Slashdot Mirror
Netcraft Survey Updated
The latest survey is out and ready for reading from Netcraft. There's some interesting commentary in regards to Code Red, and its effects on web usage. One of the things that I found most interesting was the data showing that while the number of sites hosted by Apache continues to grow, the number of physical webservers running some variety of Windows is about half of the total. Worth checking out.
It will be very interesting to see the subsequent reports and see what effect if any the Gartner Group's report has on the number of IIS servers.
Well Netcrafts servers seem to handle the slashdot efect pretty well.
Wonder how long they'd have stayed up if they used IIS.
P.S Is it one of those urban myths or does IIS really stand for Internet Infection System ?
At least 150,000 active sites spread over 80,000 ip addresses worldwide running Microsoft-IIS have been taken down since the Code Red II worm was released. Superficially, it might be inferred that site managers had already pre-empted the advice published by Gartner to the effect that running Microsoft-IIS on the internet is more trouble than it's worth, and opens up a window of opportunity for attackers to cause disruption, data loss, and worse.
However, the implications for Microsoft are better than one might initially expect. Of the 80,000 ip addresses no longer running Microsoft-IIS, only around 2,000 are now running a competing web server. Notwithstanding the fact that when a web server is replaced, the replacement will not necessarily be on the same ip address, it does seem that in most cases sites have been taken down, or port filtered as part of a general tightening of security in the wake of Code Red, rather than the Windows disks being formatted and replaced with Linux/Apache.
The weird thing is they're reporting a decline in the number of infected servers ... I don't know about you, but I've found there's actually an *increase* in the number of infected servers that try to get at my computer during the past week or so.
... what's up with that?
BTW, did you notice the rather large proportion of Linux pc's (not servers) hooked up to the web? Sure, it's not as much as Windows, but still quite a lot
News and bla for computer musicians: http://lomechanik.net/
Lets hope that this is an indicator that Code Red isn't going to happen again.
Or maybe not, holes are bound to be found in Apache, and the same Admins who didn't install the IIS fix and have since moved to Linux will probably fail to install the update for Apache.
Lets hope that apt-get becomes standard on more distros.
Forgot to add that that's from the survey page...Wouldn't want to plagurize
MOST webservers are on i86.
Wich also brings an interesting point...
What if next time the virus is a nifty I86 Assembly worm ?
Wouldn't it be event more deadly than a simple IIS targeted one ?
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Maybe I have been taking too much acid in the last couple of days (Wow, look! A rainbow Tux!), but I think this is part of Microsoft's plan.
If it takes 2 MS machines to replace every Apache machine MS will be sitting pretty. All they need is a few pointy haired bosses who are naive enough to spend more money for more machines. Then they can say they have the most marketshare. Combined with some FUD this makes a great way gain new clients. Eventually Apache will dwindle, and the corporate world will shun you unless you use MS.
Everytime you look at porn a devil gets their horns.
As the article itself said, even when many IIS sites have gone down, since Gartner's report. It is hard to tell wether they just chaged ip, as the systems were reinstalled etc.
On the other hand, I would see it positive, if it would change some IIS servers to linux. For the growth of linux on the pie has been taken from the other *nixes.
Are there any good ways do advocate such behaviour?
In dream society, people could be given the ability to mod replies. In real life, it would be disaster.
would be that your can make more efficient use of hardware with Apache, yes?
I'm surprised that they don't infer that a large number of those sites were alerted to the fact that they were running IIS when they were hit by code-red. They shut it down because they didn't need it, not because they replaced it!
Amazing how many of the code red servers were displaying the sample page.
Our experience with our access provider is interesting in relation to the Code Red effects described in this report.
We live in a block of office units with shared network access. Our landlord is about as non tech as they come, the whole company, and outsource the LAN provision.
The phones and LAN went down twice due to Nimda, although our machines were unaffected - being patched!
The operator has given our landlord the following advice "Cut them off unless they have Norton". So we get a visit from a suit asking if we have Norton on our computers. We don't we have McAfee. His response?
"Get Norton by Friday or your being disconnected"
People just don't understand this stuff. We have fully patched machines, which run good virus software, but our PHB landlord denies us access to the network that WE PAY FOR beause we chose a different software solution.
- I am the unqualified systems admin for our company, and I've been asked to set us up a crappy website. I only use windows, so I use IIS
- I am the systems admin for a hosting company, with several dozen servers, each with many virtual hosts for my clients. Naturally I use Apache on L/Unix, as it's secure and reliable, and I know how to use a CLI.
Naturally Apache is going to have a greater number of sites per machine, whereas IIS is going to have a large number of physical machines hosting a single crappy home-made site.Comment removed based on user account deletion
This DOES NOT account for the number of Web servers running a particular package to do something, it accounts for the number of servers _installed_ whether intentionally or not.
Further, it doesn't account for website overloading whereby a number of sites reside on the same IP address. Does Geocities count as one site, as it [may] only be registered to one IP?
Hmmm, could be a bunch of folks realized that IIS server on their SQL server was unnecessary. Again, they may have 'disappeared', but it doesn't mean they were used in the first place.
I mention the above as it's how were functioning in OUR case. (3 or 4 machines that never used IIS have it turned off now, and we've got several large sites all sharing the same IP and servers)
"Draco dormiens nunquam titillandus."
What's with that? The end of month figures for vulnerable IIS systems show an increase in cross site scripting, accessible admin pages and viewable script source. Any guesses?
Is it just that they're more visible? Or is it a whole bunch of sysadmins formatting, re-installing, then selectively patching for the last three exploits that they can remember? Wierd.
If you were blocking sigs, you wouldn't have to read this.
Usually it is quite simple to migrate between Unices and Linux, but its quite a challenge to switch from a Microsoft platform to some *nix/Apache platform, if the server serves more than simple static pages.
I believe, the process to migrate from WinXXXX/IIS to *nix/Apache will take a few months, not weeks, for management decision (big corporations are not able to produce decisions in a few hours, but will take weeks - till the next "meeting" or so), reprogramming, data-migration, testing etc.
That's the reason, why Netcraft itself stated:
So give us time, and lets analyse the stats again in a few months.ms ms
Easy: IIS can't do as much work per server.
And yes, IIS really does mean Internet Infection Service (QED), and Microsoft also got the two syllables of their mailer backwards, and left some of the extra Es out of their web browser's name.
But there is an answer:
Got time? Spend some of it coding or testing
This survey is evidence of what good a white-hat port scans could do. You could survery what servers are being used, you could find out how many machine are still using faulty software, and you could find out percentages of different OSes. Everyone runs around with their arms in the air yelling that people who port scan are bad. They aren't all bad. Your security should be good enough to handle it anyway. Who cares if they find what ports are open, if the ones that need to be closed, are closed or stealth, and if you have all your latest security packages you have no problems. Thanks,
David
yet another narrow minded person from america... sheez...
considering even the usa has at least 3 time zones (I'm sure Hawaii probably counts for a 4th) I'm nearly at the point to call you plain stupid.
No wonder your foreign policy is up the creek.
It seems Netcraft has a very hard job to do. Yes, I eagerly check them every month to see that my favourite web server (Apache ofcourse) is well on top. I'm also glad BSD isn't dying as some troll reported. 6% BSD on the web could mean many more times that in market share. 50% Windoze appears to count for only a tiny proportion of the computing power on the web. A good point was made that in this tabulation, a $1k "el cheapo" counts the same as a $1M top-of-the-line Sun!
For starters, maybe research should be done to determine which servers and platforms serve the most actual pages on the web. It is very reasonable to state the very same hardware will serve twice the volume with Apache Unix than IIS-win. The type of Unix may matter too. Large sites tend to use Linux, very large sites tend to use BSD. Moderate sites use Solaris (and only the smallest use IIS) in general. If security is of any concern, Windoze is a joke. Apache makes a Windoze version, but warns it should never be used in a production setting - just for a quick prototype. (to show management)
More interesting is which system serves the most data overall? The people that work on the 'big iron' say it is Linux by far, then a toss-up between Solaris and BSD. With a paltry 5%, comes the combined power of all Microsoft PC's.
The point is clear and we have all heard it: "You can prove or dis-prove anything by how you manipulate statistics". So M$ is the best from their prospective, and so is Linux from theirs and the same for Sun, BSD and all the others. BSD does make a good point that they can serve 100x the data for the same cost as Microsoft, and that assumes you *pirated the Microsoft software* and does not include 'down time' so many Microsoft users can relate to, nevermind all the email worms and Trojans either!
HeHe. Hit the nail right on the head.
Note to USA: there are other lands, out over the sea...
I'm not too sure about this whole NetCraft thing, but if it has Neve Campbell and Robin Tunney, you can count me in.
Cut him a little slack. I don't know the numbers but I'm willing to assume that most of slashdot's users are american, and though there are 4 timezones (in the 48 states), they are earlier, so his point about people being asleep is valid.
Yes Hawaii and Alaska have their own timezones. Actually I think Alaska has 4 natural timezones, but they only use 2.
means that a LOT of garbage (parked sites, unused sites, etc) is being picked up. Having a dead site disappear doesn't mean an awful lot.
Statistics are useful, but one must take care to understand exactly what they are saying, and to also understand the impact of data collection mechanisms in place.
Does Intel's 90% dominance disturb anyone else? It's a good thing that there is competition within that 90%. Oh well, this user will probably continue to buy cheap AMD mobos.
Friends don't help friends install M$ junk.
Unfortunately the number of Windows boxen out there is probably higher than the survey would indicate.
Remember that Netcraft's OS detection only detects the OS of the machine that is directly connected to the Internet. See their own faq
at http://uptime.netcraft.com/up/accuracy.html
If you put your company's NT server behind a Unix-based firewall or proxy, it will be detected by Netcraft as Unix. This is probably a pretty common setup at many companies hosting their own web sites.
where there's fish, there's cats
Annecdotally, I can say that about a dozen machine linux servers I know are each running 3 or more separate hosts.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
This kind of implies to me that at least 78,000 of the machines Netcraft have been counting as IIS Web servers were in fact just machines on which IIS had been loaded by default, and were never serving any real content anyway. If that's true of 78,000, how many more is it true of? In other words, are Netcraft systematically overcounting IIS by counting all machines with IIS running whether they are in fact serving any real content or not? Likewise, how many of the 'Apache' servers counted are in fact just 'out of the box' Linux installs with no real content?
I'm old enough to remember when discussions on Slashdot were well informed.
Not used ? not quite, we had to shut down our corporate web site, not because it was not used, but because it was damaged soo badly that out ISP will not keep us online.
We did not switch to Apache or anything else, though, just clean it up patch and back to operation.
If they have that much NT in their makeup, unless they're using hardware firewalling (Such as a Cisco box) they're going to be using Checkpoint or Guardian on an NT box. That way they don't need that extra Unix expertise.
If you think I'm kidding or trolling, I'm not- they actually THINK that way in business. And there's little wrong with it, in and of itself. It's just the choice of OS they settled on that's the problem.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
You have to get in there first.
And if you do, even MS use the x86 protection mechanism and run most code in ring 3. Since the account Apache runs in would not have the priviledge to install & run arbitrary ring 0 code (as would be the case with IIS [running as Local System] installing device drivers) there are limits on what can be done.
Maybe there's an argument for an OS which has two modes which are mutually exclusive. You can use the machine (run applications etc.) or you can administer the machine (install drivers etc.). You cannot do both from the same account. Many Windows users run their day to day work under accounts with admin priviledges - or worse still, domain admin privildges. Why? Do people really need to switch from document writing to driver installation so quickly that they need be done without an additional login? Does anyone really need god-like priviledges from a regular account?
Of course, I may be talking rubbish.
This sig made only from recycled ASCII
Where I work, we have an IIS machine with 64 IPs. Does that count as 64 unique IIS machines in NetCraft's survey?
i was under the impression apache can be run
:)
:)
under microsoft windows...
the survey site seems to assume that anything
windows must not be anything but an MS webserver.
i'll just sit back and assume the microsoft
server numbers
are even lower than presented
woohoo!
Intel had no comment at press time.
Does OS X fall into the Other non-Unix label or Other Unix label? Looking at the pie chart, I see that Mac OS is handled under the Other non-Unix label. I really don't think you should use Mac OS 9.x or earlier as a web server. With OS X, it might a little bit more sense to use as a web server. What do people think?
Brought to you by Team SPAM! where we believe: "Information in the noise!"
tools like nmap can fingerprint a system's OS by the behavior of its tcp/ip stack. From there+the server software, the architecture is easier to find out, if the server does not directly provide the information.
Searching for Truth, Justice, and the Guy Who Boosted My Wallet a Few Weeks Back....
Netcraft isn't stupid.... see netcraft mechanics and how many active sites are there?.
...that the vast majority of those IIS machines now taken off the web are just offline so they can be de-wormed, patched, and generally brought back into working order - I know, I've watched this happen (nasty Nimda infestation). People are acting like the only reason NT servers ever go down are Apache installs or permanent removals!
Most of the vulnerable machines belong to "sysadmins" (quoted as to not offend the real ones) who don't ever patch their boxes, unless they see an article on the front page of the NY Times and get more than 10 irate phone calls a day.
While they did surf by windowsupdate in the aftermath of the Code Red craze, they probably have now gone back to their old habits, and leave both new installed systems as well as reformatted ones in their unpatched state. Since Windows has to be re-installed about every 6 months, the number of vulnerable machines will quite probably be back to the old numbers by february 2002...
I would suggest taking the OS reports as only a rough estimate. Their OS detection needs a lot of work. My OS/2 server has been seen as Tru64/Digital UNIX since I upgraded the stack two years ago, and they're still "working on it". The stack is an IBM port from code that is similar to, but not derived from, BSD 4.4, so I don't know why they keep making that mistake.
Gamingmuseum.com: Give your 3D accelerator a rest.
Could this be accounted for by 'NEW' ISS machines, remember the number is a percentage of the total number of ISS servers that month, so if more unpatch ISS server are added than patch ISS servers in the following month, then the percentage of unpatch server will increase.
The military has already shutdown a large number of their websites. Generally, each unit has their own website/server. Sometimes sections within each unit will also have their own website/server depending on how important they view themselves as being. The information those sites provide is usually basic, very rarely has dynamic content, and can very easily be obtained by other means.
Those who have had sites that were shutdown now have to get approval (from several echelons up) before that can put their sites back up. I'm not going to say what the new web servers will be running, but it WILL NOT be Miscrosoft's IIS. The websites that are still running IIS are actively scanned for vulnerabilities (by someone other then several thousand script kiddies).
I will not be surprised if ALL of the webservers run by the military will be moved over to something else.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
My university switched from Sendmail to Exchange last year. In the process, we went from 1 Solaris machine to 4 Dual-Pentium/II Windows boxes.
That's how you win market share...
I want to be a 3%er. Those whoz OS was
not identified. (You know like the 1%er
so-called motorcycle gang members)
It's always easy to interperet the results on /. - if "there's an article up and LINUX 0WN3Z J00!!!" then Linux increased in market share. If MS made an increase (albeit a small one) you just say "here's the article." That is, if the news is big enough and you just HAVE to report it.
HEHE! Very funny!
They say that this archetechture was determined by the default archetechture for the system. This basically means that the Intel segment is the sum of windows and Linux. This ignores the fact that Linux could be running on Sparc, PPC, Alpha....
The rise in vulnerbilities is interesting. Fair weather servers that were shut down "until the threat passes"? Interesting security methedology....
Also of note is that the report only seems to address servers with domain names. There are a bazillion Linux and IIS servers running off of home machines that aren't being counted.
My uneducated opinion tells me that the reason half of the physical servers are running IIS is because small companies get a NT or 2K server for their business, then realize "hey, it's got IIS, we can have a website..." they accept the default. Of course, their server that's got all of their corporate secrets is now open to the internet.
I'd be willing to guess (but not to wager) that a majority of sites running on IIS are on single-site servers.
Those in the know know that there are other webservers which are more stable than IIS for multi-site hosting. (OK, there are some that are less stable, believe it or not, but they are few and far between.) Having your webserver running on your corporate server is a Bad Thing (tm). Having Exchange on your corporate server and open to the internet is a Bad Thing (tm). Having postfix running on a firewall, forwarding to Exchange is a Better Thing.
P.S. -- the OS irrelevant here, well, except that IIS only runs on M$......
Give me my freedom, and I'll take care of my own security, thank you.
it ran on Linux? or FreeBSD?
Would it be any more secure?
IIS is NOT installed by default in W2K Pro.
Bleh!
Netcraft operating system detector
;)
Is that a euphemism for nmap ive never heard...?
From the arcticle:
Some cable & DSL ISPs have responded to attacks from Nimda and Code Red controlled machines by blocking those machines causing the problem. However some, including AT&T, responded by blocking port 80 on their entire userbase, eliminating cable-based Apache sites as well as infected Microsoft-IIS machines.
Bummer. At least Road Runner has blocked port 80 yet. But I suppose it's only a matter of time.
Software Wars
No I'm not sure how many IIS servers are running
.NYET!
their databases on the same machine or how accessable a database would be onced IIS was hacked and admin priv's were gained, but they, the press, never mention how vulnerable the customers data is on a Microsoft system. My CC has already been stolen and I'm darn sure it was because one site used IIS. Actually both mine and my wifes CC numbers were stolen and used for similar purposes.
Other similarities pointed to a ASP based server we used for a service we bought online.
The press is still leaving Microsoft alone as far as I'm concerned. They need to be called for what they are.
Bad for ebusiness, bad for corporate profits, and not to be trusted with customer data.
FEAR
IMHO.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
ccchhhhrrrisissstt you trolls are getting more stoopiidd by the day
So you think we should not get back to business, stay off work, and avoid any discussion of anything other than the WTC trajedy?
Three words, m8: "Life goes on"
If we just stop then they (the terrorists) win. Your knee-jerk reaction disgusts me.
Adrian Hill NRM-Internet
We have 6 time zones, and a couple of states
who dont follow daylight savings.
eastern (gmt -5)
central (gmt -6)
mountain (gmt -7)
pacific (gmt -8)
alaska (gmt -9)
hawaii/aleutian (gmt -10)
this isnt counting outlying
territories and other things.
I thought so, but some of the rises are (proportionately) sharp, and they're not universal. It doesn't quite match a flurry of new, nekkid machines. Still, with IIS, who knows? ;)
If you were blocking sigs, you wouldn't have to read this.
Large sites tend to use Linux, very large sites tend to use BSD. Moderate sites use Solaris (and only the smallest use IIS) in general.
Unfortunately, this isn't really correct. Linux and Windows both compete for the low end, small to medium sites use BSD (and even a few big ones), and large sites use a commercial Unix such as Solaris. The reason being of course, that even a small Solaris Sparc machine is going to hold up to large amounts of web traffic much better than an x86 which would just begin thrashing because it can't multitask fast enough.
Javascript + Nintendo DSi = DSiCade
There actually is a "good" reason that even people that know better often do this on NT(aka 2k). If you're sitting there word processing, logged in as a non-admin, and someone calls you and needs, let's say, a new account made for the new hire - you must close out of your program, log out of windows, log back in, then make the account. It's a pain. Whereas on a *nix box it's as it should be, you just open an xterm, su, and make the account. It's very handy to be able to change the user in a controlled way like that in an existing session, without affecting the other stuff you are doing.
Another reason that this is done a lot is that there are a lot of NT admins out there that just don't know what they are doing. You tell them you need two accounts and they think you're trying to scam them. These people are just jokes, but if they happen to be over you in the local hierarchy there isn't often a lot you can do about them. So you do it their way, and just hope you don't get hit when it hits the fan.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
"It is very reasonable to state the very same hardware will serve twice the volume with Apache Unix than IIS-win. "
No, that's not at all reasonable to assume that. In fact, IIS5 outperforms Apache by quite a bit.
You may be thinking of Tux, which has outperformed IIS in benchmarks, but isn't in high use.
As far as the $1k server versus $1M server. The Netcraft survey also doesn't account for machines behind a load balancer, which is the typical configuration of $1k servers running Linux/Apache or Windows/IIS.
A quick glance through Netcraft's Most requested sites over the last 30 days shows that part of Microsoft's Zone website stats.zone.com runs on Linux using Apache/1.3.9 (Unix) mod_fastcgi/2.2.2.
Love it!
This will be a news not likely to be seen on microsoft.com...
Check out what www.citeglobe.com's running!
I have been a MacOS user all the live long day, and I damn well know that I want to be able to install printer drivers without any of this logging in and out authentication nonsense. Of course, if I were running a server, I'd want more stringent security. However, viewed objectively it is nonsense to make a single-user, or even multi-user, system force me to log out just to install drivers. This is poor interface design and nothing else, if you aren't running a server. (hence OS X)
--hongpong.com
"The FBI also appear to have switched to Linux, but in fact it merely reflects their adoption of a caching solution from Akamai in the wake of the World Trade Center disaster."
:P
And I just did the same with the other offtopic moderation
"The type of Unix may matter too. Large sites tend to use Linux, very large sites tend to use BSD. Moderate sites use Solaris (and only the smallest use IIS) in general"
How about backing up that BS with some numbers. I guess all those Fortune 500 companys running Solaris with Netscape server for their financial and sales sites are just "small sites"? Bah.
Get over yourselves, BSD is a niche OS run on a few token large sites which date back to the early 90s. New deployments are running the likes of Apache, Netscape, Zeus and IIS on Windows, Linux, Solaris and in a few cases on AIX and IBM's big iron.
Go ahead, prove me wrong with facts from reputable sources...
--- polarbear
Comment removed based on user account deletion
However, viewed objectively it is nonsense to make a single-user, or even multi-user, system force me to log out just to install drivers. This is poor interface design and nothing else
/* -rf isn't just for Unix.)
WRONG
For home use, your assumption is (at best) debatable - separating regular use accounts from system admin accounts is a good way to prevent viruses and trojans, and to make sure that you can't screw up the machine accidentally (rm
For corporate use, it is a neccessity. Even though our salesmen are still stuck in windows land, I praised the day we switched them from Win98 to NT/2000 - yes, we get calls from them saying that "I can't install this program", but it's a small price to pay to prevent them from installing non-work related software, or trashing the machine.
Basically, by counting this this way, x86 looks more dominant than it is.
...however, so is multitasking. Try throwing 10,000 concurrent clients against a Sparc machine. It'll sweat a little, but its ultra-reliable hardware context switching will keep it in the race. The Intel machine however, is most likely to go tits up from CPU thrashing. The software context switching won't have a chance in hell of keeping up. You'll be lucky if you don't run into a synchronization problem and end up causing the processor to throw a fatal exception. This is one thing that not even FreeBSD can fix (although they do a DAMN good job of trying).
Javascript + Nintendo DSi = DSiCade
Just to clarify, Intel does have some hardware context switching. However, it is so poor that even their own documentation tells you not to use it. x86 was really not designed to be a server CPU.
Javascript + Nintendo DSi = DSiCade
The thing that interested me about this one was that the focus was clearly on Linux and Microsoft. The tone was that Linux was something that was just an ordinary part of life.
For example this quote: "One significant site to switch away from Microsoft recently is infoseek, though it is not known whether this is related to security concerns."
The article didn't say what operating system infoseek had switched to. But everyone reading the article would just assume (correctly) that they had switched to Linux. A year ago, a website this large switching to Linux would have been big news but now it's something that is just taken for granted.
As always however, it is frightening to see how many people use apache. Apache is a great web server but the worst security problem facing the internet today is not poor software but mono culture.
Please support alternative open source web servers.
Maybe a lot of Cable/xDSL users run their own private home page on their machines at home. Then MSWindows users can choose between 2 main web servers: personal webserver or one of it's successors (like the webserver from the so called NT4- Workstation Option Pack), which is in fact a derative of IIS, or the win32 port of Apache.
ArleoMaybe someone can add a couple of 'sleep(2)' calls to Apache in a few important places.
Then we can tell our boss we need another boxen to run Apache on.
The ex-IIS sites I've seen or created have all decided that since they're going to the trouble of dumping IIS, they may as well dump Windows too. Also, many of them dump IIS because they're dumping Windows, at least for that server. This is only my own experience, the global stats may side with your point.
Got time? Spend some of it coding or testing