?

Log in

No account? Create an account
entries friends calendar profile Elf Sternberg's Pendorwright Projects Previous Previous Next Next
Why Microsoft Bought Connectix - Elf M. Sternberg
elfs
elfs
Why Microsoft Bought Connectix
Dan Geer has a paper on OS monocultures in which one of the things that stood out for me was Geer's belief as to why Microsoft bought the Connectix Virtual PC emulation software.

Geer points out that there are only two ways to handle monoculture: go for it completely, so that risk management is based upon the notion that since everything is the same, any problem can be fixed on every machine the same way, or diversify completely, so that no one OS has more than 43% of marketshare-- apparently, an inflection point determined empirically, after which the compromise of a predominant but not monopoly OS harms the efficacy of all operating systems.

Microsoft wants to do the former: that is their stated goal. They believe, cultlike, that we should be pleased that an organization run by a man as enlightened (yes, they use that word) Bill Gates controls the majority platform.

Ballmer doesn't buy the enlightnment argument: he's a brutal businessman. His objective is world domination. And he knows that if a few more nasty viri break loose, or if governments finally get their stuff together and understand that the Microsoft platform is the problem, then "enlightened, progressive" politicians will get involved. That's the last thing anyone in the software industry wants.

Microsoft therefore plans, after Longhorn, to deploy an entirely new operating system, perhaps based upon research coming out of the Singularity project. The next OS will be written in C#, and will be incapable of running "dangerous" or "unauthorized" code.

But what of all our legacy software? What of all the games we own, that we love to play? That's where Connectix comes in. You can run those games inside the "protected" box of the Connectix Virtual PC running in a Singularity memory segment, isolated from the OS. If that Virtual Windows box becomes a problem, well, Microsoft can always say that's your fault for running infectable code. They did everything they could. Tough luck.

Brilliant and evil.

Tags: ,
Current Mood: discontent discontent

6 comments or Leave a comment
Comments
ambrose_m From: ambrose_m Date: December 9th, 2005 03:32 am (UTC) (Link)
Let me relate an antidote that may add another data point to this.

I recently bought an Apple PowerBook, and it being (reasonably) new, it came with Apple's latest - 10.4 Tiger OS. I determined that it, and my student discount, were enough excuse to upgrade the OS on my dual processor G4 desktop.

I had been running Semantics’s Norton System Works For Macintosh as (among other things) a virus checker on my desktop. 10.4 broke it irreversibly, so I went looking for a replacement. There aren't any. And I'm not the least disturbed by this. In fact I'm gleeful.

Well, technically there are two:
- Virex will sell you a five-pack so you can make the auditors happy, but they don't sell individual software packages.
- There's a rather lame freeware product with an impossible interface.

Apple used to offer Virex as part of it's .Mac package, but even they have dropped virus scanners.

What I found out is that there are =NO= current viruses for the Macintosh OS, and there haven't been for several years. Nobody bothers. There's a lot fewer people who know how to write Mac code, and the populationof Macs is such a small target compared to MS that the people who do viruses and other malware just don't bother. So the virus checker companies don't bother either.

I saved $$, and I can grin and brag when my MS friends put up with the updates and use CPU cycles checking for virus' that I reserve for Photoshop. (I got Adobe Creative Suite on my student discount too). I'll watch the situation - I'm tuned to the sources that will know if things change.

DON'T LET THE WORD GET OUT!
If companies and security people ever get wind of this they'll start buying Macs and the gig will be up. The situation will change and I'll have to put up with all that cr*p the bad guys do.

I had occasion to mention this situation to some fellow students at school the other night, and they would not believe me. (Two of them work for MS.) I flat offered them $100 for the first credible report of a virus for macintosh OS 10.4 in the wild that they could show me. I'm not worried about my $100.

On another note related to monoculture vs. diversity, a wise person once said: "If you're not a little bit uncomfortable, you're not doing diversity." That certainly looks like it applies here. I do have to futz sometimes to accommodate my MS friends, but the real, right-now-for-me benefits of diversity outweigh that by a long shot.

Take care, and think of me the next time you're waiting for your new virus definitions to down-load. (smirk)

A.M.
elfs From: elfs Date: December 9th, 2005 03:52 am (UTC) (Link)
As Geer points out in his essay, security conferences are really bad places to send your password out in the clear, but as infectable ecosystems they aren't ideal because 1/3rd of the attendees have Macs, 1/3rd run Linux, and the rest run Windows or "something else."

I run Linux, so I laugh every time the Windows people go berserk worrying about the next Slammer Outbreak.
From: technoshaman Date: December 9th, 2005 06:18 am (UTC) (Link)
If companies and security people ever get wind of this they'll start buying Macs and the gig will be up.

Bullpucky. The coolness of MacOS X is that it's designed around FreeBSD... an OS designed with basic security as part of the architecture. Linux has a very similar architecture and still runs the vast majority of websites the world over, and we've only had three worms and no real viruses in 12 years of Open Source-ness. Try though they might, they'll not get us easily.

Oh, and here's the other reason they won't get us. When a vulnerability comes up in OS X or Linux or even Solaris, it gets fixed. RFN. No waiting around until next month. No hiding behind low severity labels. Fixed. Done. Kaputt. All of the three Linux worms had patches available at least a month before the worm showed up in the wild.

Naah. Let'em come. Do your worst, Skript Kiddie. Watch my firewall squash you like the bug that you are.
riverheart From: riverheart Date: December 9th, 2005 06:19 am (UTC) (Link)
Years ago, when I worked for Apple, we found out how many virii existed for the Mac at that time.

There were thousands for the PC - this was 1997 - but guess how many for the Mac?

Thirty-five. That's it. And they'd all been dealt with already.
(Deleted comment)
srmalloy From: srmalloy Date: December 9th, 2005 04:19 am (UTC) (Link)
And, of course, 'dangerous' and 'unauthorized' will be defined as 'not being produced by a Microsoft-sanctioned software-development product, or for which the up-to-date status of your subscription to use the software cannot be verified...
6 comments or Leave a comment