It is not reasonably difficult to secure a system against
these worms. Every single security weakness Nimda exploited
already had a patch. Our development server never missed
a beat, and is publicly visible on the Internet.
I do think security is mostly relative to your administrator,
and somewhat on your operating system and web serving software.
I think the human factor, as in the administrators, is the bigger
issue here. Nothing against anyone but any good admin following
procedure could have secured their systems against this.
That said, IIS is thrust into the hands of unsuspecting users
who are NOT system administrators. Your average business user
does not have a clue about securing a NT system. Yet the tool
is run by default and put into the hands of business users on
fat net pipes. I also see it proliferate extremely virally on
my DSL subnet. This says to me that people have IIS running
and are probably not even aware they have been hit and are
infecting others, of course this statement is largely based
on assumptions, no other explanation works very well since the
fixes for these worms were out before code red.
Herein lies my real complaint with this situation. IIS should
not be turned on and should not be used by people who know what
they are doing. Microsoft helps propagate these kind of worms
by insecure default configurations. Whereas, if you actually
turn IIS on somehow, you probably have a much better clue
about what your doing. Of course, I have seen default installations
of RedHat come with remotely exploitable holes. Solaris with a
default installation is a joke, pick your root kit and have at it.
I do believe Apache is not *inherently* more secure. However
I will raise a challenge to say that Apache tends to have
less severe bugs, the frequency is less often, and you can
fix the bug yourself, or quickly get a patch for it, without
reliance on Microsoft. The architecture is generally more
well known, and the software is at this point, rather nice.
I run Apache on my W2K system at home, no remote exploits or
even regular exploits to hit my machine, I am still waiting.
So there will always be Microsoft hates, but whatever works. If
your machines get hit by this a lot, and you lose a lot of time
on stuff like this; hit the books and be sensible about using
software, any software, on the Internet. Knowledge is the only
real way to stop these kind of bugs from being proliferated. :-D
Thanks
Jeremy Allen
elliptIQ Inc.
-----Original Message-----
From: Tony Gruen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 4:44 PM
To: CF-Talk
Subject: RE: Check out what Gartner is recommending. Drop IIS!
It comes down to responsible administration. We have watched this come and
still going on without incident and several IIS servers.
Tony Gruen
sfnetworks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
