Businesses, like people, are developing an immunity to
the viruses going around, says Simon Moores.
Biology teaches us that species with little genetic
variation called monocultures are the most vulnerable to
catastrophic epidemics.
Populations that share a single fatal flaw, such as the lack of
immunity to smallpox, can and have been wiped out by a virus
capable of exploiting that flaw.
Genetic diversity in the population increases the chances of
survival, and the same can be said of software in today’s
increasingly connected but hostile environment.
A PC sneezes in China and 12 hours later, 100 million computers
decide to call in sick with the flu.
When copies of the Windows source code escaped
into the wild last week, observers started to worry that the stolen
code would provide a potential springboard for even more serious
virus and worm exploits than those we have witnessed over the past
12 months.
A great many people are showing remarkable
interest in the code, but Microsoft’s so-called "proprietary code"
isn’t as close a secret as many people think it is. After all, it’s
been shared with partners and governments for a long time now and
this is, of course, how some of the code entered the public domain
this month.
Unless you happen to be using a Mac or have
hand-coded and installed your own Linux PC, then the end of the
world is near, or to quote Dad's Army's Private Frazer, "We're
doomed."
But are we? I am not sure.
Information security is not just a simple
matter of increasing biodiversity in the software industry. If we
remember back to the 1980s, biodiversity was a problem in its own
right, particularly among network operating systems. The industry
has a habit of moving towards a tighter and smaller set of
standards and protocols that everyone eventually subscribes to,
which in turn, creates its own Achilles heel.
If we concede that all software is vulnerable
to attack, and some software is more vulnerable and more popular
than others, then the biological model should, in theory, have
Windows superseded by another and more resistant strain of
software, and when that one catches cold another follows.
But life doesn’t work quite that way. Security
represents a complex mixes of processes, technologies and human
factors.
Neither Windows or Linux are standing still.
Patches and products such as Windows Server 2003, are the
equivalent of antibodies. Over time, what we are likely to witness
is the arrival of a living operating system which responds to
threats through anti-virus software and patches until the arrival,
of the perfectly secure software environment, the foundation, at
least, for Microsoft’s own Next Generation Secure Computing Base
(NGSCB).
Let’s face it, Windows is getting hammered by
one attack after the other, but talk to most chief security
officers and they’ll tell you that since Blaster, most attacks are
bouncing off much better security processes that have locked down
the Windows environment.
This month, Netcraft reports that the number
of host names found by its web server survey running Windows Server
2003 overtook Windows NT 4.0 and that more than 1.25 million
hostnames are now running on Windows 2003, a 283% increase since
August of 2003.
Compared with September last year, this also
shows the majority of the sites to have migrated from Windows 2000
(534,000), but also 55,000 of the sites to have migrated from
Linux, 56,000 from FreeBSD and 8,000 from Solaris, with 272,000 of
the host names running Win2003 new sites not previously running a
different operating system.
So, while viruses and worms proliferate,
businesses are not standing still and are taking their own
evolutionary approach towards better security.
The Microsoft monoculture may prevail, and
faced with this fact of life, businesses are growing a much thicker
skin to protect their information assets, which makes the presence
of a software monoculture less of a doomsday threat than we might
think it is.
What do you think?
What do you have in place to keep the viruses at bay?
Tell us in an e-mail >>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas of eGovernment and information
security.
For further information on Zentelligence and its research,
presentation and analyst services visitwww.zentelligence.com