Beware the Windows Monoculture
It's Windows' very monolithic structure that makes securing the platform that much harder.What was once the reason why Windows was so successful in the enterprise and why corporations got behind it en masse also has been its undoing and the bane of IT managers around the world. The Windows monoculture thrived because it allowed interoperability among users and across corporations. That same culture also has put those very users and businesses at risk, and not just because of the many security flaws already inherent in Windows and Windows applications like Internet Explorer and Office. Substitute the word "monopoly" for "monoculture" and you will get to the root of the problem. "Because Microsofts near-monopoly status itself magnifies security risk, it is essential that society become less dependent on a single operating system from a single vendor if our critical infrastructure is not to be disrupted in a single blow," went a now-infamous report released three years ago this month. The report probably cost one of its authors, former @Stake researcher Dan Geer, his job, reports eWEEK Senior Writer Ryan Naraine.
It has become rather common now to say that Windows makes such an easy target because Windows is everywhere. Even Microsoft has acknowledged as much in some of its new security initiatives, such as memory-address randomization to combat buffer overflow attacks, and new security features in the forthcoming Vista version of Windows. But its Windows very monolithic structure that makes securing the platform that much harder, so we are stuck in a vicious cycle of patch management that looks like it will never end.