The approaching new year brings with it an opportunity to reevaluate problems and make resolutions, including careful...
examination of long-used hardware and software applications and end monocultures that bring with them a number of security dangers.
"The presence of legacy systems surrounded by monoculture is like a fire," said Dan Geer, chief scientist at Waltham, Mass.-based Verdasys Inc. and a longstanding critic of monoculture computing systems. "To have a fire you need a match, to have a bad fire you need a match and a can of gasoline. Microsoft, for example, is the warehouse full of timber with no sprinkler system.
"There are lit matches everywhere trying to start fires," added Geer.
One of those threats is the speed at which viruses and worms -- designed to target the more popular OSes -- now spread. "We've seen the recent spread rate of viruses increase to the point where vulnerable systems may be reached in a matter of minutes," Geer said.
To reduce the threat, experts recommend looking at a variety of less mainstream products because they present attractive targets for attackers.
"The key really is to investigate the opportunity to switch applications, etc., on an ongoing basis and to base judgments on opportunity," Gene Spafford, director of Purdue University's laboratory known as CERIAS, said in a recent interview. "Acting on outdated information or inappropriate parameters -- like availability of games -- doesn't matter to an enterprise.
"You'll have the same problems times 100 in 10 years if you continue to allow a particular vendor to dominate a hardware or software market segment," added Spafford.
There are ways to deal with the issue, but all come with their share of growing pains in terms of expense, training and inconvenience.
"There are lots of ways to protect ourselves, which we elect not to employ, on the whole. One would be to switch to another platform -- there are plenty of viable ones out there," Pete Lindstrom, research director for Malvern, Pa.-based Spire Security, said in an e-mail interview.
When looking at a monoculture and the encroaching issues of downstream liability, enterprises may not have much of a leg to stand on if their systems are used to damage others.
"Running a monoculture is a prima facie example of an Internet health issue," Geer concluded.