Tuesday, December 13, 2005

Allright, I have 8 minutes of free time before I need to run to the computational algebra lecture, and I will spend it by dropping a few thoughts about Dan Geer's "login"-article advocating moving away from a monoculture.

My two points on his proposed 'artificial diversity':
1) It will increase resitence against total extinction. A worm will need more than one bug to wipe all harddisks.
2) It will also make sure that skilled attackers will get their hand on useful information.

So please do it. Listen to Dr. Geer.

The (brief) reasoning: Let's take the pool of computers in an organisation. Lets also take a useful piece of information (for example, a source tarball) and distribute it randomly on a small subset of the computers in the organisation. In the monoculture example, I would need an exploit for the monocultureOS. In the diversity example, I need an exploit for any of the OSs on which the information that I want is stored. Joy. Please diversify !

No comments: