On Thu, 17 Feb 2005 09:01:51 -0500, "George" george@least wrote:


"Mark & Juanita" wrote in message
.. .

While those kinds of things can lead to problems (mis-interpretations,
etc), it could also have had some significant benefits. Even if only a
few
vendors survived future competitive thinning, the differences in
implementations would have reduced vulnerability to virus problems, since
it would be unlikely that the same holes would exist in all
implemenations.

Having seen what the boys from Ft Meade can do, I'm confident in asserting
that _any_ system is vulnerable to the infinite number of monkeys out there.


I don't think I said anything differently, although I'm not sure what the
boys from Ft Meade have to do with malicious viruses floating around on the
internet. The point is, that when you have different implementations
floating around, then the exploits that take advantage of a specific
vulnerability (unless it is a shortcoming in the standard itself) will not
work on all implementations. Thus, instead of the homogeneous system we
have now in which all windows machines are vulnerable, for example, to the
blaster worm because of a specific buffer overflow, in a diverse market
place with different implementations of the same standard, it is likely
that only one of the implementations would be vulnerable to that particular
exploit. Doesn't mean other exploits wouldn't work on a different
implementation -- what it means is that not *all* systems would be
vulnerable to the "virus de jour". Seems much more robust to me.


+--------------------------------------------------------------------------------+
The absence of accidents does not mean the presence of safety
Army General Richard Cody
+--------------------------------------------------------------------------------+