Business Week recently ran an interesting piece about Microsoft's anti-malware software for Windows 7, but it misses what I believe to be a key point in the security debate. User desire for standardized platforms is the leading contributing factor to the lack of system security.
Microsoft has integrated all of its tools so seamlessly and controls so many aspects that one chink in the armor opens your entire computer to a plethora of attacks. For example, the entry point may not be as simple as Internet Explorer or Outlook. A hacker could inject malware through Excel, Word or Powerpoint or any other application commonly found in the Windows environment and then find it's way out through your Internet connection.
Once a single application has been compromised, the ubiquitous Windows configurations create a template for easy attack. Once a single point of entry is exploited, the whole system becomes vulnerable and everyone else running the same common configurations are also vulnerable. The idea of adding Microsoft security into your system seems to compound the problem because it knocks down one more hurdle for the hackers, who currently need to determine how they will work around an already limited choice of security software options.
The real solution, is to run a system built on open file types (for example a .doc word processor file) instead of turnkey software solutions (like the Windows/Office bundle). As in nature, lack of diversity in the desktop ecosystem is the real danger.
An environmental example would be the Irish potato famine. Reliance on not only a single crop, but a single cultivar of potato created an environment where a single pathogen wiped out the entire crop and left hordes of people starving. Potato famine is unknown to the Andean peoples who grow wild, diverse and constantly hybridized potatoes. Again, the culprit is not potatoes, but the monoculture of growing only cloned cultivars of potato.
From this perspective, a document is like a potato or a piece of fruit. It is the product of your software, but it does not create the work. On its own, the document poses no threat to the entire ecosystem. However if you lack genetic diversity in your fields or on your computer network, you will lose the entire crop once a single plant or application is infected because all the applications (or plants) are genetic clones. If the vulnerability is Internet Explorer, then every Explorer user is in danger. By making a simple change like choosing another web browser like Opera, FireFox or Safari you inoculate your system from an attack that targets Internet Explorer.
The internet is a diverse digital ecosystem. The World Wide Web is like wild potatoes in a part of that ecosystem and even that part shows some reasonable diversity. Web sites eventually get translated to a common language of HTML. The ways to get there are many, including PHP (which we run), ASP, .NET, Perl and Python, just to name a few.
On the reading side, you can choose to run Internet Explorer, Firefox, Safari, Opera or a host of others. The result is that a single attack, using a single method, may cripple large parts of the Internet, but can't destroy the entire Web. Even on the client (user) side there are great opportunities to increase the diversity. Constantly ask yourself if you are making the best choice for yourself in your software. Look at open source alternatives which often update more often than proprietary applications and have less interest from hackers. Moving to another platform like Apple's Macintosh or Linux is another alternative toward securing your platform.
I hope that with devices like iPhones and the Palm Pre as well as other smart phones, we are moving away from computerized monocultures. More people will eventually give up their desktop machines because we just won't need them. The result will be many devices running many operating systems and many browsers and we will all be safer from rampant attacks against commonly configured devices.
Jonathan Lyons - Lyons Digital Media