Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Mark Handley <M.Handley () cs ucl ac uk>
Date: Mon, 18 Aug 2003 19:07:07 +0100
Heterogeneity increases survivability of the *species*, but does little to protect the individual.
What you're not taking into account is contagion. Amongst a homogeneous population, a pathogen that infects your friends can likely infect you. Amongst a heterogeneous population, if the same pathogen infects a friend, there's a significantly lower probability it can infect you. Now, if you're promiscuous and come into contact with enough strangers, you'll catch the pathogen either way. But if you're not promiscuous, you greatly reduce the change of contracting the pathogen if you are part of a heterogeneous population. How does this affect networks? Well, if you're a webserver or mailserver that talks to everyone, the heterogeneity doesn't buy you so much (other than, as you said, there might be more pathogens for popular systems). But if you're configured to not talk to the whole world (via a firewall, or something equivalent), then you're a whole lot safer if the machines you do communicate with are different from you in ways that make contagion harder. Cheers, Mark
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention stealth (Aug 15)
- Re: Buffer overflow prevention Mark Tinberg (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Peter Busser (Aug 18)
- Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
- Re: Buffer overflow prevention Shaun Clowes (Aug 15)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention Shaun Clowes (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Mark Handley (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Heterogeneity as a form of obscurity, and its usefulness Bob Rogers (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Crispin Cowan (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Nicholas Weaver (Aug 22)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)