Slashdot Mirror

According to the January 2007 Netcraft Web Server Survey, about 60% of all of the servers on the web run Linux/Apache and about 30% run Microsoft/IIS. In light of this, the Republican share of 69% Microsoft/IIS does seem to be an anomaly.

Linux Apache/2.0.46 (Unix) PHP/4.3.3

lol

yea whats up with apache being such a ram memory hug? i recommend the author switches to lighttpd or nginx

"I own a business that's all MS right now..."

Really? Then please explain this: http://uptime.netcraft.com/up/graph?display=uptime &site=phydeauxpets.com&find_site=GO.

If your business is "all MS", then why are you using CentOS for your web site? I guess ISS couldn't do the job for you...

What a troll...

In case some people want to see for themselves the Netcraft stats can be found here and to verify who owns a domain and what the authoritative nameservers are one should use whois.
Is this stuff that matters? Perhaps not for everybody, but some people may be interested. The P2Plawsuits site to settle your case online instead of risking court was moved fast, but I wonder how many people would be willing to enter their credit card info on a site with an invalid SSL cert.

Well for Solaris, how about this year... http://toolbar.netcraft.com/site_report?url=http:/ /searchcgi.apple.com

I know someone who works at apple. They do use Windows server with .NET apps for portions of their intranet. I've also heard they use it for some applications used by Apple Store operations. (physical stores) Besides, if nothing else, I'm sure apple has a few PCs around for development and testing of iTunes, Safari, and Quicktime.

Microsoft's biggest problem will come when someone at Merck or some other large company begins to realize that they could save the company money going to open office or open source in general. Like you said all Merck's other customers will have to move to the new software, which conveniently they could download for free. However, there seems to be a very big "no one ever gets fired for buying MS" syndrome that has permeated through a lot of IT depts. At least in the non-technical industries because in the high tech industries open source is winning

What will of coarse happen is that companies, governments, other large buyers will at least start looking at open source software so that they can use it as a bargaining chip, to get MS to cut their prices. Eventually the idea of open source software will get out there enough by just being used as a bargaining chip that someone will start using it quite successfully. Oh wait someone already has. I'm not saying that MS's days are numbered, just you can expect them to lose market share and revenue quite a bit in the future.

Microsoft's biggest problem will come when someone at Merck or some other large company begins to realize that they could save the company money going to open office or open source in general. Like you said all Merck's other customers will have to move to the new software, which conveniently they could download for free. However, there seems to be a very big "no one ever gets fired for buying MS" syndrome that has permeated through a lot of IT depts. At least in the non-technical industries because in the high tech industries open source is winning

What will of coarse happen is that companies, governments, other large buyers will at least start looking at open source software so that they can use it as a bargaining chip, to get MS to cut their prices. Eventually the idea of open source software will get out there enough by just being used as a bargaining chip that someone will start using it quite successfully. Oh wait someone already has. I'm not saying that MS's days are numbered, just you can expect them to lose market share and revenue quite a bit in the future.

Microsoft's biggest problem will come when someone at Merck or some other large company begins to realize that they could save the company money going to open office or open source in general. Like you said all Merck's other customers will have to move to the new software, which conveniently they could download for free. However, there seems to be a very big "no one ever gets fired for buying MS" syndrome that has permeated through a lot of IT depts. At least in the non-technical industries because in the high tech industries open source is winning

What will of coarse happen is that companies, governments, other large buyers will at least start looking at open source software so that they can use it as a bargaining chip, to get MS to cut their prices. Eventually the idea of open source software will get out there enough by just being used as a bargaining chip that someone will start using it quite successfully. Oh wait someone already has. I'm not saying that MS's days are numbered, just you can expect them to lose market share and revenue quite a bit in the future.

The Internet needs saved? I didn't think it was dying. At least, it hasn't been confirmed.

Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.

This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.

Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.

The vast majority of systems with a general purpose CPU are embedded systems. And the vast majority of those use a static linked binary. Which means if they use GPL software they'd have open source all the software in the box. Given that most people don't build systems from scratch - they buy in a closed source OS or other components from a third party, they can't do that.

Mind you, I think most software for this sort of system is either developed in house or bought in from a third party who developed it in house.

And even in the desktop PC market place, GPL software is pretty rare, <1% of the boxes run Linux

http://www.thecounter.com/stats/2007/May/os.php

Apache is doing pretty well against IIS. Mind you even there, IIS is growing faster

http://news.netcraft.com/archives/2007/05/01/may_2 007_web_server_survey.html

Some of the Apache numbers are due to open source parking.

http://news.netcraft.com/archives/2007/04/04/open_ source_parking_spoofing_headers_to_benefit_apache. html

The vast majority of systems with a general purpose CPU are embedded systems. And the vast majority of those use a static linked binary. Which means if they use GPL software they'd have open source all the software in the box. Given that most people don't build systems from scratch - they buy in a closed source OS or other components from a third party, they can't do that.

Mind you, I think most software for this sort of system is either developed in house or bought in from a third party who developed it in house.

And even in the desktop PC market place, GPL software is pretty rare, <1% of the boxes run Linux

http://www.thecounter.com/stats/2007/May/os.php

Apache is doing pretty well against IIS. Mind you even there, IIS is growing faster

http://news.netcraft.com/archives/2007/05/01/may_2 007_web_server_survey.html

Some of the Apache numbers are due to open source parking.

http://news.netcraft.com/archives/2007/04/04/open_ source_parking_spoofing_headers_to_benefit_apache. html

The article missed an important anti-phishing Firefox extension: The Netcraft toolbar which is free and has been a top performer in third-party comparisons of toolbar effectiveness.

The article missed an important anti-phishing Firefox extension: The Netcraft toolbar which is free and has been a top performer in third-party comparisons of toolbar effectiveness.

But to say that using a computer from 1986 is better than using what he have today merely because you wouldn't need AV or Firewalls is not accurate.

Agreed. Did I ever say that? Can you quote me where?

I'm just pointing out that I don't think firewalls/AV are things you should count when talking about how much more you can do with a modern computer.

And you're telling me that there's no such thing as an entry level Linux user who needs firewall/AV?

Well, no. There are a few entry-level Linux users who would be greatly appreciative if I just put an antivirus logo in the system tray, because unless I do that, they'll somehow delude themselves into thinking Linux is less secure.

Maybe because it's pretty hard to be an entry-level Linux user, period?

Another debate for another time, but my mother seems pretty comfortable whenever I put her on Linux. In fact, the most common problems I ever see anyone having with Linux these days are missing software. Most of the other complaints (having to edit config files, everything being complicated/weird/different for no reason, installation being hard/risky) are pretty much gone these days. (Even if installation IS hard, you can always buy Ubuntu on a Dell.)

What if something goes wrong with your Linux install? I'm sure an entry level user could fix it!

I'm sure that has something to do with our discussion about firewalls and AV, I just don't see it.

If something goes wrong with ANY install, entry-level users cannot fix it. It has nothing whatsoever to do with Linux.

How about if a huge corporation runs completely on Linux. No need for firewalls? No need for AV?

Yes, and yes. Although I would say that in such a corporation, you probably want the big corporate firewall sitting on the gateway, but that's as much to keep users in as to keep "hackers" out. For example, you don't want anyone at your company to start spewing random spam out to the Internet (intentionally or not), so blocking port 25 outbound seems fair.

But I'd argue that even the big-corporate-gateway-firewall is more often than not entirely about making the Windows boxes behind the firewall secure, and/or a need for NAT. The only other thing I can possibly see it preventing is, say, a ping flood, but all that does is make it lag your Internet connection instead of your internal network.

But AV? You're either clueless or joking.

Don't you think if *nix was as popular as Win32/64 there would be a lot more incentive to try to create malware and try to hack into the servers?

For the four billionth time, *nix is pretty fucking popular on servers. According to netcraft, Apache is still roughly twice as popular as IIS (guessing from the graft). I can't find the ratio of Windows to Linux servers, but I seem to remember it was something like less than 50% Windows, and roughly 30% Linux.

Don't you think, if it was so easy to hack, that someone would've already done so? Written a virus, built a botnet, but instead of using tons of home users overloaded with spyware, and with barely any bandwidth or performance... Don't you think they'd go after a dual-core or quad-core server with at least 10-100mbits of connectivity?

In other words, don't you think something like Slammer would've happened to Linux already, if it was just a popularity contest?

Linux is not more secure merely because it's obscure -- that's Microsoft's game, remember? Linux is more secure because of better design and a better development process, at least with regards to security.

Don't you think, just maybe, that there would be vulnerabilities found and exploited?

They're found, frequently. They're just found and patched ver

I'm glad this finally made it to Slashdot. It's a bit of older news to those of us who work in the web hosting industry and have already been subjected to these types of attacks. The scale that the abuse of these networks causes the DDOS attacks to be is on a much larger scale than DDOS style attacks have been in the past (for the most part).

Thankfully some Peer to Peer network protocols aren't badly implemented (and the client software isn't as bad as others). Netcraft has a decent article about this with examples of the P2P networks that have been shown as exploitable.

http://news.netcraft.com/archives/2007/05/23/p2p_n etworks_hijacked_for_ddos_attacks.html

I can confidently say that these attacks can easily span the 800,000 pkt/sec (per link) and include millions of source addresses for a "cheap cost" compared to the botnets that previously have been almost exclusive to the attacks. Thankfully most P2P clients aren't hijackable in a way to simply pulse connections (all at once) or the more traditional SynFlooding. Connection (fully negotiated) tends to be easier to diagnose than the strictly syn-flooding style attacks can be, on top of it they tend to be more directed (single destination vs. rotating with some kind of intelligence across an entire netblock).

It's been around for years - Netcraft says since 2004:

http://toolbar.netcraft.com/site_report?url=http:/ /linux.dell.com

That's a pretty big "if". The truth is that Linux is safer, because it's simply harder to break into. A default Ubuntu install doesn't expose any open ports. Windows is designed to expose hundreds of ports, none of which can safely be closed because that would break random bits of software that Windows depends on. Linux ought to be extremely easy to write exploits for; after all, the code is right there in the open. If it was that easy then most of the servers on the Internet would have been broken into by now, where the vast majority are Linux and Windows is a dwindling minority.

How am I able to read this article? It is running LAMP.

Netcraft on bangkokpost.com

Even more strange, over 56% of the web must not exist either?

How am I able to read this article? It is running LAMP.

Netcraft on bangkokpost.com

Even more strange, over 56% of the web must not exist either?

The site this article is on is PHP, and last I checked PHP was still free. Someone should alert him that the free software running the site came back to life!

oh and the site is also running off of linux:
http://toolbar.netcraft.com/site_report?url=http:/ /www.bangkokpost.com

As per usual they claim that Linux isn't a serious product while USING IT TO RUN THEIR WEB SITE. Netcraft confirms, news.news.com runs Linux Apache/2.0.

http://toolbar.netcraft.com/site_report?url=http:/ /news.com.com

Linux has a reasonably big marketshare in the server market share [Netcraft Survey]. However it is still waiting for the day when it will be accepted in the Home PC market as a strong competitor for the Windows family of OSes. I am a strong fan of Linux and I have been trying to promote Linux in my market but people still refuse to accept it open heartedly. In spite of detailed explanations and demos people are hesitant. I even offer free linux installation assistance for people who already own computers. People still look at Linux with scepticism. I think it would have been much better if more effort is put into making linux acceptable for a wider audience. Though I personally disagree I have to agree with what the market is saying - that Linux is still an operating system for the geeks.

I like what ubuntu is doing - ie making the whole Linux experience easier and better for a common man. In a country like India where I live we are talking about 800 million people whom we can identify with the common man. 2/3 of the world ie 4 billion could be classified with these. We need Linux to target this market. We need Linux to focus on making the Linux experience much more comfortable for these people. We need more effort to be put into creating Linux drivers for the hardware that are not yet Linux compatible. We need easier installations for a larger number of applications.

I am not too excited about the proposition other than as an useful feature for a small percentage of the whole world.

'If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux'

Ok, given the number of web servers out there as reported by Netcraft, why aren't there 56% Linux breeches as against 31% MS.

Why do you not report uptimes for Linux 2.6 or FreeBSD 6 ?

We only report uptimes for systems where the operating system's timer runs at 100Hz or less. Because the TCP code only uses the low 32 bits of the timer, if the timer runs at say 1000Hz, the value wraps around every 49.7 days (whereas at 100Hz it wraps after 497 days). As there are large numbers of systems which have a higher uptime than this, it is not possible to report accurate uptimes for these systems.

Someone figured this out a couple months ago, because it happened again in the Ohio state elections. http://toolbar.netcraft.com/site_report?url=http:/ /election.sos.state.oh.us

Who are you talking about? Last time I checked their official news agency used Windows Server 2003

Yeah, but MySpace uses IIS!!

...the fact that they're running Apache on a Unix platform.

http://uptime.netcraft.com/up/graph/?host=www.turb otax.com

May it be related to moving from Solaris to Linux last summer?

[/me hides]

"What needs to happen is a profound change in protocols and in implementation," ISA Chairman Bill Hancock said in that 2004 interview. "Getting people to talk about it isn't hard. I've talked to the geeks, I've talked to the executives, I've talked to everyone. It's a total issue of money. The realistic approach is to look at the economic impetus. ... We need some strong, highly-secure protocols, and they've got to be able to last a long time. The problem is that we have 655 million or so users of the Internet right now. Deploying security enhancements to that many users at once is a non-trivial matter. The problem is complex, big and will take a while to solve"

Not blatant. They at least had the common sense to use Linux / Apache . The blatant astroturfing sites would have been registered to sballmer@notmicrosoft.com running IIS / Windows NT.

Actually, Slashdot is hosted on a Linux server, so yes, it is Linux compatible. But of course so is the majority of the Internet... http://news.netcraft.com/

The other option is that their websites mainly attract Windows users. It could be something to do with them being served off IIS, using activeX so they only work with the latest IE on Windows and blinking signs that say, "This Web Site is Optimized for Vista." I know it's hard to find sites so poorly run even in the wintel press, but anything can happen when you "get the facts".

Oh is that so. What is the most used web server? http://news.netcraft.com/archives/web_server_surve y.html

What is the most used Email server? http://www.credentia.cc/research/surveys/smtp/2003 04/

It sure is not M$ stuff. I bet Major companies, Goverments, and home users use them. They get patched next day when the exploit is discovered. Not when the public finds out about it.

Hmmm

John Marriott, 506 E Sherman St, St. Joseph, 61873, United States

IT washout and Bartender.

OS, Web Server and Hosting History

You mean like google, amazon, etrade, or paypal http://www.netcraft.com/? Nah, I guess hackers would never consider those valuable targets.

The crackers and virus writers will slowly find it more difficult to target windows and will slide over to Apple and Linux. If that does not happen, then it would indicate that Windows is NOT more secure.

Spammers go on any system that they can. In addition, crackers are looking for info would persue servers such as Mainframes and *nix if they could. But as it is, they have focused on Windows because it has been SO damn easy, not because there were more of them. After all, where would you look for money: john doe's PC, or the systems at amazon, Wells Fargo, walmart (note the FAQ on this for those of you not in the know), and sams club? If yu can not get to where the big money is, then you go for the easy money.

The crackers and virus writers will slowly find it more difficult to target windows and will slide over to Apple and Linux. If that does not happen, then it would indicate that Windows is NOT more secure.

Spammers go on any system that they can. In addition, crackers are looking for info would persue servers such as Mainframes and *nix if they could. But as it is, they have focused on Windows because it has been SO damn easy, not because there were more of them. After all, where would you look for money: john doe's PC, or the systems at amazon, Wells Fargo, walmart (note the FAQ on this for those of you not in the know), and sams club? If yu can not get to where the big money is, then you go for the easy money.

The crackers and virus writers will slowly find it more difficult to target windows and will slide over to Apple and Linux. If that does not happen, then it would indicate that Windows is NOT more secure.

Spammers go on any system that they can. In addition, crackers are looking for info would persue servers such as Mainframes and *nix if they could. But as it is, they have focused on Windows because it has been SO damn easy, not because there were more of them. After all, where would you look for money: john doe's PC, or the systems at amazon, Wells Fargo, walmart (note the FAQ on this for those of you not in the know), and sams club? If yu can not get to where the big money is, then you go for the easy money.

The crackers and virus writers will slowly find it more difficult to target windows and will slide over to Apple and Linux. If that does not happen, then it would indicate that Windows is NOT more secure.

Spammers go on any system that they can. In addition, crackers are looking for info would persue servers such as Mainframes and *nix if they could. But as it is, they have focused on Windows because it has been SO damn easy, not because there were more of them. After all, where would you look for money: john doe's PC, or the systems at amazon, Wells Fargo, walmart (note the FAQ on this for those of you not in the know), and sams club? If yu can not get to where the big money is, then you go for the easy money.

Netcraft disagree with you.

I disagree with this. I'm guessing that most Linux installs are actually Internet servers.

Of course, Netcraft only tracks web server software, so it's hard to tell what percent of Apache installs are Linux, how much are BSDs, how much are other UNIXes, and how much are Windows. (tip: LAMP's popularity means that Linux most likely has the Lion's share)

They're running Linux. Netcraft confirms it: http://uptime.netcraft.com/up/graph/?host=labs.ado be.com

Clearly the best tool for the job.

Now, when will the PHB's at Adobe get the message that the only best tools run on Linux natively?

This shouldn't be much of a challenge. According to Netcraft, MySpace uses IIS 6 on Windows Server 2003. While the security of Windows systems has increased dramatically since the days of Windows 95/98/ME, it's still widely known to be an extremely insecure platform, especially when compared to most commercial UNIX systems, most Linux distributions, and the *BSDs.

Where I work, we're considering what system we'll use when deploying some new web applications. We recently audited several ASP-based web applications, and found them to be quite terrible. I don't know if it's a problem with the developers of these products, but those that we tried were full of obvious security holes. Our past development was using WebObjects, and we saw nowhere near the number of obvious flaws that we saw with the ASP-based solutions, even when we had interns developing code.

My personal experience with ASP is fairly limited, but I suspect it may just be the technology itself that hinders secure development. It's much the same case for PHP. With such technologies, there are too many little details and flaws that even an expert programmer can become overwhelmed by. At least we decided to go with a Java-based solution running on Solaris. It's probably not perfect, but I'd wager that it's far more secure than most ASP- or PHP-based web apps.

Clearly - according to your logic it must be Apache since it is so prevalent! You can read the gory details at:

http://news.netcraft.com/archives/web_server_surve y.html/

Like linux servers, then? No, wait - that just ruined your insinuation that the reason linux is secure is obscurity.

Anyways, with ISPs I would say the demographies are pretty equal (though I have no facts to back that up) - which means the amount of trojans per ISP would rise as the number of users increases.

Perhaps Dell should have installed Linux on their own servers.

Netcraft may or may not confirm it, since it rarely can tell Linux versions or distros apart anyway.