Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Attempts to Secure IIS

Posted by ryuzaki0 on from the taking-their-own-sweet-time dept.

billmaly writes: "Yahoo has this article about trying to make IIS more secure. Among steps is to have it install in its most secure state, putting the onus on sysadmins to remove it from that state. It looks like Microsoft may be trying to do the right thing from a security standpoint, at least on paper."

18 of 392 comments (clear)

  1. Hmm... by Wakko+Warner · · Score: 4, Funny

    Apparently every copy of Windows XP/2000 is now shipping with a pair of scissors, to be used to "secure" the ethernet connection of IIS servers.

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  2. I hope they succeed by drodver · · Score: 5, Funny

    because 78,417 Nimda hits are more than enough for me!

  3. Microsoft's new strategy by Anonymous Coward · · Score: 4, Funny

    Download source code for Apache. Tweak the headers to say "IIS" instead of "Apache". Brag about their speedy team of coders.

  4. A paper on handling IIS in a secure manner: by Nindalf · · Score: 4, Funny

    The paper is here.

    It's more involved than you might think. If you are a sysadmin, this might be important for your job security.

  5. Secure IIS already out in Beta by Grim+Grepper · · Score: 0, Funny

    Microsoft has released a secure version of IIS to its beta testers. I cannot give you any details, except that it has codename "Apache".

  6. Warning! May cause severe regret! by Nindalf · · Score: 2, Funny

    This just reminded me of a particular Daily Victim.

    "In a fit of rage I went over the deep end and cut our apartment's DSL connection!"

  7. actually Microsoft offers a choice by Anonymous Coward · · Score: 3, Funny

    If you don't feel like hurting good quality cables, alternatively you can use the scissors to cut out every instance of the word "secure" from the IIS documentation, and run the software.

  8. New by mlknowle · · Score: 5, Funny

    In other news, Microsoft's hardware division announced a plan to make water flow uphill.

  9. Wondering what the new settings will be... by blogan · · Score: 4, Funny

    A paperclip comes up and asks you, "Would you like to have the server start? Would you like to allow connections from outside 127.0.0.1? Would you like to run scripts? Would you like to be able to access files not residing on the read only floppy? Would you like to have all comments automatically read by Outlook?"

  10. Re:Like they had any choice ? by Anonymous Coward · · Score: 1, Funny

    With the Gartner group sending letters to all their customers RECOMMENDING they remove IIS as "an unacceptable security risk" based on the TCO of IIS rapidly exceeding the cost of the hardware, the OS and THE SUPPORT STAFF. When a nationally recognized consulting firm that supports 400 of the top 500 firms , and one that HAS BEEN PRO M$ up to this point, or at least VERY neutral, suddenly starts advocating ABANDONING your investment you know you have BIG PROBLEMS. I personally think this is TOO LITTLE TOO LATE. Why was the product not shipped like this in the first place ???
    "Do androids dream of electric sheep ?" - Phillip K. Dick

  11. sarcasm? by Anonymous Coward · · Score: 5, Funny
    "It looks like Microsoft may be trying to do the right thing from a security standpoint, at least on paper."

    Thank God. Since MS usually tries to do the wrong thing, on purpose. Now they are doing the right thing on paper.

  12. Dear Microsoft by ReelOddeeo · · Score: 3, Funny

    Dear Microsoft,

    Thank you for your recent ammouncement that (someday) you will secure IIS.

    Enclosed please find a blank, signed check.

    When a more secure IIS is ready, please fill in the amount on the check, deposit it, and then ship me the new IIS. I'm patient. I'll wait until it's ready.

    I know you're working very hard and that the benefit of end users is the number one concern of Microsoft.

    Your loyal lackey,

    MCSE guy.

    --

    Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
  13. Comment removed by account_deleted · · Score: 4, Funny

    Comment removed based on user account deletion

  14. Wow! by crisco · · Score: 3, Funny
    All that fits on one CD?

    :)

    --

    Bleh!

  15. Re:fun quotes by Black+Parrot · · Score: 2, Funny


    > "it's incumbent on Microsoft, being in the leadership position we're in"

    Funny, but I've never heard the concept of loss leader applied to security before.

    --
    Sheesh, evil *and* a jerk. -- Jade
  16. Re:Uneducated Opinion :-) by styrotech · · Score: 2, Funny

    Geez I'd be pissed if I couldn't play basketball with the others because some smartass set up a non MS web server.

    If there's one thing MS has done well - it's looking after developers! While all the non MS developers are inside getting OOS, sore eyes and fat butts, the MS developers get regular exercise breaks in the sunshine.

  17. Re:this is a good first step, but.. by Phroggy · · Score: 3, Funny

    Yes. That's why sendmail and bind are the paragons of security they are today. From-scratch attempts to replace them are riddled with holes that make IIS look like a pinprick.

    Oh come on. We're talking apples and oranges here. Postfix, qmail and djbdns were written by UNIX guys who knew what they were doing. IIS would be rewritten by Microsoft. Completely different story.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  18. Bill's Prayer by Graspee_Leemoor · · Score: 2, Funny

    Our father which art in Redmond, Bill be thy name.
    Thy .NET come. Thy will be done, in earth, as it is in Redmond.
    Give us this day our daily executable.
    And forgive us our syntax errors, as we forgive thy crashes
    And lead us not into subscription-based services, but deliver us from blue-screens: For thine is the marketplace, and the patents, and the shares, for ever, Amen.