|
|
Subscribe / Log in / New account

Letters to the editor

Rob, are you actually paid to do this?

From:  Leon Brooks <leon-AT-cyberknights.com.au>
To:  renderle-AT-gigaweb.com
Subject:  Rob, are you actually paid to do this?
Date:  Sat, 11 Oct 2003 19:53:01 +0800
Cc:  letters-AT-lwn.net

> Two high-profile organizations recently argued that diverse
> environments are inherently more secure than "monoculture"
> (read: Microsoft-only) environments.

...and from other sources:

> The report's authors said the report was a reflection of their own
> views [...] "I wouldn't put all of the blame on Microsoft," Schneier
> said, "the problem is the monoculture."

From the horse's mouth, the security problem harped on in the report is 
explicitly the monoculture, not the Microsoft. So you've started on a 
misconception. Do you recover from this?

> These arguments were put forward by Gartner

Er... what? Gartner are hardly known for being critical of Microsoft, in 
fact they've got an informal reputation for being on Microsoft's cheer 
squad, if anything.

As if to underscore their reluctance to injure or offend such a 
lucrative and dominant source of income, Gartner speak as little as 
possible to Microsoft, as such, limiting themselves to Windows. I 
believe this to be a mistake, since the majority of reported 
vulnerabilities on desktop PCs have been in Microsoft applications 
other than the OS - such as Outlook, Internet Explorer or IIS.

They also make it plain, regardless of motives, that their primary 
concern is the lack of diversity, and I quote:

> By spreading critical business functions across multiple desktop
> platforms or by maintaining key operating groups on separate
> platforms, you can enhance your ability to keep at least some of your
> key personnel and processes functioning and communicating during
> an attack.

Perhaps Gartner have realised that there is an issue here that they need 
to be seen to be addressing?

Two strikes against Rob. But you go on to say:

> separately, a panel hosted by the anti-Microsoft Computer &
> Communications Industry Association.

Also wrong (third strike), at least in origins: the report now filtered 
through CCIA was originally released by the diverse group of security 
consultants through security firm @Stake - and it seems that @Stake are 
so pro-Microsoft that Dan Geer, then @Stake's CTO, was fired over the 
publication.

This brings to mind an interesting statement from  President of the 
Vermint Library Association:

    If you have to worry about what your reading list might look like to
    an FBI agent, you might decide to censor yourself and not read what
    you really want to read. And the moment you have to think about
    those kinds of decisions, then you are no longer truly free.
      --Trina Magi

To be sure, Microsoft are not the FBI - but the principle is exactly the 
same.

The whole set of premises that you justify your article by are 
completely wrong. This essentially makes it worthless. But even if the 
raison d'etree had been sound, you also muck up the content:

> We have yet to see a cost/benefit analysis that supports the
> conclusion that a heterogeneous computing environment lowers
> the overall threat level of a corporation, or that it is the most cost
> effective of the choices available to you. 

A Microsoft-aimed worm took out one large local ISP's mail service for a 
day, and kept it lagged for about 3 days this last week. A consultant I 
work with lost an AUD$2000 job and probably also all future work from a 
customer becasue they were unable to receive their email.

I haven't even seen a guesstimate of how much this kind of damage 
eventually adds up to be, to say nothing of a cost/benefit study, and 
we're not even dreaming about one not paid for by Microsoft.

Then several of your recommendations, while plausible ont the surface, 
carry additional risks.

> Locking down desktops so users cannot make changes and viruses and
> worms can't install themselves and run.

Unfortunately, the vast majority of recent viruses and worms don't 
require much if any user intervention. Several Outlook vulnerabilities 
haven't even required the user to read email in order to propagate the 
problem.

Locking users down too firmly may actually prevent individual users from 
implemeting many of the safety measures you prescribe. Think about the 
analogy of being trapped inside a burning house by your security 
system.

> Implementing additional security products, such as virus software
> and firewalls.

Funny, but everything competing with Microsoft (ie, OS X, Linux, FreeBSD 
et al) comes with effective firewalling software and so far hasn't 
needed anti-virus software (and without a major paradigm shift, never 
will).

In addition, most of these run on diverse platforms, which makes binary 
intruders so much less effective. Granted that Windows will soon have a 
significant number of Hammer and IA-64 users in addition to the current 
IA-32 monoculture, but it's a little late in the game, and one has to 
ask in the light of their abandonment of Alpha, PPC and MIPS 
architectures whether Microsoft would have adopted Hammer or IA-64 this 
early in the absence of stiff competition from Linux and friends.

> Deploying Windows on alternative hardware. For example, "PC blades"
> centralize the processors, memory and storage of PCs in a datacenter,
> while the display, keyboard and mouse are at the user's desktop.

Who needs specialised hardware? Do this today, for free, on existing 
hardware and run any legacy apps under WINE or Win4Lin. The 
restrictions these translation layers place on bizarre network 
operations alone should help your security enormously. And I do know 
from practical experience that apps die about half as often under 
Win4Lin as they do run natively, as well as running roughly twice as 
efficiently.

Using Linux mounted readonly and running no services for the outliers 
should cut down a *lot* on network vulnerability. Make them diskless 
and fanless for amazing reliability. Running those on a variety of 
architectures involves very little extra cost.

In fact, contra to your assertions, the safest and most economical 
approach is usually to evict all Microsoft software from your network. 
If you want pretty, replace it with Macs; if you want functional for 
minimal cost, use X11 on Linux, FreeBSD or any of the others.

Cheers; Leon

--
http://cyberknights.com.au/   Modern tools; traditional dedication
http://plug.linux.org.au/     Committee Member, Perth Linux User Group
http://slpwa.asn.au/          Committee Member, Linux Professionals WA
http://linux.org.au/          Committee Member, Linux Australia

Comments (2 posted)

Page editor: Jonathan Corbet


Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds