mailing list archives
Re: Buffer overflow prevention
From: Crispin Cowan <crispin () immunix com>
Date: Mon, 18 Aug 2003 13:11:33 -0700
Mark Handley wrote:
To the contrary, I did take this into account in the portion of the
quote that you cut:
Heterogeneity increases survivability of the *species*, but does little
to protect the individual.
What you're not taking into account is contagion. Amongst a
homogeneous population, a pathogen that infects your friends can
likely infect you. Amongst a heterogeneous population, if the same
pathogen infects a friend, there's a significantly lower probability
it can infect you.
A site manager seeking to protect their own servers cares little if
an attack that takes them down doesn't take down their competitors.
In fact, it's kind of bad if heterogeneity means that you go down
and your competitors don't. At most, you could say that running the
most common system makes you somewhat more vulnerable to attack, and
you should take that into consideration when planning your security.
Running more common species makes you more vulnerable.
As I said the last time the bio analogy came up, analogies are like
goldfish: sometimes they have nothing to do with the topic at hand. The
notion of being non-promiscuous and careful about who you talk to does
not work here: non-vulnerable Linux mail servers are fully capable of
passing virus-infected mails to vulnerable Windows clients. Firewall
mailing lists are currently full fo sorry stories about Blaster coming
in through VPNs, even though the firewall was blocking the right ports
from the outside.
How does this affect networks? Well, if you're a webserver or
mailserver that talks to everyone, the heterogeneity doesn't buy you
so much (other than, as you said, there might be more pathogens for
popular systems). But if you're configured to not talk to the whole
world (via a firewall, or something equivalent), then you're a whole
lot safer if the machines you do communicate with are different from
you in ways that make contagion harder.
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
Re: Buffer overflow prevention Shaun Clowes (Aug 15)
Heterogeneity as a form of obscurity, and its usefulness Bob Rogers (Aug 22)
Re: Heterogeneity as a form of obscurity, and its usefulness Crispin Cowan (Aug 22)
Re: Heterogeneity as a form of obscurity, and its usefulness Nicholas Weaver (Aug 22)
Re: [Full-Disclosure] Re: Buffer overflow prevention KF (Aug 15)
RE: Buffer overflow prevention Brian Glover (Aug 14)
Re: Buffer overflow prevention noir (Aug 14)
Re: Buffer overflow prevention Matt D. Harris (Aug 15)
RE: Buffer overflow prevention Avery Buffington (Aug 15)
Re: Buffer overflow prevention Massimo Bernaschi (Aug 15)
- Re: Buffer overflow prevention, (continued)