[ale] OT: Gartner: drop IIS

Transam transam at cavu.com
Wed Oct 10 14:13:28 EDT 2001 

Dan Mount wrote:

> Not to start a fight, but if you read that entire page, Apache outranks
> IIS in the number of hosts, not the number of machines running the
> software.

> Quote from the page:
> "Microsoft Windows has a significantly higher share of the web when one
> counts by computer, rather than by host, as in the conventional Web
> Server Survey. The survey shows 49.6% of the computers running the web
> are Windows based. As some of the 3% of computers not identified by the
> Netcraft operating system detector will in reality be Windows systems,
> despite some uncertainty due to the survey's error margins, it would be
> fair to say half of public Web Servers world-wide are run on Microsoft
> operating systems. Although Apache runs more sites than Windows, Apache
> is heavily deployed at hosting companies and ISPs who strive to run as
> many sites as possible on a single computer to save costs. Windows is
> most popular with end-user and self hosted sites, where the host to
> computer ratio is much smaller."

The count by computers is misleading.  One needs twice as many Winbloz
computers to handle the same web load as would Linux servers.  Also, one
Linux system can be trusted not to crash every day or two.  The count by
host name is more realistic.

Whichever count you use, the ratio between compromised web servers far
exceeds whichever count of web servers (hosts or computers) are used.  This
suggests that IIS is much less secure than Apache.

It also is true, I think, that crackers admire secure systems and despise
insecure ones so they sometimes tend to go after the Winbloz systems.  On
the other hand, some find no challenge in breaking into Winbloz and so go
after Linux and Unix.  All of this is my opinion, of course.

> So, it depends on how you count it.

> DM

Bob Toxen
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
http://www.cavu.com
http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21


> -----Original Message-----
> From: Geoffrey [mailto:esoteric at denali.atlnet.com] 
> Sent: Wednesday, October 03, 2001 8:00 PM
> To: Eichler, Paula J.; ALE
> Subject: Re: [ale] OT: Gartner: drop IIS

> "Eichler, Paula J." wrote:
> > 
> > Question:  Microsoft defenders in these types of articles like to say
> the
> > the problem is that hackers attack IIS because it is so popular.
> Maybe I
> > misread something, but isn't Apache installed on more web servers than
> any
> > other?  That would pretty much negate that argument, n'est pas?
> Unless they
> > are counting the "web servers" that are installed inadvertantly with
> other
> > applications ...pj

> According to http://www.netcraft.com/survey/ Apache carries 60% of the
> market, with IIS a distant second at 27%.  So you are correct, Apache is
> much more abundant.
> --
> Until later: Geoffrey		esoteric at denali.atlnet.com
> "I don't want a Microsoft Passport, and Microsoft can't have my wallet."

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list