Felix Stalder on Thu, 11 May 2000 00:09:49 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] Viruses on the Internet: Monoculture breeds parasites


Viruses on the Internet: Monoculture breeds parasites

A contribution to the diversity of life on the Net.

The latest viruses, VBS.LoveLetter.A and its copy cats, allegedly the most
damaging in the history of the Net, throw a stark light on the state of the
Internet. The viruses gained their enormous impact not so much from the
geniality of the programmers, or from the poor quality of Microsoft
products, though the latter may have helped too. A much more important
reason for the rapid spread of the viruses can be found in the increasing
monoculture of software that is used on the Net. 90% of all desktop
machines, where the mail clients are located, run on one variant or another
of Microsoft Windows and, apparently, a significant percentage of them are
using the standard Microsoft email product Outlook. The virus revealed the
extent to which these programs are used. Now we know that the computer
systems in the Pentagon and the British parliament are little more
sophisticated than anywhere else.

Monocultures, as any farmer knows, are particularly vulnerable to
parasites. Once they are attacked by parasites, there is no stopping. The
parasites can replicate without limits and kill the entire plantation
because the entire plantation is made up of a single crop that just happens
to be the parasite's niche. On the Internet, the case is similar, most of
the recent viruses could spread so fast and so deep because a few Microsoft
products are used so pervasively. The viruses used a "security hole" like
any other, but, thanks to the monoculture on the Internet, this one can be
found on millions of computers around the globe. Depending on your point of
view, the current viruses didn't even exploit a security hole but they used
features that are available by default and are used pervasively for less
spectacular purposes.

Tom Truden, Ford Motor Car's team leader for computer emergency responses,
told the New York Times that "we looked at the script [of the virus] and we
thought, 'We've used this kind of stuff.'" Sections of the code turned out
to be very similar to software that the company uses to distribute software
updates -- including cures for security problems -- to Ford computers
around the world.

Scott Culp, from the Microsoft Security Response Center was, in a sense,
right when he told the same newspaper: "This is a general issue, not a
Microsoft issue. You can write a virus for any platform." While this is
technically correct, it is also a very strong argument why Microsoft should
be broken up in as many companies as possible, not just two.

Contrary to monocultures of plants which are as likely to be attacked by
parasites than more varied ecologies (although the results are much more
damaging) monocultures of software actively attract malicious viruses. It's
a simple question of how to maximize your own efficiency, a concept alien
to physical parasites, but not to human beings. If you have the intention
of releasing a virus, wouldn't you choose the niche were it has the most
impact? In this perspective it was not a coincidence that it was Hotmail,
the world's largest web-based email service, that got hacked, and not one
of the thousands smaller ones. Add to this the dynamics of the attention
economy--in which getting attention is a goal in itself--and it becomes
clear why it is so tempting to attack the monoculture. The authors of the
latest viruses are instant global celebrities thanks to Microsoft. They
would have never reached this status if their virus would have attacked,
say, the BeOS. The BeOS niche is simply too small to produce much
attention. In other words, software monocultures are not only vulnerable to
viruses, they breed them.

The industry's answers to the virus threat are as predictable as the
threats themselves: pesticides. Leaving genetic modification aside, the
huge monocultures of the agro industry can only be maintained through the
extensive use of pesticides with all their negative side effects. They
poison the plants and the soils, kill off all kinds of other species as
well as remove bugs from the natural food chain and set off chain
reactions. Birds, for example, can hardly survive in areas of crop
monocultures, because all the bugs they eat have been killed by pesticides.

On the Internet, the equivalent of pesticides would be strict laws to
criminalize any kind of hacking or reverse engineering, independent of its
intention, and pervasive tracking technologies that make law enforcement
easier. Both approaches are being pursued. While they might help to
stabilize the software monoculture, their effects on "life on the Internet"
could be as devastating as the effects of chemical pesticides are on the
natural environment. The first casualties could be freedom of speech in
areas where this freedom really matters, and innovation that comes not out
of industrial R&D labs.

Of course, monocultures are not natural in any way, they are an industrial
product of economies of scale. On the Internet, monocultures are the
dumbest, though not the only, way to create interoperability. While
computers and applications need to be interoperable, they need not to rely
on the one-size-fits-all monoculture. There is no Faustian bargain between
interoperability and diversity.

Breaking up Microsoft could have some positive influence on the diversity
of software on the Internet, though this will take some time. Alternative
operating systems / applications -- from Apple to Linux -- have to be
implemented and made more interoperable, not because they are per se
better, perhaps that too, but because diversity in itself is the best
protection, not against viruses, but against massive damage caused by
viruses. It seems that software engineers could learn a lot from farmers.

[copyright: Telepolis <http://www.heise.de/tp>]








------------------------------------------
Les faits sont faits.
http://www.fis.utoronto.ca/~stalder



_______________________________________________
Nettime-bold mailing list
Nettime-bold@nettime.org
http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-bold