Ok, while i'm not a particularly big fan of M$ or IIS, or any of their products, i'm gonna take the chance to poke at your arguments for a sec.
> Remote root exploits in apache since it's creation: 1 (1.2.x, remember?) > Remote root exploits in IIS in the last year: 3? 4? Comparing IIS to apache isn't really fair, at least compare it to something that does dynamic generation. How many Unix servers have been hacked through poorly written perl scripts? Or even not hacked, just brought down through their intended use? Once you've got mod_perl running in your app, there's all kinds of mess you can code yourself into. > that if it's open source system, YOU CAN DO SOMETHING ABOUT IT. If you are How many people actually fix their own security holes? Most admins wait for a patch from the affected software. Bind, Sendmail, etc. Those are even the decent admins. I mean the likelyhood that the inexpensive M$ admin that couldn't patch IIS is going to fail to patch the bind exploit is pretty high. > system there is a lot more to it then just the admin. The key point being > using M$, the best you can do is pray for a quick patch that won't break He claimed the patches were available before the virus hit. > Remember service pack 2, NT 4.0? It was the hotfix for the horrible errors > they made in service pack 1, but they broke even more than the fixed. Oh, you mean like the RedHat 5.0 release? In all seriousness, i can't advocate using M$ products, but i think the blame can be spread around a little. You should save a little for the people that chose to use their products, and the ones that couldn't figure out how to set them up. -Lkb > > What's the quote from "Ghost World"? "It was so bad, that it was funny > again, and then it wasn't." > > Cheers, > sach > > > On Tue, 9 Oct 2001, Lorin wrote: > > > http://www.theregister.co.uk/content/4/22132.html > > > > Critical to gartner groups advisory to switch away from M$ products. I'm > > not sure i agree with most of his points about how it doesn't matter that > > much which system you use, but the argument towards the end was > > interesting: > > > > 'One thing is for sure: If you've got an admin that can't secure a > > Microsoft Web server, then your chances of having them secure a Solaris > > installation will be slim.' > > > > -Lkb > > > > > >
