According to this article, plenty of people are tired of
Microsoft IIS's security problems, but inertia and the lack of
qualified Unix security experts is holding back adoption of
alternative platforms (read: Apache) in some shops:
"...Security consultancy @Stake Inc. estimates that IIS
holds 25 percent of the market for enterprise Web servers, yet more
than 50 percent of the Web sites listed on the Attrition.org
archive of defaced sites are running IIS.
Despite the widespread perception of IIS as a nonsecure server,
many customers say that, because it is the default Web server with
Windows NT and Windows 2000 (news - web sites), it will remain
their server of choice because they are too committed to Microsoft
to make a switch practical or affordable. In real-world terms, this
means large portions of the Internet will remain vulnerable as long
as this attitude prevails.
"I would switch if I could convince my company to do it," said
Jeff Nelson, network manager at Cleveland Motion Controls Inc., in
Cleveland, and an IIS user. "It's hard to find good Unix (news -
web sites) security guys, though. But [Microsoft's] new licensing
policies do make dumping them a lot more attractive."