Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Microsoft's IIS twice as likely to host malware than Apache

Reply
Thread Tools

Microsoft's IIS twice as likely to host malware than Apache

 
 
Au79
Guest
Posts: n/a
 
      06-08-2007
IT PRO - London,Greater London,UK

"The integration between attacks originating from popular web sites and
desktop based vulnerabilities is particularly concerning ...

<http://www.itpro.co.uk/news/115085/microsofts-iis-twice-as-likely-to-host-malware-than-apache.html>
--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
http://rixstep.com/1/20040719,00.shtml
http://free.thelinuxstore.ca/
 
Reply With Quote
 
 
 
 
Mr. Arnold
Guest
Posts: n/a
 
      06-08-2007

"Au79" <(E-Mail Removed)> wrote in message
news:K%2ai.463360$(E-Mail Removed)...
> IT PRO - London,Greater London,UK
>
> "The integration between attacks originating from popular web sites and
> desktop based vulnerabilities is particularly concerning ...


If the developer doesn't know how to write secure Web solutions to face the
Internet, then it doesn't matter what Web server is being used. If the
framework on which the Web solution is based on is not a secure framework,
then it doesn't matter how it was developed.

If the administrators of the Web server(s) don't know how to secure the Web
server properly, then it doesn't matter what Web server is being used.

If the administrators of the O/S on which the Web server is running on don't
know how to properly secure the O/S and underlying components of the O/S to
be exposed to the Internet, then it doesn't matter what O/S is being used.

Hell, most of them don't even know what a CSS attack is even about or other
forms of attacks.

http://en.wikipedia.org/wiki/Cross-site_scripting

In general, most Web sites no matter what Web server is being used or the
platform it's running on are wide open to attack, due to incompetence. They
just throw things out there with no concern about security whatsoever.


 
Reply With Quote
 
 
 
 
Fuzzy Logic
Guest
Posts: n/a
 
      06-08-2007
Au79 <(E-Mail Removed)> wrote in news:K%2ai.463360$(E-Mail Removed):

> IT PRO - London,Greater London,UK
>
> "The integration between attacks originating from popular web sites and
> desktop based vulnerabilities is particularly concerning ...
>
><http://www.itpro.co.uk/news/115085/m...likely-to-host
>-malware-than-apache.html>


You off course left out the relevant quote from the article:

"It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running
IIS than Apache," said Modadugu.

The researcher said that the causes for IIS featuring more prominently in these countries could be due to
factors, such as automatic updates and security patches not being enabled due to software piracy.
 
Reply With Quote
 
Fuzzy Logic
Guest
Posts: n/a
 
      06-08-2007
Au79 <(E-Mail Removed)> wrote in news:K%2ai.463360$(E-Mail Removed):

> IT PRO - London,Greater London,UK
>
> "The integration between attacks originating from popular web sites and
> desktop based vulnerabilities is particularly concerning ...
>
><http://www.itpro.co.uk/news/115085/m...likely-to-host
>-malware-than-apache.html>


The issue is unpatched servers. Properly maintained servers (IIS and Apache) are extremely unlikely to be
comprimised. Of course you failed to mention this article:

http://blog.washingtonpost.com/secur...ivities_1.html

Which mentions that IPOWER hosted 700,000 sites of which it's uncertain how many have been compromised
(250,000 was the estimate). The reason was failure to update Apache and PHP.

When will you get it that it's not the software you use but how well you maintain it that's the primary factor in
ensuring it's security?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem: apache plugin initialises C++ statics twice tropos C++ 1 01-09-2008 02:11 PM
Generic Host Process Malware Intrusion, HELP Barbara Computer Support 0 08-14-2006 07:24 PM
twice(twice(x)) Kiuhnm C++ 2 04-01-2006 04:41 PM
Are big hard drives more likely to fail than smaller ones? PowerPost2000 Computer Support 4 06-05-2005 06:02 AM
PIX: how to allow 1 host from outside interface to access another host on the inside interface? jonnah Cisco 1 04-21-2004 02:26 PM



Advertisments