Why are you not running Apache? New IIS holes should make you rethink your web server

May 20, 2009, 15:32 (0 Talkback[s])
(Other stories by David Lane)

"First, we have reports of the theft and corruption of the Commonwealth of Virginia's Prescription Monitoring Program web site. The story is that the site had been hacked, the data encrypted or deleted or being held hostage, according to a variety of sites, and the FBI is investigating. As discussed on the latest Search Engine, almost no one is really taking the ransom demand seriously for a variety of reasons. The second topic that got me annoyed was a ComputerWorld article yesterday about new, serious bugs in IIS and Microsoft's prevailing attitude about the risk. Finally I had to set up an IIS server and kept lamenting that it should not be this hard.

"Now, in all fairness, IIS 7 is supposed to be a much better product with text file configuration capability (just like Apache) and it is supposed to be more secure. My question is this. Why, would anyone voluntarily run their web site on IIS? Especially if it was a forward-facing site, connected to the Internet and subjected to attacks every minute of every day?"

Complete Story

Related Stories:

• Editor's Note: Snooping the Internet With Netcraft(Apr 11, 2009)
• March 2009 Web Server Survey(Apr 02, 2009)
• Apache Gains Market Share(Dec 04, 2007)
• Did Microsoft Buy Netcraft?(Aug 25, 2007)
• SearchOpenSource: Migrating Microsoft Internet Information Server to Apache on Red Hat Linux(Jan 04, 2007)
• SearchOpenSource: Microsoft's IIS 7 Will Aid PHP Developers' Linux Deployments(Sep 26, 2006)
• E-Commerce News: Stat Wars 2: A Tale of Two Surveys on Apache and IIS(Feb 27, 2004)