June 21, 1999

Virus Attacks Point Up Value of Diverse Operating Systems

By Steven L. Telleen

Q: Our Intranet currently contains a mixture of operating systems on both the clients and servers. Should we try to implement Windows across the board to make management easier?

A: As you may have read in the news, on June 6 a destructive new computer worm carrying a virus called "zipped_files.exe" was discovered. Four days later the e-mail servers at my company were infected. We had two disk drives erased and at least one employee also had the hard drive on his client system erased. It took extensive system management resources to clean up the problem and recover, and our normal business processes also suffered. 

If our central mail servers had not been Windows- and Exchange-based, this worm would not have been able to wreak havoc with them. This is not an indictment of Windows, but a suggestion that allowing any single operating system or application to gain too high a percentage of the total carries risks. The close encounter made me realize that computer viruses provide a nice ecological study on the merits of diversity. 

Just as homogeneous biological populations are more likely than diverse ones to suffer from devastating diseases, it appears electronic ecosystems show the same pattern. The almost exclusive use of Windows as the base operating system on clients creates the same vulnerability that the narrow genetic base of corn did in the 1970s, when a full one-third of the U.S. corn crop was wiped out by a virus. It took that economic disaster to wake up the agricultural community and cause it to start diversifying the genetic base in many of our crop plants. 

The growing number of computer viruses we encounter today would be much easier to contain if three or four operating systems were randomly distributed across all sites and users. Viruses by necessity are operating system (or application) specific. With even three or four different systems, the effect would be dramatic. A new virus could not spread as rapidly because 66 to 75 percent of the systems it hit would be immune. 

With the advent of Web standards, and the increase in viruses, it's time to reevaluate the costs-and benefits-of supporting diversity. Up to this point, the argument has been that homogeneous systems were required for efficient management. But intranets have become the IT infrastructure in most organizations. As one begins to consider the increasing costs of virus containment and recovery against the decreasing costs of Web-standard sharing across diverse systems, we might find the balance has tipped. Perhaps it's time for IT to discover what the agricultural community discovered two decades ago: In a world of hostile viruses, there are pragmatic business reasons to support diversity for its own sake. 


Copyright 1999 Penton Media Corporation.
All Rights Reserved.