Gartner Group Suggests Dumping IIS For Now

← Back to Stories (view on slashdot.org)

Gartner Group Suggests Dumping IIS For Now

Posted by ryuzaki0 on Monday September 24, 2001 @07:19AM from the dump-dump-dump dept.

sachmet is one of the many readers who contributed news that "Gartner Group is now recommending that IIS be replaced in corporate environments. This is based on the fact that TCO for IIS is rising due to the almost-weekly patches sent out by MS, and even then, it's nearly impossible to get patched quickly enough. Best part: 'Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS,' which they say has an 80% chance of happening by the end of next year." Gartner hasn't always said favorable things about Linux systems in the workplace, but the businesses that rely on this type of analysis to justify purchasing decisions may find this one interesting. Update: 09/24 22:04 GMT by T :As several people have pointed out, the 80% figure appears to be Gartner's odds that IIS won't be rewritten that soon, rather than the other way around (.673334 probability).

2 of 502 comments (clear)

Min score:

Reason:

Sort:

Only had to be a matter a time (and my 0.02$) by davidfsmith · 2001-09-24 07:25 · Score: 3, Flamebait

To be honest i'm surprised it took this long for a report like this to appear, I maintain a small network in a small company, we have mainly win machines except for one server and my laptop... the overhead on keeping the win machines patched (5 on the network) is crazy, I spend too much of my valuable time hunting down patches for machines.... luckily at the moment IIS is shutdown as all of the dev work is being completed on linux. however I have to keep the patches up to date otherwise I'll be spending a week or 2 updating the server in a month or so time.

Will MS really write a new IIS from scratch I doubt it, and if they did would it really improve on where things are now.... it would take n months to write, beta and then lauch IIS+ 1.0 then people would want to know it was ok, some would try it, but most people would want to see IIS+ 2.0 before moving their web applications to it..... timescale ? how long is a piece of string.... and would it be any better, would MS allow external code reviews (or opensource) to ensure that IIS+ was better / secure. I doubt it....

Regards
Dave
----
"Iceberg dead ahead..... oh sorry, only joking !"

--
A monkey in every office....
Re:Security by Anonymous Coward · 2001-09-24 08:39 · Score: 0, Flamebait

(who DIDN'T get hit by Nimda?) // I didn't.

I'm sorry, but I have to argue this point. Everyone on the 'net got hit by Nimda. Maybe you wern't directly compromised, but you certainly were affected to some degree by the insane amount of network traffic generated by this thing (ARP awaaayyy!!).

My swerver is FBSD/Apache, yet I was still affected by Code Red. How? Verizon decided the proper response was to ingress filter port 80 traffic for all residential DSL customers (something they'd never done in almost three years of service). All because either a bunch of nimrods couldn't be bothered to secure their machines, or because other nimrods can't be bothered to do any kind of bounds checking. I don't really care which it was, I'm just pissed because I'm an innocent victim here.

Bleah.