Join 3,433 readers in helping fund MetaFilter (Hide)


Gartner Group
September 21, 2001 12:16 PM   Subscribe

Gartner Group recommends that IIS users look elsewhere for a better web server.
posted by vowe (8 comments total)

 
Internet Invitation Server
posted by jkaczor at 12:33 PM on September 21, 2001


A great many of us have been saying that for years, but I guess every middle manager needs a consulting group's opinion before acting...

Next up: Gartner Group finds that gunshot wounds aren't fun
posted by fooljay at 12:50 PM on September 21, 2001


<rant>
let's consider this for a second.

many people hate Microsoft. many people host their web applications using IIS, for one reason or another. many of these host their sites on IIS because their managers told them to do so. still even more do it because they want to, and feel it's a decent server. a few of these people who use IIS as a server hate Microsoft too, but honestly just don't have any other choice.

the way i see it, attacking those who use IIS as their web server does nothing against Microsoft. sure, we know IIS is vulnerable. chances are other web servers out there are too, and are vulnerable to numerous hacks and attacks. nothing is impervious to attack if it's attached to the net, bottom line.

however, it's not funny, it's not something that needs to be joked on. these virii cause a lot of people - a lot of innocent people - a lot of headache. a client of mine got infected with this virus and their entire network was brought to a halt, thus temporarily bringing their business to a halt. this is not good, funny, or fair.

it may be a stretch, but i liken the situation to our current national situation. who says it's funny, fair, or moral to hurt normal administrators and developers out there who have simply chosen this software? attacking these individuals does nothing but hurt them. do you honestly think that Microsoft has been hurt by these? sure, their already terrible public relations image is once again destroyed, but they most likely will continue to release buggy, infectable software, just like everyone else out there.

if you've ever worked with an enterprise system, you know how badly your business can be crushed with virii of this nature. joking about it does no good. rather, it humorizes something we, as a digital society, must do our best to remove - the destruction of enterprise data because of the "religious issues" of a few pissed off hackers.

if you want to hurt Microsoft, infect them, not the innocent developers and administrators out there who choose otherwise.

better yet - leave them alone entirely.
</rant>
posted by tatochip at 1:28 PM on September 21, 2001


Think monoculture
posted by vowe at 1:44 PM on September 21, 2001


Nimda Worm Shows You Can't Always Patch Fast Enough

This is a lie, the exploits being used by Nimda are over a year old. I think the IE one is slightly younger. You can patch them fast enough, the problem is people don't patch frequently enough or don't bother patching at all.

MS has its shortcomings, but at least you can download their patches day and night. Pain in the ass when you build a new server? Yes. Impossible to keep up? No.

More power to Apache and all that, but if you're the type who thinks getting on a security mailing list and patching holes is just not your style you shouldn't be running any type of public server.
posted by skallas at 1:47 PM on September 21, 2001


With re: to Monocluture, I tell end users not to use Outlook. I might have missed it, but it seems no one writes virii aimed at Eudora.

And last I checked, BSD is airtight. It took them a year and a half to audit the entire OS, but its secure. I just can't see Microsoft doing such a thing. Its so far out of their corporate mindset to pursue such an thing...
posted by BentPenguin at 2:08 PM on September 21, 2001


tatochip writes: "the way I see it, attacking those who use IIS as their web server does nothing against Microsoft."
Wrong.
1. Microsoft itself was severly impacted by this recent attack. Several MS employees at different facilities were sent home early on Tues & Wed of this week because their networks weren't functional.
2. Conversions away from MS products will hurt MS.

While I don't condone virus writing for any purpose, MS should have got the hint by now that they will be target #1 for crackers, and they should do a better job of securing their products. The fact that alternate systems experience fewer security violations is, admittedly in part due to the targeting of MS, but primarily is due to the alternatives' inherently better security.
posted by yesster at 2:24 PM on September 21, 2001


This is a lie, the exploits being used by Nimda are over a year old.

Since there were four ways at least that this thing could get into your system, the emphasis on patches from a year ago is a little misleading. Many who followed the adage of "patch early and patch often" nevertheless succumbed to this bug. You can find a pretty good explanation of this on NTbugTraq under the heading "Not vulnerable servers getting infected".
posted by leo at 12:10 AM on September 22, 2001


« Older Cafe Con Pelvis...  |  Salon suspends "Bushed".... Newer »


This thread has been archived and is closed to new comments