Let’s check back on the whole "you should use Firefox because it is magically more secure than IE" ruse that some (many?) security professionals espoused. Did the profession let its anti-Microsoft bias get in the way of good security recommendations?
I think so. (Here is what I said).
Even more importantly, did we learn anything?
It sure seems like there is a visceral dislike of Microsoft products that clouds discussions.
I found the argument about heterogenous environments far more convincing than the ‘secure because not Microsoft’ assertion. Of course that argument never asserts that you will have a more secure syste, just one that is less likely to suffer from the same attack that targets a different system.
The argument around heterogeneous environments is interesting, but with multi-vector attacks and the added complexity and overhead, I don’t see a huge benefit.
For someone aiming to protect the entire Internet, maybe there is interest, but you’d have to get highly heterogeneous to even make it work. (The largest worm I am aware of maybe compromised a few hundred thousand machines – even limiting to a million machines per O.S. or application type would require 600 different heterogeneous solutions).