The purpose of this article is to explain the risks arising from a Microsoft
Paul Strassmann is president of The Information Economics Press. From 1969
to 1978, Strassmann held several senior management positions at Xerox, where he
founded the company's Information Services Division. Before Xerox, Strassmann
served as the Corporate Information Officer for the General Foods Corporation
and afterwards for the Kraft Corporation. In 1997 he was named one of the
twelve most influential Chief Information Officers of the last decade by CIO magazine. He teaches at the School of Information Warfare, the National
Defense University in Washington, D.C., and at the U.S. Military Academy at
West Point, and he has held several positions in the Department of Defense,
which awarded him the Defense Medal for Distinguished Public Service in 1993.
Strassmann has authored five books and more than 200 articles on information
management and information worker productivity.
The term "monoculture" is originally derived from agriculture. It is the
practice of growing the same crop each year on a given acreage. Rotating crops
helps control certain insects and diseases; farmers who repeatedly grow the
same crop on the same land become increasingly dependent on chemical
insecticides, and must resort to new disease-resistant plant varieties, and
practice soil fumigation and similar methods of controlling insects and
diseases that are usually controlled by crop rotation.
If a large number of farmers, in proximate geography, adopt monoculture
practices, even the dependency on chemical means will not be sufficient to
protect the crops. Although the quantity of food is increased, the humans
create an environment that is hospitable to vermin, pathogens, and diseases.
Paradoxically, by increasing specialization monoculture farmers increase the
threats to their food supply.
The potentially destructive, injurious and deadly characteristics of
monoculture practices are remarkably comparable to conditions one finds
prevailing in computer networks. Therefore, it may be useful first to examine
an agricultural case before venturing into an exploration of what it means to
have Microsoft software present in most of the computers in the world.
The "Great Potato Famine" or the "Irish Famine" occurred in 1845-49 when the
potato crop failed in successive years. The crop failures were caused by
blight that destroyed the potato plant. It was the worst famine to occur in
Europe in the 19th century. By the early 1840s, almost one-half of the Irish
population--but primarily the rural poor--had come to depend almost exclusively
on the potato for their diet, and the rest of the population also consumed it
in large quantities. A heavy reliance on just one or two high-yielding
varieties of potato greatly reduced the genetic variety that ordinarily
prevents the decimation of an entire crop by disease, and thus made the Irish
vulnerable. In 1845 a fungus arrived accidentally from North America, and that
same year Ireland had unusually cool, moist weather, in which the blight
thrived. About 1.1 million people died from starvation or typhus and other
famine-related diseases. Many emigrated, and by 1921 the population was
barely half of what it had been in the early 1840s.
Microsoft's dominance in operating systems represents a new threat to the
national security and to the systematic reliability of our computer-based
It is a fact that a large number of political institutions, both in the U.S. and
in other countries, are becoming increasingly aware of the economic and
security risks that arise from the ubiquitous presence of Microsoft. The U.S.
government as well as a European Economic Community (EEC) Commission is trying to contain the expanding
power of Microsoft by litigation. This is insufficient. One must also address
the risks from attacks on a largely homogeneous systems management environment.
Info-terrorists and criminals will continue to take advantage of the
ever-growing proliferation of flaws in the gigantic Microsoft system,
consisting of hundreds of millions of lines of failure-prone code.
The Microsoft software monoculture is dangerous because this firm is pursuing
its global expansion objectives with unconstrained ambition. Its strength is
reflected in its share of all profits from the software business. That
advantage has widened steadily from 24 percent in 1987 to 64 percent in 1998 and is likely to
climb as Microsoft is expanding its reach as a vendor of software packages to
becoming a networking services giant. In its recently announced .Net
initiative, Microsoft has projected a vision of a world that is inter-connected
with Microsoft centers from where each computer receives not only its operating
software but also a continuous stream of data and applications.
Microsoft now sets its sights not only on the control of local computing but
also on the sources from which all program code and data originate. Upgrading
Microsoft software has been a logical choice for customers who wished to keep
up with changes in technology. The risks of an integrated family of operating
systems running all global computers, a declared Microsoft objective, make
selecting a Microsoft platform more than a purely technical choice. An
all-encompassing operating system bares itself to hostile exploitation of
paralyzing security flaws. The presence of a fatal defect is unavoidable as
the complexity of Microsoft systems expands to bizarre proportions with each
new release. It is the search for such a fault that occupies the minds of some
of the brightest computer experts. Finding a crack through which one could
induce mayhem with only a few keystrokes would be worth a great deal of money,
especially when supporting an act of terrorism.
It's only a question of time before the ubiquitous presence of Microsoft
operating systems, supported by a software-updating network, reaches a level of
interconnectivity that makes a universal systems crash feasible.
All that will be required is inducement of a widespread information
infrastructure collapse through a deliberately executed and pre-planned act of
information warfare. The risk from a software monoculture has increased due to
the shift from custom-made software to packaged applications residing on an
integrated family of Microsoft operating systems. As a result, the risks from
planned subversion of a software monoculture now overwhelm the demonstrable
benefits of standardization of an otherwise chaotic software environment.
The future of Microsoft should not be judged only by antitrust criteria or the
commercial merits of its software. It should be also reflected in the
unprecedented security risks to our civilization that a software monoculture
generates. The Microsoft defense that it was only maximizing profits using
common competitive methods is insufficient. Business practices that may be
tolerable for a small competitor become perilous whenever scaled up to
security-threatening proportions to global computer networks.
Our computer-based information society is still in its early stages of
development. Its resilience and dependability is still not adequately
understood. If history teaches anything, it is the insight that monocultures
of any kind--especially if they can propagate in a matter of seconds--should
not be allowed to flourish without adequate safeguards.
home · who are hackers? · risks of the internet · who's responsible · how to be vigilant · interviews
discussion · video excerpts · synopsis · press · tapes · credits
FRONTLINE · wgbh · pbs online
some photos copyright ©2001 photodisc
web site copyright 1995-2014
WGBH educational foundation