liquidat.wordpress.com— The newest Netcraft Web server survey shows again a shrinking of Apaches market share. It is now at 56%, followed by Microsoft with more then 30%.
May 4, 2007View in Crawl 4
> Also there is no way IIS has fewer vulnerabilities than Apache. GMorgan, you are now showing your true colours. We both know that there is no way of counting total vulnerabilities. We can only look at reported vulnerabilities, how many remain unpatched and the criticalness of those unpatched. On those metrics, IIS 6 is currently AHEAD of Apache. See my prior post for the secunia links (or look it up yourself).Furthermore, IIS has enough market share to attract interest, about 1 in 3 webservers are running it. It was only 1 in 5 when Code Red was released in July 2001 ( <a class="user" href="http://survey.netcraft.com/index-200107.html">http://survey.netcraft.com/index-200107.html</a> ). That is a 15% increase in market share with less known vulnerabilities and none unpatched. Furthermore, the handling services run as the Network Services user instead of System, which means that even if a vulnerability is found, it will have a much harder time doing anything.Your argument simply does not stack up. That said, I am running Apache 2.2.3 on my laptop here, but that is a preference, nothing more.> Also there is no way IIS has fewer vulnerabilities than Apache. In fact it is the standard argument against the 'popularity is the only metric' argument when > it comes to vulnerabilities.No, that illustration today can only be used to show that high market share does not necessarily equal security flaws every second day. 6 years ago, yes IIS had more bugs and a significantly smaller install base. But that is simply not true today. Even Apache which currently has the worst record is not looking too bad.
Well, I'm a LAMP / Unix / Oracle guy in general, but our system that uses IIS and .Net hitting an Oracle db runs flawlessly. The other system running Weblogic & Oracle is the biggest piece of s**t known to mankind.I'm starting to see a pattern between complete bulls**t applications using Weblogic & J2EE. You know it as soon as you hit a website that's running J2EE...let the slowness begin. I've seen this at various Fortune 500 companies. Not sure if it's J2EE, Weblogic, or the lame ass developers they hire, but there's definitely a pattern.Only problem with the IIS and .net boxes is that we have to patch them all the time.
Its a very simple fact that you open source bigots will never admit. Microsoft's IIS is simply a superior product and has finally met and exceeded the capabilities and security of Apache.
@githocI'm not commenting on whether we should or shouldn't include GoDaddy's ad servers in the count, simply that no one should be confused about why there was a drastic shift in the statistics. GoDaddy serves a ridiculous amount of parked domains.
@offwhite"Yeah, go ahead and discount the people who know enough to realize that Apache has not come up with an innovated release in a long time."Like threading method for accepting connections in 2.0?"One example, they are still not using XML for their configuration files which would be extremely useful. "Heh, that made my day! I presume you're joking but otherwise, if all you can give as an advantage of IIS is XML syntax over plain text used now (jerbaker gave a nice example), it's hilarious.
To everyone:ISS6+ & ASP.NET 2.0 is a very strong and easy to use option. The security has improved and the mods are getting even better. ASP.NET AJAX is as good as the original "GOOGLE" AJAX and has a ton of toys.When it comes to LAMP, it’s free and is easy to pickup and deploys "except for Apache" which is good but a pain to configure on some systems and OS. The one bad thing about Open Source systems like this is the fact that it is "Open Source." Which means that anyone can write a back door or virus that can enter a system a trash it. Open Source is one of the greatest learning tools. But when it comes to Security it’s a dangerous tool also.I believe each has its place but for a business or high security needs I would put my money with Windows 2003, UNIX "most versions, Netware 6+. Netware has fallen but it has great security and it needs less over head then Windows.That's just my .02...Let's all just get along and use what you like the most and works for your application needs.Later
phil246May 5, 2007
you're thinking of the akamai caching services they use(d?) at one point. They had linux servers
grumpyrainMay 6, 2007
> Also there is no way IIS has fewer vulnerabilities than Apache. GMorgan, you are now showing your true colours. We both know that there is no way of counting total vulnerabilities. We can only look at reported vulnerabilities, how many remain unpatched and the criticalness of those unpatched. On those metrics, IIS 6 is currently AHEAD of Apache. See my prior post for the secunia links (or look it up yourself).Furthermore, IIS has enough market share to attract interest, about 1 in 3 webservers are running it. It was only 1 in 5 when Code Red was released in July 2001 ( <a class="user" href="http://survey.netcraft.com/index-200107.html">http://survey.netcraft.com/index-200107.html</a> ). That is a 15% increase in market share with less known vulnerabilities and none unpatched. Furthermore, the handling services run as the Network Services user instead of System, which means that even if a vulnerability is found, it will have a much harder time doing anything.Your argument simply does not stack up. That said, I am running Apache 2.2.3 on my laptop here, but that is a preference, nothing more.> Also there is no way IIS has fewer vulnerabilities than Apache. In fact it is the standard argument against the 'popularity is the only metric' argument when > it comes to vulnerabilities.No, that illustration today can only be used to show that high market share does not necessarily equal security flaws every second day. 6 years ago, yes IIS had more bugs and a significantly smaller install base. But that is simply not true today. Even Apache which currently has the worst record is not looking too bad.
babakshiraziMay 6, 2007
Wow. People still use Sun's iPlanet Web Server? You gotta be s**tting me? ROTFLMAO!
babakshiraziMay 6, 2007
Well, I'm a LAMP / Unix / Oracle guy in general, but our system that uses IIS and .Net hitting an Oracle db runs flawlessly. The other system running Weblogic & Oracle is the biggest piece of s**t known to mankind.I'm starting to see a pattern between complete bulls**t applications using Weblogic & J2EE. You know it as soon as you hit a website that's running J2EE...let the slowness begin. I've seen this at various Fortune 500 companies. Not sure if it's J2EE, Weblogic, or the lame ass developers they hire, but there's definitely a pattern.Only problem with the IIS and .net boxes is that we have to patch them all the time.
profmike2002May 7, 2007
Its a very simple fact that you open source bigots will never admit. Microsoft's IIS is simply a superior product and has finally met and exceeded the capabilities and security of Apache.
ucg1May 7, 2007
@githocI'm not commenting on whether we should or shouldn't include GoDaddy's ad servers in the count, simply that no one should be confused about why there was a drastic shift in the statistics. GoDaddy serves a ridiculous amount of parked domains.
bstaplesMay 8, 2007
Read my take: <a class="user" href="http://blogs.iis.net/bills/archive/2007/05/05/iis-vs-apache.aspx">http://blogs.iis.net/bills/archive/2007/05/05/iis-vs-apache.aspx</a>
Closed AccountMay 8, 2007
@offwhite"Yeah, go ahead and discount the people who know enough to realize that Apache has not come up with an innovated release in a long time."Like threading method for accepting connections in 2.0?"One example, they are still not using XML for their configuration files which would be extremely useful. "Heh, that made my day! I presume you're joking but otherwise, if all you can give as an advantage of IIS is XML syntax over plain text used now (jerbaker gave a nice example), it's hilarious.
aspjunkieMay 12, 2007
To everyone:ISS6+ & ASP.NET 2.0 is a very strong and easy to use option. The security has improved and the mods are getting even better. ASP.NET AJAX is as good as the original "GOOGLE" AJAX and has a ton of toys.When it comes to LAMP, it’s free and is easy to pickup and deploys "except for Apache" which is good but a pain to configure on some systems and OS. The one bad thing about Open Source systems like this is the fact that it is "Open Source." Which means that anyone can write a back door or virus that can enter a system a trash it. Open Source is one of the greatest learning tools. But when it comes to Security it’s a dangerous tool also.I believe each has its place but for a business or high security needs I would put my money with Windows 2003, UNIX "most versions, Netware 6+. Netware has fallen but it has great security and it needs less over head then Windows.That's just my .02...Let's all just get along and use what you like the most and works for your application needs.Later
drakimorOct 23, 2008
IIS itself can be as secure as you want... running it on a the most insecure OS on the market makes that meaningless. You don't HAVE to hack the webserver itself when you can own the machine.Just look at a single vuln out today:<a class="user" href="http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx">http://www.microsoft.com/technet/security/Bulletin ...</a>