IT Wrestles with Microsoft Monoculture Myopia
Modernizing Authentication — What It Takes to Transform Secure Access
When Microsoft announced in March 2006 that it would add code-scrambling diversity to make Windows Vista more resilient to virus and worm attacks, you could almost visualize a wry smile from Dan Geer.
Geer, a computer security guru with a doctorate in biostatistics from Harvard University, lost his job as chief technology officer of consulting company @Stake in 2003 after co-authoring a report that blamed Microsoft's operating system monopoly and complex code base for the frailty of the Internet.
Exactly three years later this month, Geer insists that the risks associated with Microsoft's virtual monoculture remain the same, but a quick glance at the future direction of the world's largest software maker gives Geer a sense of "total vindication."
Indeed, three years ago on Sept. 24, Geer penned "CyberInsecurity: The Cost of Monopoly," a 25-page report he co-authored with a who's who of computer security experts, including celebrated cryptographer Bruce Schneier and intrusion detection systems specialist Rebecca Bace.
The crux of the report was that software diversity was core to securing the Internet.