> > The point is that Apache is less prone to attack for some reason. Better > initial coding possibly with fewer holes ?? With Apache there are seldom > fixes going out since the initial code was written with security in mind. > > Rarely is it necessary to upgrade or patch for a security fix and then it's > usually on a new version that hasn't been up long and properly wrung out > by users (one of the reasons I always wait for a stable version of any > software if possible). >
Point blank, I look at my web logs today and see the tell-tale signs of Code Red and Nimda. Should I still be seeing this? Absolutely not. This isn't because IIS is unpatchable. The patches do exist. However, there are too many "out of the box" implementations of IIS out there. Anyone who takes the time to go grab the security checklist from Microsoft's site and secures the IIS server is in pretty good shape. We did, and some of the things recommended for removal were filters for *.idq and *.ida. That's how Code Red got in. Even if you DIDN'T pay attention to the security checklist, eEye Digital Security discovered the compromise that got exploited and Microsoft patched it before Code Red hit. It was published on NTBugTraq and on the Microsoft Security site. This points to a "people" issue. > I don't know all of the ways Apache can be configured for login. I know > they can use crypt or MD5 and flat files or DBs etc. People are always working > to improve Apache which only recently was ported to Win32 - so if there is a > need, someone will do it. > > This is the main reason that open-source is better than Windoze. The apps > are written based on what the users want to see - not on what some Redmond > junior programmers think is good for us. If enough people ask for a feature > it gets added while still maintaining the base integrity in most cases. > If enough people ask for it, Redmond does listen, too. Having participated in several Beta programs I saw Microsoft very responsive to some of the comments we as a beta community made. An example where Microsoft has lines of communication in is [EMAIL PROTECTED] Have a comment on how to make SQL Server better or ask for something to be included? That's the email to use. Use the right channels and have your opinions heard. Also, Microsoft assigns people to monitor the microsoft.public.* Usenet forums. Their MVPs are common "citizens" who don't work for Microsoft who contribute to those looking for help in these forums. If your company has some sort of agreement with Microsoft, chances are you have a Technical Accounts Manager (TAM). The TAM is there to listen to you and try and provide for your needs. > I don't think that you'll find that to be a global reality. The problems > I've seen are with things external to Perl but not the server itself which > is well documented. On UNIX the shells and pipes and utilities are all > pretty much commandline filters and Windoze is all GUI stuff making it > harder to interface with apps - hence the need for the Win32 modules to > interface with the Windoze apps. Core Perl can handle most things and > when it can't you have to be careful to write a portable solution if possible. > I do very little system administration for my Windows platforms via a GUI. Most all of what I use is command-line. And I've got a rather large and diverse server farm to deal with. GUI simply isn't even a consideration. Too often I've heard there aren't command-line options, even from MCSEs. They are there if you take the time to look. Need to map a drive or administer users or groups? Try the net command. That's just one example. Take a look at the Resource Kit utilities if the ones that ship standard with the OS aren't enough. Want more command-line tools? Try http://www.sysinternals.com/ and feast. This wasn't intended to slam *nix or Apache but to set the record straight on the Microsoft products. Use the right tool for the right reasons. Sometimes that's Apache and HP-UX, other times it's a Windows 2000 Advanced Server cluster with network load balancing. Part of the equation for what's the right tool does involve the people who will use it and support it. Brian K. Brian Kelley http://www.truthsolutions.com/ Author: Start to Finish Guide to SQL Server Performance Monitoring http://www.netimpress.com/ _______________________________________________ Perl-Win32-Users mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
