[ Thanks to Jim
Flynn for this link. ]
“Code Red also showed how easy it is to attack IIS Web
servers. Thus, securely using Internet-exposed IIS Web servers has
a high cost of ownership. Businesses using Microsoft’s IIS Web
server software have to update every IIS server with every
Microsoft security patch that comes out–almost weekly. However,
Nimda has again shown the high risk of using IIS and the effort
involved in keeping up with Microsoft’s frequent security patches.Gartner recommends that businesses hit by both Code Red and
Nimda immediately investigate alternatives to IIS, including moving
Web applications to Web server software from other vendors such as
iPlanet and Apache. Although those Web servers have required some
security patches, they have much better security records than IIS
and are not under active attack by the vast number of virus and
worm writers.”