Contagion: Why Our Dependency on Microsoft Makes Us Susceptible
Pages: 1, 2, 3

This is not intended to suggest that Microsoft is the source of all evil, or that you should run out and replace all your Windows boxes with something else. There are good people working for MS -- and several of them are former students and colleagues. The university (and the world around us) would come to a very abrupt halt if we didn't have MS products for everyday use. Furthermore, other vendor products are hardly bug-free -- we continue to see security advisories for Solaris, HP-UX, Linux, and others. But the number of security problems for MS products and the near ubiquity of MS platforms in many environments means that we need to be especially concerned about this as a potential problem area. (See the BUGTRAQ Vulnerability Database Statistics for some interesting numbers supporting this.)

Several security experts, myself included, are convinced that we have seen only the tip of the iceberg as far as new worm/virus code is concerned. Being aware of alternatives and threats is the first step in protecting ourselves. Trying to reduce the "monoculture" environment and replace the most vulnerable members of the population is simply one step towards protecting our environment against future threats.

You do have choices, and if only enough people exercised their choices we might find all the vendors paying a little more attention to security.

Gene Spafford is the director of CERIAS, the world's foremost university center for multidisciplinary research and education in areas of information security. He is also a coauthor of two O'Reilly Media, Inc. titles, Practical Unix and Internet Security and Web Security and Commerce.

---

Discuss this article in the O'Reilly Network General Forum.

Return to the O'Reilly Network Hub.