dan.tobias.name | The 'Net | Monoculture

Just As Bad an Idea in Computing as in Agriculture

In agriculture and the biological sciences, monoculture refers to the situation where one type of plant or animal completely dominates an ecosystem, crowding out all other varieties. Typically, the dominant element of a monoculture will not only be of uniform species, but even uniform subtype within the species -- as if not only were all pets dogs (crowding out other pet species such as cats), but they're all a particular breed of poodle.

Modern agriculture has had many examples of monocultures, as particular breeds of crops are chosen for various desirable traits and propagated identically around the world, replacing a profusion of diverse local crops. The rise of big corporate farms and multinational seed manufacturers hastened the progress towards this situation. The number of distinct kinds of crops that are widely grown is steadily decreasing as scientists create carefully-crafted varieties designed for maximum popularity, and farmers choose identically to use them.

So what's the problem, if these crops are chosen because they're better? Well, in addition to the general deep-seated feeling that "variety is the spice of life" and something is lost when it is replaced with uniformity (as if, coast to coast, McDonald's crowded out all other restaurants and Wal-Mart eliminated all other stores), there are real problems that come out due to monoculture. Despite all the careful breeding that led to the crop varieties in use now, no crop is entirely immune to attack. Disease, insects, climate change, and other harmful things are capable of wiping out a crop, and it can turn out that, by random chance, some genetic varieties are more susceptible to a particular disaster than others. In a multiculture, with many different varieties out in the field, a disaster will harm some of them while sparing others; there would be some temporary shortages and some unfortunate farmers would have great losses, but crops as a whole would get through the disaster all right -- in fact, the next generation of crops would be better, as natural selection just got its chance to act to promote the propagation of varieties immune to that particular sort of disaster via survival of the fittest.

In a monoculture, however, if the single dominant variety happens to be susceptible to the disaster, it can be totally wiped out, turning what could have been a minor problem into a global catastrophe, and leaving little breeding stock from which a resistant variety can spring. This is basically what happened with the Southern cotton crops and the boll weevil near the turn of the 20th century.

So what does this have to do with computing?

Like agriculture, computing faces threats such as viruses, worms, and other factors, both malicious and accidental, that cause things to fail. And like farmers' fields, computers, collectively, can make up a monoculture -- all operating with hardware and software of identical design produced by the same vendors -- or a multiculture, with diverse hardware and software with much difference. Just as it is with farms, computers with greater diversity are less likely to be completely wiped out by any calamity that spreads through the computing world. A computer virus is likely to be written to run on a particular platform, and take advantage of the security weaknesses of a particular set of software products, and will be completely inert on a computer that's designed differently. A fatal bug in one software product is unlikely to be replicated in others. Hence, a multiculture is more robust at resisting disasters; some computers and software will be adversely affected, but others will come through unscathed, and the total damage will remain at manageable levels. The spread of dangerous viruses and worms may slow down or stop when most of the systems they try to infect turn out to be immune, rather than spreading like wildfire in a world full of identically-vulnerable computers.

Currently, the biggest threats of monoculture in the computing world are from Microsoft. The Windows operating system has a commanding lead in the desktop operating system market (outside "niche" segments like artists who prefer MacOS and computer geeks who prefer Linux), Internet Explorer has the vast majority of the Web browsing market, and various versions of Outlook and Outlook Express have a sizable chunk of the email market. This has been exploited by virus and worm authors, who make their malicious software specifically targeting these systems. The viruses and worms run under Windows, they take advantage of security flaws in MSIE and Outlook to launch themselves when an unsuspecting user opens a Web page or email message, and they make use of the known data formats of the Outlook address book and MSIE web cache to find email addresses of others to send the virus on to. On a MacOS or Linux system, they probably can't run at all. When they hit a competing mail program like Pegasus or Eudora, or a competing browser like Mozilla or Opera, their malicious scripts probably don't launch, and even if they do, they don't recognize the address book and cache formats to find more people to infect.

Thus, users of other systems generally find themselves immune to these viruses. This is not necessarily because the other systems are incapable of catching viruses in general. Although it is my belief that the design decisions of Microsoft make their software particularly vulnerable to such attacks, because the developers value "gee-whiz" flashiness and "dumbed-down" user friendliness over robust security and standards compliance, I do recognize that non-Microsoft software developers slip up sometimes too and introduce security weaknesses into their programs. However, each program has different security weaknesses, producing a multiculture that makes it harder for any particular virus to spread. These days, with most of the viruses targeted to Microsoft programs, they generally stop dead when they hit a computer using something else. Unfortunately, enough people are using the MS-ware that the viruses still run rampant anyway. A more diverse environment would be less conducive to this spread.

But just how diverse should computing be?

A common objection to the advocacy of computing diversity is the need for interoperation -- a Web browser and an e-mail program wouldn't be very useful if it couldn't access Web sites or e-mail messages coming from systems with different software. The intent of e-mail (since the 1970s) and the Web (since the 1990s) have been to make them universally interoperable, so that everybody with a computer should be able to use them. Some people misunderstand this to mean that everybody ought to be running the same exact programs under the same exact operating systems, so that Web pages and e-mail messages look exactly the same to everybody. Any Web page that has a line like "Best viewed in MSIE 6.0 under Windows XP with a 1280 x 1024 monitor with the browser in full-screen mode, JavaScript and cookies enabled, and the Flash plugin installed," is clearly created by the sort of person with that flawed understanding of the principles of the Web. In fact, the Internet was designed based on a set of openly-documented standards for the basic protocols and data formats, to ensure that everything that follows the standards can talk to one another, while allowing an infinite range of variation in everything else about the programs, operating systems, and hardware involved.

Microsoft, in particular, has done its best to subvert such standards through its "embrace and extend" stance -- they give lip service to supporting standards, and at early stages of their entry into a particular marketplace when they're just one strand of a multiculture, they do in fact maintain a decent degree of compatibility in order to gain initial acceptance. However, once they're dominant, they start "extending" the standards with proprietary gimmicks that only work between users of their software. Before long, their email programs are defaulting to sending mail in quirky formats that look messy in other mail readers, and their Web authoring software is creating pages that don't work well in other browsers. Ignorant consumers, when they see Web pages and e-mail messages that don't work well in other browsers and readers, blame those other software vendors even though the fault is actually in the nonstandard output of the Microsoft program, and Microsoft gains monoculture status.

Generally, the bugs and security holes that let the viruses and worms through are not inherent in the basic standards of the Internet; they show up in the specific implementations of programs, and especially in proprietary add-on features like the ability to have scripts launch automatically from Web pages or e-mail messages. Thus, other software can follow the standards perfectly and not have the same weaknesses that one progam has.

What You Should Do About It

It's simple; look around at the Web browsing and e-mail software available and pick ones that are best for you, not necessarily what came pre-installed on your computer. And, no matter what software you use, try to use it in a way that generates output that complies with all the applicable standards and avoid using proprietary tricks that might make your messages and Web pages unreadable to others who make different choices from you. Remember, not everyone in the world uses the same hardware and software as you, so be considerate in what you send, even if this might mean going down to a "lowest common denominator" that seems bland to you (e.g., plain text messages instead of fancy formatting). Support and encourage diversity, within the umbrella of standards compliance, rather than monocultural use of whatever is popular these days.

While Microsoft is the "enemy of the day" in this arena, this is not an eternal, unchanging situation; the concept is permanent, but the players change with time and place. In the mainframe computing environment of the 1960s and 1970s, IBM was the "evil empire" imposing its own non-standards on the field, but they had their downfall and are no longer a threat to anybody; right now the "villain" is Microsoft, but some day it might be somebody else, perhaps AOL (which is annoyingly close to a monoculture in the ISP market, at least among a large cohort of unsophisticated users who think AOL = The Internet). For a while, Netscape was the monoculturalist of the Web browser field, but that changed very rapidly. So it's overly simplistic to portray the issue as a fight against a single eternal and all-powerful devil; the fight, rather, is of open-standards-based diversity versus a near-monopolist, even if the identity of the monopolist changes from time to time. If any of the non-Microsoft products I recommend as antidotes to monoculture become so popular as to threaten to be the new monoculturalists themselves, you can expect me to change gears and start advocating the use of something else just to shake them up.

Some Alternatives to Microsoft Hegemony


A great choice for both Web browsing and email is Mozilla. I've been using it as my default browser for years now, and it's shaping up very nicely. If you tried earlier Mozilla versions a long time ago and found them too buggy and unstable, try it again now; it's reached a highly developed stage now. You have several choices of which version to download; which you choose depends on how adventurous or conservative you are. There are two major varieties of Mozilla: the "Mozilla Suite" (including the browser, an e-mail program, and other things such as an Internet Relay Chat [IRC] client), and the standalone Firefox browser. Version 1.7.1 is the latest stable release of the suite as of this writing, carefully tested to remove major bugs (with a security patch from version 1.7 to fix a vulnerability -- those things do happen with Mozilla too) 1.8 Alpha is closer to the leading edge (with new features that haven't been fully tested yet), and the nightly "trunk builds" are right at the bleeding edge (where you'll be the first to see neat new stuff, but also the first to experience catastrophic bugs). Firefox is getting increasingly popular lately, but is still technically pre-release software that is at version 0.9.2 (the upcoming 1.0 release will mark its reaching "final release" status). The Bugzilla database is out there for you to see what problems exist, how they're being resolved, and to contribute to the discussion yourself. Mozilla is a participatory project rather than a corporate product, so you can have some impact on how it develops. In addition to promoting a browser and email multiculture, you're also gaining useful features like popup blocking and tabbed browsing. The email feature is now developing a spam filter, too. Check it out!

Those who would prefer to have a corporate name behind the browser they use can download Netscape 7.1; it's based on Mozilla (though they unfortunately removed the popup blocking feature, and added all sorts of ad junk of their own, at the behest of their "marketing types"). However, Netscape is a shadow of its former self, having been eviscerated by its corporate parent, AOL; without much staff or motivation these days, they aren't likely to be making very many browser releases.

101 things that the Mozilla browser can do that IE cannot


Opera is a commercial browser that has a lot of admirers, especially in Europe. Its interface is very different from Netscape, MSIE, and Mozilla, which may be a good or a bad thing to you depending on how much you like or dislike those other browsers. Opera is designed to support lots of small browser windows within the larger application window, something like Mozilla's tabbed browsing but even more versatile. You also have a wide degree of configurability, like to decide whether links that try to open in new windows should actually do so or stay in the same window. You used to have to purchase a copy of Opera to use it, which gave it a great disadvantage against browsers that were free to download and use, but now the basic, unregistered version of Opera is free to use but shows ads on screen (just a banner at the top, no obtrusive pop-ups or anything). You can still pay for an ad-free version. Like Mozilla, Opera includes e-mail capability too.

Pegasus Mail

Although I use Mozilla as my browser, I don't read my e-mail in it, because I already have a separate mail program I like: Pegasus Mail. Pegasus doesn't look as "high-tech" as other mail programs, and has only minimal support for fancy-schmancy message formats, but to many of us old-timers who think e-mail has no business being in anything fancier than plain text, that's just fine with us. There's practically no risk of getting an e-mail virus through Pegasus, as it doesn't execute any sort of program or script simply by opening a message or showing it in a preview pane, unlike some other mail programs. And Pegasus was a pioneer in the use of advanced message-filtering rules to let you sort messages into folders by category, or suppress spam. Other programs have had to play catch-up to features Pegasus has had for a long time.



This page was first created 15 Dec 2002, and was last modified 10 Jul 2004.
Copyright © 1995-2011 by Daniel R. Tobias. All rights reserved.