Microsoft Attempts to Secure IIS

← Back to Stories (view on slashdot.org)

Microsoft Attempts to Secure IIS

Posted by ryuzaki0 on Wednesday October 3, 2001 @08:34AM from the taking-their-own-sweet-time dept.

billmaly writes: "Yahoo has this article about trying to make IIS more secure. Among steps is to have it install in its most secure state, putting the onus on sysadmins to remove it from that state. It looks like Microsoft may be trying to do the right thing from a security standpoint, at least on paper."

3 of 392 comments (clear)

Min score:

Reason:

Sort:

Sendmail by Cave+Dweller · 2001-10-03 08:38 · Score: 0, Flamebait

Isn't this kinda like the efforts to make Sendmail more secure?
Heh, relying on IIS admins? by Jayde+Stargunner · 2001-10-03 08:39 · Score: 1, Flamebait

These are the guys who have still be unable to figure out that the Buffer Overflow, etc. patches are available to them on Windows Update--or that almost all the new exploits would be fixed by getting Service Pack 2.

If they can't figure out how to use Windows Update, or have the sensibility to get the latest service pack within 4 months of its release...I doubt they know how to configure the system from scratch. *L*

Maybe this will require MS sysadmins to least something about the the OS for once. ;-P

-Jayde

--
What's a sig?
Re:Power of Gartner by NathanL · 2001-10-03 09:12 · Score: 0, Flamebait

where was with IIS, you install just about everything by default.

Oh, really? Are you sure about that? Or are you just saying that because you install Apache more often than IIS? Are you aware that there is an option to pick the stuff you want to install rather than letting it install everything?

No IIS servers I installed got hit by code red because - gasp - the default install was not done. If the exploitable software isn't installed, guess what happens? Your server doesn't get compromised! What a revelation.