In enterprise computing, a diverse operating system environment is more resistant to infection. Enterprises hit by SQL Slammer and MSBlast should consider the security benefits of using more than one desktop operating system, write Gartner analysts Ray Wagner and John Pescatore. The most effective enterprise security strategy...
is preventing attacks by selecting, developing, deploying and maintaining systems that eliminate or shield vulnerabilities. However, anything that can go wrong will go wrong, and the majority of computer systems will experience some level of intrusion at some point. You must take action to limit the impact of successful attacks. Supporting diversity of operating systems, especially on the desktop, has numerous security benefits, but it comes at an operational cost. Many enterprises that were damaged by the SQL Slammer and MSBlast worms will find that the benefits of moving some groups of users to diverse operating systems will outweigh the cost. The upsurge in malicious-code attacks that target Windows, which is used on more than 90% of enterprise desktops, highlights the urgent need for enterprises to improve the security of their computers. Many businesses experienced significant operational damage because of extended downtime caused by those attacks. Companies that had invested in strong desktop management capabilities and deployed centrally managed personal firewalls to every desktop did not suffer serious damage from the Slammer, MSBlast and Sobig attacks of the summer. In the future, however, "day zero" attacks (attacks that occur before the software supplier has issued a patch) will increase. Thus, simply patching faster will never be good enough. By 2006, the percentage of attacks that occur before the majority of enterprises can successfully install patches will increase to 30%, from 15% in 2003, according to Gartner's research.
Alternative operating systems
Enterprises that maintain 10% or more of their desktops on an alternative operating system, such as Linux or Macintosh OS, are much less vulnerable to business outages than those that use only one operating system, such as Windows.
By spreading critical business functions across multiple desktop platforms, or by maintaining key operating groups on separate platforms, you can enhance your ability to keep at least some of your key personnel and processes functioning and communicating during an attack.
Security benefits of diversity
In nature, a forest that consists of only one type of tree is vulnerable to complete defoilage if an infection hits that tree species. How ever, if the forest has many varieties of trees, no single infection can cause catastrophic damage. Similarly, the adoption of a diverse operating system environment offers three key benefits to enterprises:
- Containment of malicious-code attacks
- It puts competitive pressure on Microsoft
- It encourages the spread of technological innovation from one platform to another.
Containment of malicious code
The most-damaging virus and worm attacks target vulnerabilities in the Windows operating system. These blended threats exploit the continuing stream of Windows flaws to attack other Windows PCs and servers, causing outages to enterprise IT systems.
Providing alternative desktop operating systems to critical IT staff helps to prevent attacks spreading across the business. These personnel can communicate and manage the network, and at least some core business processes can continue to function, greatly reducing the impact of an attack.
Enterprises that maintain 20% of their desktops on alternative platforms will experience a 50% reduction in the scope of the business impact of worm attacks, according to Gartner's research.
Pressure on Microsoft
Competition is always healthy for enterprise security because it leads to more pressure on suppliers to meet businesses' security needs with innovation. If you make enterprise-wide security a key criterion in choosing operating systems, suppliers will build more secure products.
If the impact of Windows security flaws enables Linux or the Macintosh operating system to achieve a small, but significant, portion of the desktop operating-system market - at least 10% - Microsoft will be forced to respond by intensifying its efforts to make its platforms more secure. These efforts also will benefit enterprises because the vast majority of their desktops will remain on Windows.
Spread of innovation
The Windows operating system is hindered by 15 years' worth of legacy code, which limits Microsoft's ability to make radical advances in security.
Microsoft has continued to embed more functionality and application integration in the Windows operating system, greatly increasing its complexity - and complexity is one of the enemies of security.
Other operating systems do not carry this baggage; thus, they are in a better position to develop and deploy innovative security approaches. Microsoft will be able to use its strength in "embracing and extending" such innovation to speed the increase in security in the Windows platform.
Enterprises benefit doubly when operating system alternatives and Windows both improve in security.
Security through obscurity?
Unix-based web servers that run the Apache web server have twice the internet market share of Windows-based web servers. However, the Windows-based web servers have been successfully attacked at nearly twice the rate of the Unix-based servers because attackers are drawn to easy targets, and the stream of critical security vulnerabilities in Windows servers has made it "low-hanging fruit".
Attackers will target holes in non-Microsoft products as well, as the Slapper worm (which targeted Apache servers) shows. Moving to a combination of desktop operating systems mitigates the damaging effects of, but does not eliminate, cyberattacks.
However, moving all enterprise users off Windows is not the answer. Until an alternative operating system achieves 20% adoption in enterprises, most attackers would not be motivated to develop worms or viruses because their "shock value" and the attendant publicity would be limited.
Once it reached more than 20% adoption, the alternative desktop operating system would begin to experience significant levels of attack. If it reached 30% adoption, it likely would suffer an attack rate almost equal to that for Windows.
Of course, once an alternative operating system achieved that level of adoption, providers of firewall and anti-virus technologies would be motivated to develop protective products with new and innovative approaches. Those innovations could be mirrored on Windows platforms.
Maintaining some corporate users on non-Windows desktops offers a huge advantage in terms of attack avoidance because the most popular target for virus and worm writers will always be the consumer desktop. If the corporate desktop is on a different platform from the consumer desktop, the majority of mass-attack worms will be avoided.
Enterprises that stay away from products that are used by the consumer market will avoid attacks - just as trucking companies would not be affected by a recall of flawed automobile tyres.
Diversity has significant costs
A diverse desktop environment is not the best choice for all businesses. Diversity offers "survivability" from attacks, but it also generates numerous challenges for IT organisations.
Gartner has found that the total cost of ownership for heterogeneous computing environments is significantly higher than for single-system enterprises. Multiple operating systems inevitably require multiple IT skill sets for administration and management - staff with those skill sets will be more expensive.
The technical and organisational demands of administering multiple operating systems also present security problems. It may prove difficult - not merely expensive - for IT organisations to develop the necessary skills and management systems to administer more than one operating system at the desktop level. This skills deficit may result in implementation and management errors.
Gartner research has shown that two thirds of successful attacks take advantage of misconfigured systems. Tight administration of a single operating system provides more security than sloppy administration of multiple operating systems.
Enterprises that use significant numbers of fat-client applications that are tied to Windows desktop operating systems may find that alternative platforms are unfeasible. Businesses that have no Unix- or Linux-based servers in place, or support no Macintosh desktops, may find that the costs of migrating to and maintaining a diverse environment are simply too high to even consider.
Enterprises that found that their desktop management and personal firewall strategies protected them from the impact of Slammer and MSBlast will find that the high costs of diversity are not needed for sufficient enterprise security.
Enterprises that lock down desktops, have centrally managed personal firewalls installed on every PC, and can push out critical patches to all desktops in less than two weeks after patch release will be safe from most attacks. However, attacks that happen before a patch is released will continue to be a threat. In addition, partially connected desktops are difficult to patch quickly, and to keep patched.
A simple plan for security
Targeted adoption of a heterogeneous computing environment offers significant security value for some enterprises.
Include the impact of recent worm attacks in your considerations of desktop operating system choices. A simple way to begin this process is to move the elements of the IT organisation that do not directly support Windows desktops and that do not require applications that are only supported on Windows onto an alternative operating system or systems.
Thus, if a malicious-code attack strikes Windows, the desktops that run the alternative systems can function and can reduce the scope and duration of the attack.