Beware the Windows Monoculture

It's Windows' very monolithic structure that makes securing the platform that much harder.

What was once the reason why Windows was so successful in the enterprise and why corporations got behind it en masse also has been its undoing and the bane of IT managers around the world. The Windows monoculture thrived because it allowed interoperability among users and across corporations. That same culture also has put those very users and businesses at risk, and not just because of the many security flaws already inherent in Windows and Windows applications like Internet Explorer and Office.

Substitute the word "monopoly" for "monoculture" and you will get to the root of the problem. "Because Microsofts near-monopoly status itself magnifies security risk, it is essential that society become less dependent on a single operating system from a single vendor if our critical infrastructure is not to be disrupted in a single blow," went a now-infamous report released three years ago this month. The report probably cost one of its authors, former @Stake researcher Dan Geer, his job, reports eWEEK Senior Writer Ryan Naraine.

It has become rather common now to say that Windows makes such an easy target because Windows is everywhere. Even Microsoft has acknowledged as much in some of its new security initiatives, such as memory-address randomization to combat buffer overflow attacks, and new security features in the forthcoming Vista version of Windows. But its Windows very monolithic structure that makes securing the platform that much harder, so we are stuck in a vicious cycle of patch management that looks like it will never end.

The "massive, cascading failures" predicted by the monoculture paper has not happened as yet, per se. But if you believe Geers estimates that 15 percent of all computers are compromised, then we are already risking death by a thousand cuts.

Nonetheless, many corporations resist a move toward software diversification because they believe the cost of risk is still less than the cost of buying, installing and retraining on new software. It doesnt help when the government still maintains its status as a Windows shop. The interoperability argument in favor of monoculture no longer holds. With so much computing work being done online, and with standards becoming more widespread ... well, as the saying goes, on the Web no one knows you are using a Mac or Linux or a $100 laptop, for that matter.

Contact eWEEK Editor Scot Petersen at

/zimages/3/28571.gifFor reader response to this editorial, click here.

/zimages/3/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.

Scot Petersen

Scot Petersen

Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture,...