and 8,000 from Solaris, with 272,000 of the hostnames running Win2003 new sites not previously running a different operating system.

So while viruses and worms proliferate, businesses are not standing still and are taking their own evolutionary approach towards better security. The Microsoft monoculture may prevail and faced with this fact of life, businesses are increasingly growing a much thicker skin to protect their information assets, which makes the presence of a software monoculture less of a doomsday threat than we might think it is.


Popular posts from this blog

Mainframe to Mobile

Not one of us has a clue what the world will look like in five years’ time, yet we are all preparing for that future – As  computing power has become embedded in everything from our cars and our telephones to our financial markets, technological complexity has eclipsed our ability to comprehend it’s bigger picture impact on the shape of tomorrow.

Our intuition has been formed by a set of experiences and ideas about how things worked during a time when changes were incremental and somewhat predictable. In March 1953. there were only 53 kilobytes of high-speed RAM on the entire planet.

Today, more than 80 per cent of the value of FTSE 500* firms is ‘now dark matter’: the intangible secret recipe of success; the physical stuff companies own and their wages bill accounts for less than 20 per cent: a reversal of the pattern that once prevailed in the 1970s. Very soon, Everything at scale in this world will be managed by algorithms and data and there’s a need for effective platforms for ma…

Civilisational Data Mining

It’s a new expression I haven’t heard before. ‘Civilisational data mining.’

Let me start by putting it in some context. Every character, you or I have typed into the Google search engine or Facebook over the last decade, means something, to someone or perhaps ‘something,’ if it’s an algorithm.

In May 2014, journalists revealed that the United States National Security Agency, the NSA, was recording and archiving every single cell-phone conversation that took place in the Bahamas. In the process they managed to transform a significant proportion of a society’s day to day interactions into unstructured data; valuable information which can of course be analysed, correlated and transformed for whatever purpose the intelligence agency deems fit.

And today, I read that a GOP-hired data company in the United States has ‘leaked’ personal information, preferences and voting intentions on… wait for it… 198 million US citizens.

Within another decade or so, the cost of sequencing the human genome …

The Big Steal

I’m not here to predict the future;” quipped the novelist, Ray Bradbury. “I’m here to prevent it.” And the future looks much like one where giant corporations who hold the most data, the fastest servers, and the greatest processing power will drive all economic growth into the second half of the century.

We live in an unprecedented time. This in the sense that nobody knows what the world will look like in twenty years; one where making confident forecasts in the face of new technologies becomes a real challenge. Before this decade is over, business leaders will face regular and complex decisions about protecting their critical information and systems as more of the existing solutions they have relied upon are exposed as inadequate.

The few real certainties we have available surround the uninterrupted march of Moore’s Law - the notion that the number of transistors in the top-of-the-line processors doubles approximately every two years - and the unpredictability of human nature. Exper…