CNET: Commentary: Another worm, more patches

[ Thanks to Jim Flynn for this link. ]

"Code Red also showed how easy it is to attack IIS Web servers. Thus, securely using Internet-exposed IIS Web servers has a high cost of ownership. Businesses using Microsoft's IIS Web server software have to update every IIS server with every Microsoft security patch that comes out--almost weekly. However, Nimda has again shown the high risk of using IIS and the effort involved in keeping up with Microsoft's frequent security patches.

Gartner recommends that businesses hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors such as iPlanet and Apache. Although those Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers."

Complete Story

Related Stories:

• Wired: A 'Tarpit' That Traps Worms(Sep 19, 2001)
• InternetNews.com: FBI, CERT Warn New Worm Spreading Fast(Sep 18, 2001)
• ZDNet/Yahoo!: Automatic patching: Will it make the world safe from worms? (Sep 13, 2001)
• PC Review: It's enough to make an agnostic believe(Sep 06, 2001)
• UnixReview: Thinking about Security(Sep 03, 2001)
• Yahoo!/ZDNet: Insurer: Microsoft Is A Costly Choice (Aug 21, 2001)
• O'Reilly Network: Apache::CodeRed (Aug 19, 2001)
• NewsAlert: Code Red: A Witch Hunt Provocateur?(Aug 11, 2001)
• NewsBytes: Microsoft's Hotmail Is Red Hot From Worm(Aug 09, 2001)
• LinuxPlanet: .comment: The Great, the Pretty Bad, and the Breathtakingly Stupid(Aug 08, 2001)
• Red Rock Eater: "Code Red" Roundup(Aug 01, 2001)
• SANS Security Alert: Code Red Is Set to Come Storming Back!(Jul 30, 2001)
• LinuxPlanet: .comment: The Weakest Link(Jul 25, 2001)
• Red Rock Eater: "Code Red" Worm(Jul 21, 2001)