IT Wrestles with Microsoft Monoculture Myopia

Three years after an influential report flagged the security risks of relying too much on Microsoft's Windows monopoly little has changed. Why? The economics of standardizing still trump security headaches.

When Microsoft announced in March 2006 that it would add code-scrambling diversity to make Windows Vista more resilient to virus and worm attacks, you could almost visualize a wry smile from Dan Geer.

Geer, a computer security guru with a doctorate in biostatistics from Harvard University, lost his job as chief technology officer of consulting company @Stake in 2003 after co-authoring a report that blamed Microsoft's operating system monopoly and complex code base for the frailty of the Internet.

Exactly three years later this month, Geer insists that the risks associated with Microsoft's virtual monoculture remain the same, but a quick glance at the future direction of the world's largest software maker gives Geer a sense of "total vindication."

Indeed, three years ago on Sept. 24, Geer penned "CyberInsecurity: The Cost of Monopoly," a 25-page report he co-authored with a who's who of computer security experts, including celebrated cryptographer Bruce Schneier and intrusion detection systems specialist Rebecca Bace.

The crux of the report was that software diversity was core to securing the Internet.

This article was originally published on 09-10-2006
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.