Sunday, November 20, 2005

Synthetic Diversity

Monoculture is a recognized problem when discussing malicious code.
It's what amplifies the effects of malicious code to the point where it
can have devastating effects.

Here is another
paper from last year's WORM, this one describing a method called
synthetic diversity as a method for combating malicious code.

It's an
interesting read but I disagree with most of it for a number of
reasons:

  • Synthetic diversity within a program can only go so far.
    While the techniques may reduce the number of attack points within a
    program, it won't remove them entirely. Add millions of users to that
    situation and diversity within a program that does the same function,
    time after time, becomes a bit shallow.
  • As always, adding
    complexity isn't a good response to lessen vulnerabilities. The KISS
    principle is better.
  • Diversity can only be provided via a small
    number of methods. It wouldn't take long for the "bad guys" to adapt.
    Even if more methods were developed, it would lead to an already
    familiar type of arms race.

Anyone care to argue for or
against?