Microsoft's IIS twice as likely to host malware than Apache

Discussion in 'Computer Support' started by Au79, Jun 8, 2007.

  1. Au79

    Au79 Guest

    Au79, Jun 8, 2007
    #1
    1. Advertising

  2. Au79

    Mr. Arnold Guest

    "Au79" <> wrote in message
    news:K%2ai.463360$...
    > IT PRO - London,Greater London,UK
    >
    > "The integration between attacks originating from popular web sites and
    > desktop based vulnerabilities is particularly concerning ...


    If the developer doesn't know how to write secure Web solutions to face the
    Internet, then it doesn't matter what Web server is being used. If the
    framework on which the Web solution is based on is not a secure framework,
    then it doesn't matter how it was developed.

    If the administrators of the Web server(s) don't know how to secure the Web
    server properly, then it doesn't matter what Web server is being used.

    If the administrators of the O/S on which the Web server is running on don't
    know how to properly secure the O/S and underlying components of the O/S to
    be exposed to the Internet, then it doesn't matter what O/S is being used.

    Hell, most of them don't even know what a CSS attack is even about or other
    forms of attacks.

    http://en.wikipedia.org/wiki/Cross-site_scripting

    In general, most Web sites no matter what Web server is being used or the
    platform it's running on are wide open to attack, due to incompetence. They
    just throw things out there with no concern about security whatsoever.
     
    Mr. Arnold, Jun 8, 2007
    #2
    1. Advertising

  3. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:K%2ai.463360$:

    > IT PRO - London,Greater London,UK
    >
    > "The integration between attacks originating from popular web sites and
    > desktop based vulnerabilities is particularly concerning ...
    >
    ><http://www.itpro.co.uk/news/115085/microsofts-iis-twice-as-likely-to-host
    >-malware-than-apache.html>


    You off course left out the relevant quote from the article:

    "It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running
    IIS than Apache," said Modadugu.

    The researcher said that the causes for IIS featuring more prominently in these countries could be due to
    factors, such as automatic updates and security patches not being enabled due to software piracy.
     
    Fuzzy Logic, Jun 8, 2007
    #3
  4. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:K%2ai.463360$:

    > IT PRO - London,Greater London,UK
    >
    > "The integration between attacks originating from popular web sites and
    > desktop based vulnerabilities is particularly concerning ...
    >
    ><http://www.itpro.co.uk/news/115085/microsofts-iis-twice-as-likely-to-host
    >-malware-than-apache.html>


    The issue is unpatched servers. Properly maintained servers (IIS and Apache) are extremely unlikely to be
    comprimised. Of course you failed to mention this article:

    http://blog.washingtonpost.com/securityfix/2007/05/cyber_crooks_hijack_activities_1.html

    Which mentions that IPOWER hosted 700,000 sites of which it's uncertain how many have been compromised
    (250,000 was the estimate). The reason was failure to update Apache and PHP.

    When will you get it that it's not the software you use but how well you maintain it that's the primary factor in
    ensuring it's security?
     
    Fuzzy Logic, Jun 8, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moe_rodrigue

    IIS 6.0 win2003, IIS users

    moe_rodrigue, Apr 1, 2004, in forum: MCSE
    Replies:
    1
    Views:
    1,108
    MikeF
    Apr 1, 2004
  2. Peter
    Replies:
    0
    Views:
    719
    Peter
    Nov 17, 2004
  3. PowerPost2000

    Are big hard drives more likely to fail than smaller ones?

    PowerPost2000, Jun 4, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    1,564
    Patrick
    Jun 5, 2005
  4. Galpersonal
    Replies:
    8
    Views:
    1,088
    universal4
    Aug 13, 2006
  5. MaHogany
    Replies:
    0
    Views:
    303
    MaHogany
    Jul 1, 2006
Loading...

Share This Page