Microsoft and Monocultures: The Rebuttal

Another shot has been fired in the ongoing battle over whether Microsoft's near monopoly on desktop operating systems makes it easier for worms and viruses to cause "cascading failures" that threaten the nation's infrastructure (see "Bullying the Monopoly," Tech Talk, December 2003, for more on this debate).

The argument goes like this: Malicious code written for the Windows operating system can take everything down because so much of the existing infrastructure runs on Windows. That exposure would not exist if some systems were running on other operating systems, such as Linux.

Now researchers at the George Mason University School of Public Policy's Infrastructure Mapping Project have concluded that the threat is overblown, because Microsoft is only the dominant system on the desktop, while the server market remains diverse. Successful attacks on desktops running Windows are less of a threat than successful attacks against servers.

Though Microsoft's servers have been targeted by worms such as Code Red, the company's share of the server market is only 20 to 23 percent, not anywhere near the 47 percent that the researchers say would be needed to "induce a catastrophic failure."

In fact, the report shows that even vulnerabilities in products made by Cisco, which has more than 86 percent of the router market, are only "problematic" as those vulnerabilities do not allow the spread of an exploit from one machine to the next.

@ Link to Is Microsoft a Threat to National Security? The Effect of Technology Monocultures on Critical Infrastructure via SM Online.