Re: controversial paper

From: Elliott Roper (elliott_at_yrl.co.uk)
Date: 09/27/03 

Date: Sat, 27 Sep 2003 01:34:51 +0100

In article <bd4db.8810$3r1.5647@news02.bloor.is.net.cable.rogers.com>,
Tom St Denis <tomstdenis@iahu.ca> wrote:

> "Ernst Lippe" <ernstl-at-planet-dot-nl@ignore.this> wrote in message
> news:3f74cc46$0$8843$48b97d01@reader20.wxs.nl...
> > On Fri, 26 Sep 2003 22:41:36 +0000, Tom St Denis wrote:
>
> > No. The main thesis of the paper is that a monoculture is bad for
> > security, because the majority of the systems will share the same
> > vulnerabilities.
>
> Then they're still wrong. I run windows and I have yet to be infected with
> any of these "virii of the week" even after having several 100 MB of them
> sent to me via email.
>
Then you need to read the paper a little more carefully. The argument
explicitly says that well managed systems like yours at the centre of
the net (or otherwise) are not part of the problem. The problem is that
there are very large numbers of not very well managed systems at the
edge of the network and because they all have the same vulnerabilities,
then the chance of a virus-like problem cascading is 1.

If there were a greater variety of systems at the edge, then the chance
of a serious cascade is much smaller.

See I'm sitting on a Mac running an overglamourised BSD. It almost
certainly has vulnerabilities. The point is that it has different ones
to Windows. When an OS X virus takes down all the Macs on the Net, the
Windows machines won't be in danger, nor will the net, given Apple's
prodigious market share.

If there were three or four common OS's fairly equally distributed,
then a virus targetted at one would have a far smaller effect.

If each of those systems were designed in a more loosely-coupled and
open way, the authors also claim that undetected errors that give rise
to virus-like exploits would be fewer. That's a separate line of
argument. I'm not completely convinced. The latest SSH exploit exposes
lots of unixes all at once. If there were a similar variety of
independently developed SSHes I'd be happier with their reasoning.

Whatever, this SWEN can't touch me, whether my Mac is well managed or
not. But I'm more than slightly cheesed that about 10% of my bandwidth
is being stolen by the mismanaged rabble at the edge, and ever so
relieved to hear that you are not part of the DoS attack on my Macca.

Relevant Pages

  • Re: controversial paper
    ... there are very large numbers of not very well managed systems at the ... edge of the network and because they all have the same vulnerabilities, ... See I'm sitting on a Mac running an overglamourised BSD. ... to Windows. ...
    (sci.crypt)
  • Re: Another "Overlooked" Mac Article Take III
    ... "Similar vulnerabilities have also been found in corresponding ... due to Apple's recent advertising on Mac OS X's security." ... of security than Windows**, would create a greater impact than ... compromise is a compromise no matter the circumstances (this is why I ...
    (comp.sys.mac.advocacy)
  • Re: Another "Overlooked" Mac Article Take III
    ... "Similar vulnerabilities have also been found in corresponding Windows ... wireless drivers but the two are demoing the vulnerability on the Mac ... compromise is a compromise no matter the circumstances (this is why I ...
    (comp.sys.mac.advocacy)
  • Re: Another "Overlooked" Mac Article Take III
    ... "Similar vulnerabilities have also been found in corresponding ... wireless drivers but the two are demoing the vulnerability on the Mac ... of security than Windows**, would create a greater impact than another ... compromise is a compromise no matter the circumstances (this is why I ...
    (comp.sys.mac.advocacy)
  • Re: Web Application Testers.
    ... > automatically alerts you to the latest security vulnerabilities please see: ... Platforms: ... A Windows/MS-DOS CGI scanner which scans for 65 remote ... Windows 2000 and Windows NT ...
    (Pen-Test)