On Thu, Nov 14, 2002 at 10:41:12AM -0500, Phillip Hofmeister wrote: > > Apache has been having a lot of problems lately. ALMOST as bad as > IIS... > [useful part of message removed :]
My impression is that most of the problems found these days are cross-site scripting, or at the worst, local privilege escalation. (I don't run a publically accessable apache server, so I don't pay the closest attention...) Every Micros~1 exploit is some sort of remote root/arbitrary code problem, often in stuff that is enabled by default. I don't remember hearing about any IIS bugs that were just local privs or not-as-serious stuff like that. I guess we just don't hear about anything but the most serious of Micros~1's problems, so counting "security problems found" as a measure of anything other than how much work you'll have to do to be able to claim you do a good job is bad. (don't forget to multiply by the ratio of work needed to use apt (really easy :)/work needed to use windows update (half the time you need to reboot)) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
