Early bird tickets for Baltimore’s BEST party on sale now!

Microsoft dominance creates dangerous digital monoculture

THE BALTIMORE SUN

AT FIRST GLANCE, computer scientists and plant researchers don't have much in common, but these days, they're both talking about the dangers of a monoculture.

The term comes from the world of biology, where it refers a single species of vegetation that covers a large area. A pine forest is a monoculture; so is the "perfect" lawn, or a county planted with one type of cotton.

When everything goes right, monocultures can be efficient. A farmer who grows only one crop has to buy one type of seed and fertilizer, one type of pesticide. He can harvest his grain with one type of tractor or combine.

The problem with a monoculture is that a single pest or disease can wreak havoc. A classic example is the boll weevil, which wiped out much of the cotton in Texas, Oklahoma, Alabama and Georgia in the late 19th and early 20th centuries. By destroying the sole crop in so many areas, it ruined their economies, too.

Another is the Dutch elm. Because so many streets, parks and walkways in American's cities and towns were planted with the stately trees, the fungus known as Dutch elm disease destroyed a huge proportion of the nation's urban tree cover after 1930 - almost 40 million trees.

So what does all this have to do with computers? The answer is Microsoft.

Critics say that Microsoft operating systems and software are so dominant on the desktop, and so prevalent in the back-end world of servers and business systems, that viruses, worms and other attacks can spread far more quickly and cause more widespread disruption than they would if the world of computing were more diverse. In other words, the dominance of Microsoft Windows has created a dangerous digital monoculture.

Although computer scientists have grumbled about this for years, the issue bubbled into the public consciousness in September, when a group of security experts, backed by the Computer & Communications Industry Association, issued a report warning that the growth of the Internet and Microsoft's hegemony (including its dominance on government desktops) posed a threat to national security.

This was particularly troublesome, they said, in light of Microsoft's miserable record of writing insecure software - and its frequent security patches, which corporate and individual users may or may not learn about or bother to install.

To be fair, the authors of the report and the trade group that backed them are longtime critics of Microsoft's monopoly. But their conclusions ring true. Just look how fast worms and viruses such as MyDoom, Bagle.a, Sobig, MsBlast and other recent invaders that target flaws in Windows have spread. That's a testament to the danger of a monoculture.

Even more disturbing: These attackers are becoming more sophisticated - by some estimates, a third of the spam that inundates our mailboxes is relayed by "zombie" programs planted on individual PCs without the owner's knowledge. A scheme like that can only succeed in a near-monoculture.

Want more bad news? Microsoft's most recent security patch, released this month, revealed a networking flaw so deep and so serious in Windows XP, NT, 2000 and Windows Server 2003 that it could allow even more serious attacks.

On top of that, hackers recently penetrated the system of a Microsoft contractor and stole large portions of the source code for Windows 2000 and NT - potentially exposing more vulnerabilities to virus and worm writers.

What's the solution? To critics, it would be a more "biodiverse" computing environment, with a better mixture of operating systems and software. But what are the chances of that? The only alternatives are the Apple's Macintosh operating system, and Linux or other variants of Unix.

Experts say both are more secure than Windows, but neither is perfect. Nor are any alternatives close to Windows in market penetration. Apple has less than 5 percent of the PC market, while Linux - popular for Web servers and other back-end systems - isn't a factor in the consumer world. It's hard to imagine a scenario in which either would threaten Microsoft's share of the desktop market.

Also, their relative safety lies in their obscurity. After all, who wants to write a virus for 5 percent of the market? If either were to make considerable inroads with users, it would generate far more interest among hackers, worm and virus writers than either has - and undoubtedly prove far less secure.

Nor are most customers likely to set up digitally biodiverse environments solely for security. A mixed bag of Windows, Mac and Linux machines might be harder to put out of business, but from a management standpoint, it's a nightmare to maintain and support. Ditto for home users. Do you want three kinds of computers with incompatible software and different user interfaces, in your house?

In defense of its monopoly, Microsoft notes that the operating system is only one part of the risk. The common Internet protocols that allow computers of all stripes to communicate with one another also create avenues for hacker attacks.

Consider HTML - the markup language used to generate Web pages. It's designed so that a Web page will be displayed the same way no matter what operating system you use. If you fall victim to a "phishing" scheme (an e-mail that entices you enter personal information in a form on a phony Web site that looks like your bank's or credit card company's), it doesn't matter what brand of computer you use. You're just as sunk.

The best thing we all can do is try to make our own systems secure. At home, that means:

Install a virus checker and update it regularly.

Consider a firewall - software that keeps hackers from directly attacking your PC and keeps rogue programs on your machine from communicating with the Net.

Don't be fooled into downloading any "helper" software from Web sites unless you're sure of the operator's bona fides.

Don't open any e-mail attachment unless you're sure of its authenticity - even stuff that appears to come from a friend. The most onerous worms and viruses are spread by people who click on these booby traps. And neither the government nor Microsoft can outlaw stupidity.

Lesser dangers of the electronic age: Last week, it was my turn to change the batteries in our smoke detectors. After the usual grumbling, climbing on chairs and wrestling ladders, I finished the last one, slipped the used 9-volt battery into my pocket and forgot about it.

An hour later, sitting at my computer, I felt a burning spot on my right leg. Jumping up, I stuck my hand in my pocket and my fingers ran into a handful hot coins - and a hotter battery. I'm sure the next minute of hopping and change-flinging would have qualified for America's Stupidest Home Videos.

What happened: A 9-volt battery has positive and negative terminals on the same end. And they're close enough to be bridged by any coin of our realm.

When I sat down, a coin must have bridged the terminals and gotten stuck there, creating a short circuit that produced a heck of a lot more heat than I ever thought a little battery could generate - particularly a nearly-dead one.

So, if you have to get rid of a 9-volt, be careful where you put it.

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad
57°