Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-05-2010, 09:25 PM   #1
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Arrow Software Monoculture (by Bruce Schneier)

In 2003, a group of security experts -- myself included -- published a paper saying that 1) software monocultures are dangerous and 2) Microsoft, being the largest creator of monocultures out there, is the most dangerous. Marcus Ranum responded with an essay that basically said we were full of it. Now, eight years later, Marcus and I thought it would be interesting to revisit the debate.
Complete Article
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-06-2010, 04:07 PM   #2
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
One thing that jumped out at me early in the reading was the references to 'complexity', which I took to mean the Cyclomatic Complexity metric of the software. Applied to a large application, like an OS, the total complexity score will be ridiculously high and becomes a meaningless number. The complexity metric is a rather useful statistic when applied to the module level and much evidence indicates a strong correlation between complexity and defect rate in software. From what I understand of it, it is a score that measures the number of potential execution paths through a particular piece of software, this measure also indicating the number of unique test cases to fully prove a routine. The article raises the interesting point, claiming that Microsoft has deliberately added complexity to further their own market share.

I also found it interesting to use the example of the importance of biodiversity. In my opinion, one of the biggest strengths of the Linux platform is the diversity that exists amongst the different distributions and even the individual machines. I do believe that this is one of the (many) impediments to writing malware that targets a Linux system. Using biology as an analogy, one could also consider the concept of 'administrative privilege'. Both Windows and Linux have this concept, but I think that it has been well demonstrated that this system in Linux is superior, a superior immune system if you will making it is less susceptible to "disease."

A third thing that I found interesting is that is mentions that the majority of the malware infections do not occur on the well managed systems, but rather by the inexperienced. It does seem today that most of the malware is found and spread in "social" places, much like proverbial "social diseases." As Linux becomes more main stream and with some distributions appearing to cater to or even have a goal of bringing Linux to these masses, it will be interesting to see if it becomes more susceptible to these infections. I have also noticed, more often than I would like to see, that pleas for help from admitted Newbies, that they acerbated their own problems by running as root, effectively bypassing the effective permissions system and reverting to the "administrator is a user" model fundamental to the Windows mindset.
2 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bruce Schneier warns 'profits killing personal privacy' Jeebizz Linux - News 0 10-12-2010 09:46 AM
LXer: Bruce Perens: Combining GPL and Proprietary Software LXer Syndicated Linux News 0 02-10-2009 05:11 PM
LXer: Bruce Almighty: Schneier preaches security to Linux faithful LXer Syndicated Linux News 0 12-28-2007 06:10 PM
LXer: Bruce Schneier to speak at LXer Syndicated Linux News 0 12-07-2007 02:40 PM
LXer: The Virtues of Monoculture LXer Syndicated Linux News 0 04-25-2007 03:01 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:51 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration