problem of the Internet end host patching better patch clue patches can make problem worse, break other things if a patch does that, please tell your vendor... example: code red -- people couldn't patch IIS without breaking realsecure so many didn't patch 'default deny' is your friend -- at host level! help develop or at least be aware of product liability laws won't push genetic diversity argument as alternative `safety' sounds too security through obscurity to me unclear how much manageability would be sacrificed to get it already too much whack-a-mole in this field fidelity.com (who handles about a billion dollars a day on the Internet) already can't handle my mozilla if we espouse genetic diversity, we better espouse a hell of a lot of systemic investment in software testing besides hey i'd run a monopoly OS too were it the best OS monoculture paper suggests it might not be possible: http://www.ccianet.org/papers/cyberinsecurity.pdf many unixes use RPC and same BSD stack anyway most importantly, it may be a good idea but it is no substitute for patch clue illegitimate botnetting is big financially backed industry now serious income motivation to find holes see rob thomas' aerobic nanog talk online (oct 2003 meeting) a few more OSes on the Internet would not diminish the catastrophic potential the kiddie scripts would just be longer