Sasser and Diversity

Independent.co.uk: Worm crashes Coastguard computers

The Sasser worm, which exploits a flaw in Microsoft’s Windows software, disrupted work at the Marine and Coastguard Agency, forcing staff to use pencil and paper to find ships and locate distress calls on maps.

And this too: Sasser Worm Rips Through Internet; Banks, EU Hit

As I read all these reports of major systems downtime to to yet another virus rapidly spreading through the internet I am more and more convinced: Implementing diversity in operating systems seems to me the most effective way to mitigate the risk of widespread systems downtime for critical computer infrastructure. Look at the UK’s Coastguard example – their backup plan is using pencil and paper to find ships and triangulate distress calls. Get out the sextant and star charts!

Face it: No matter how many speeches you hear by Steve Ballmer adamant to the contrary, Microsoft Windows can be hacked by squirrel monkeys. 100% dependence on a single platform means probablility for 100% downtime during an attack. If 50% of these machines were on an alternative platofrm such as Mac OS X or Linux, even in a worst case scenario only 50% of the machines would get infected. Go with a third on each — Windows, Mac, and Linux — and you have only a third of your infrastructure hosed by the latest worm. For mission-critical operations, a backup platform seems to be something of a requirement.