The Concept of Monocultures in IT Reviewed
A briefing by Damir Rajnovic , at the March, 2011 Black Hat Europe Digital Self Defense Conference, in Barcelona, Spain, brings a unique view to an old approach as to how we have the trend to concentrate in one vendor solution to our computer security problems. The briefing titled "Monocultures-the other side" conveys the message that “Don’t put all your eggs in one basket” when it comes to operating systems and information systems security applications. Many times, I have wondered about this specific subject. Especially when I am facing a fraud or scam user victim who says “I had my Internet Security client running and still got zapped”. The answer is simple; there is not one single total solution when it comes to scammers and hackers.
The problem is that we have been led to believe that one vendor has it all. I agree that the notion is not correct at all. The fact that the solution is not provided by a single vendor is enforced by one quote from one of the references that Mr. Rajnovic presentation used as a source, the paper, "CyberInsecurity: The Cost on Monopoly" by Dan Geer. In his article Mr. Geer says that “Computing is crucial to the infrastructure of advanced countries. Yet, as fast as the world's computing infrastructure is growing, security vulnerabilities within it are growing faster still. The security situation is deteriorating, and that deterioration compounds when nearly all computers in the hands of end users rely on a single operating system subject to the same vulnerabilities the world over. Most of the world's computers run Microsoft's operating systems, thus most of the world's computers are vulnerable to the same viruses and worms at the same time. The only way to stop this is to avoid monoculture in computer operating systems, and for reasons just as reasonable and obvious as avoiding monoculture in farming.”Continued on the next page