Use more than one operating system to limit the impact of malicious code attacks
In enterprise computing, a diverse
operating system environment is more resistant to infection.
Enterprises hit by SQL Slammer and MSBlast should consider the
security benefits of using more than one desktop operating system,
write Gartner analysts Ray Wagner and John Pescatore.
The most effective enterprise security strategy is preventing
attacks by selecting, developing, deploying and maintaining systems
that eliminate or shield vulnerabilities. However, anything that
can go wrong will go wrong, and the majority of computer systems
will experience some level of intrusion at some point.
You must take action to limit the impact of successful attacks.
Supporting diversity of operating systems, especially on the
desktop, has numerous security benefits, but it comes at an
operational cost. Many enterprises that were damaged by the SQL
Slammer and MSBlast worms will find that the benefits of moving
some groups of users to diverse operating systems will outweigh the
cost.
The upsurge in malicious-code attacks that target Windows, which is
used on more than 90% of enterprise desktops, highlights the urgent
need for enterprises to improve the security of their computers.
Many businesses experienced significant operational damage because
of extended downtime caused by those attacks.
Companies that had invested in strong desktop management
capabilities and deployed centrally managed personal firewalls to
every desktop did not suffer serious damage from the Slammer,
MSBlast and Sobig attacks of the summer.
In the future, however, "day zero" attacks (attacks that occur
before the software supplier has issued a patch) will increase.
Thus, simply patching faster will never be good enough. By 2006,
the percentage of attacks that occur before the majority of
enterprises can successfully install patches will increase to 30%,
from 15% in 2003, according to Gartner's research.
Alternative operating systems
Enterprises that maintain 10% or more of their desktops on an
alternative operating system, such as Linux or Macintosh OS, are
much less vulnerable to business outages than those that use only
one operating system, such as Windows.
By spreading critical business functions across multiple desktop
platforms, or by maintaining key operating groups on separate
platforms, you can enhance your ability to keep at least some of
your key personnel and processes functioning and communicating
during an attack.
Security benefits of diversity
In nature, a forest that consists of only one type of tree is
vulnerable to complete defoilage if an infection hits that tree
species. How ever, if the forest has many varieties of trees, no
single infection can cause catastrophic damage. Similarly, the
adoption of a diverse operating system environment offers three key
benefits to enterprises:
- Containment of malicious-code attacks
- It puts competitive pressure on Microsoft
- It encourages the spread of technological innovation from one platform to another.
Containment of malicious code
The most-damaging virus and worm attacks target vulnerabilities in
the Windows operating system. These blended threats exploit the
continuing stream of Windows flaws to attack other Windows PCs and
servers, causing outages to enterprise IT systems.
Providing alternative desktop operating systems to critical IT
staff helps to prevent attacks spreading across the business. These
personnel can communicate and manage the network, and at least some
core business processes can continue to function, greatly reducing
the impact of an attack.
Enterprises that maintain 20% of their desktops on alternative
platforms will experience a 50% reduction in the scope of the
business impact of worm attacks, according to Gartner's
research.
Pressure on Microsoft
Competition is always healthy for enterprise security because it
leads to more pressure on suppliers to meet businesses' security
needs with innovation. If you make enterprise-wide security a key
criterion in choosing operating systems, suppliers will build more
secure products.
If the impact of Windows security flaws enables Linux or the
Macintosh operating system to achieve a small, but significant,
portion of the desktop operating-system market - at least 10% -
Microsoft will be forced to respond by intensifying its efforts to
make its platforms more secure. These efforts also will benefit
enterprises because the vast majority of their desktops will remain
on Windows.
Spread of innovation
The Windows operating system is hindered by 15 years' worth of
legacy code, which limits Microsoft's ability to make radical
advances in security.
Microsoft has continued to embed more functionality and application
integration in the Windows operating system, greatly increasing its
complexity - and complexity is one of the enemies of
security.
Other operating systems do not carry this baggage; thus, they are
in a better position to develop and deploy innovative security
approaches. Microsoft will be able to use its strength in
"embracing and extending" such innovation to speed the increase in
security in the Windows platform.
Enterprises benefit doubly when operating system alternatives and
Windows both improve in security.
Security through obscurity?
Unix-based web servers that run the Apache web server have twice
the internet market share of Windows-based web servers. However,
the Windows-based web servers have been successfully attacked at
nearly twice the rate of the Unix-based servers because attackers
are drawn to easy targets, and the stream of critical security
vulnerabilities in Windows servers has made it "low-hanging
fruit".
Attackers will target holes in non-Microsoft products as well, as
the Slapper worm (which targeted Apache servers) shows. Moving to a
combination of desktop operating systems mitigates the damaging
effects of, but does not eliminate, cyberattacks.
However, moving all enterprise users off Windows is not the answer.
Until an alternative operating system achieves 20% adoption in
enterprises, most attackers would not be motivated to develop worms
or viruses because their "shock value" and the attendant publicity
would be limited.
Once it reached more than 20% adoption, the alternative desktop
operating system would begin to experience significant levels of
attack. If it reached 30% adoption, it likely would suffer an
attack rate almost equal to that for Windows.
Of course, once an alternative operating system achieved that level
of adoption, providers of firewall and anti-virus technologies
would be motivated to develop protective products with new and
innovative approaches. Those innovations could be mirrored on
Windows platforms.
Maintaining some corporate users on non-Windows desktops offers a
huge advantage in terms of attack avoidance because the most
popular target for virus and worm writers will always be the
consumer desktop. If the corporate desktop is on a different
platform from the consumer desktop, the majority of mass-attack
worms will be avoided.
Enterprises that stay away from products that are used by the
consumer market will avoid attacks - just as trucking companies
would not be affected by a recall of flawed automobile tyres.
Diversity has significant costs
A diverse desktop environment is not the best choice for all
businesses. Diversity offers "survivability" from attacks, but it
also generates numerous challenges for IT organisations.
Gartner has found that the total cost of ownership for
heterogeneous computing environments is significantly higher than
for single-system enterprises. Multiple operating systems
inevitably require multiple IT skill sets for administration and
management - staff with those skill sets will be more
expensive.
The technical and organisational demands of administering multiple
operating systems also present security problems. It may prove
difficult - not merely expensive - for IT organisations to develop
the necessary skills and management systems to administer more than
one operating system at the desktop level. This skills deficit may
result in implementation and management errors.
Gartner research has shown that two thirds of successful attacks
take advantage of misconfigured systems. Tight administration of a
single operating system provides more security than sloppy
administration of multiple operating systems.
Enterprises that use significant numbers of fat-client applications
that are tied to Windows desktop operating systems may find that
alternative platforms are unfeasible. Businesses that have no Unix-
or Linux-based servers in place, or support no Macintosh desktops,
may find that the costs of migrating to and maintaining a diverse
environment are simply too high to even consider.
Enterprises that found that their desktop management and personal
firewall strategies protected them from the impact of Slammer and
MSBlast will find that the high costs of diversity are not needed
for sufficient enterprise security.
Enterprises that lock down desktops, have centrally managed
personal firewalls installed on every PC, and can push out critical
patches to all desktops in less than two weeks after patch release
will be safe from most attacks. However, attacks that happen before
a patch is released will continue to be a threat. In addition,
partially connected desktops are difficult to patch quickly, and to
keep patched.
A simple plan for security
Targeted adoption of a heterogeneous computing environment offers
significant security value for some enterprises.
Include the impact of recent worm attacks in your considerations of
desktop operating system choices. A simple way to begin this
process is to move the elements of the IT organisation that do not
directly support Windows desktops and that do not require
applications that are only supported on Windows onto an alternative
operating system or systems.
Thus, if a malicious-code attack strikes Windows, the desktops that
run the alternative systems can function and can reduce the scope
and duration of the attack.
www.gartner.com
