Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netcraft Web Server Stats Challenged

Posted by simoniker on from the he-said-she-said dept.

kolchak writes "An article in The Age has an interesting analysis of the Netcraft Web Server Usage Reports. According to Port80 Software, Netcraft's surveys are biased towards domain name parkers and very small web sites, not taking into account how popular a site may be - there's some interesting results in the competing Port80 survey." However, it should be pointed out that Port80 "develops software products to enhance the security, performance and user experience of Microsoft's Internet Information Services (IIS) Web server."

10 of 461 comments (clear)

  1. I tried homepage.apple.com by fidget42 · · Score: 5, Interesting

    and this was their response:

    We detect that homepage.mac.com is running Apache/1.3.27 (Darwin).

    but with this caveat

    Note:
    No matter what the above results show, this company may be running Microsoft IIS and protecting its Web server identity with ServerMask.

    Nope, no bias there.

    --
    The dogcow says "Moof!"
  2. LOL by javiercero · · Score: 5, Interesting

    It is not only funny that according to their "survey" IIS has more market share than Apache, but *gasp* Netscape has a larger market share than Apache too!

    That is as big of a red flag as I have ever seen.

    Of course the fact that they indeed produce softs for IIS is in no way shape or form any sort of indication to a possible, slight, minimal... bias.

    LOL, a nice laugh... and they may even get slashdotted, which will bring joy to their sorry operation since they will now be able to claim that they are now one of the nets most popular companies/sites. I am sure this is some sort of ploy to get traffic, it will be funny to see if indeed their beloved IIS can stand the slashdot effect. LOL

  3. Not so inaccurate .. by jcam2 · · Score: 4, Interesting

    Even if these Port80 guys are on Microsoft's payroll, the point they make is still quite correct - it make no sense to measure market share by simply counting web hosts. If all the high-traffic web sites on the Internet are running IIS while the numerically greater but less popular remainder are running Apache, can you meaningfully say that Apache has a higher 'market share'?

    Unfortunately, short of tracking people's surfing habits or getting access to web server logs, there is no easy way of working out the popularity of a site. Netcraft's method of polling every known webserver is really the only practical method available, if it is not truly accurate.

    1. Re:Not so inaccurate .. by Prof.+Pi · · Score: 5, Interesting
      it make no sense to measure market share by simply counting web hosts. If all the high-traffic web sites on the Internet are running IIS while the numerically greater but less popular remainder are running Apache, can you meaningfully say that Apache has a higher 'market share'?

      Didn't Netcraft themselves cover this topic last year? IIRC, some pro-MS group made the same argument, that you should only count the big guys. They looked at the Fortune N (I forget what N was) and found that lo and behold, IIS came out on top.

      Then Netcraft came back with another study, where they ranked companies not by their Fortune ranking (i.e., total revenue), which would tend to favor MS as that's the "safe" choice for big companies. Instead, they ranked companies by how much revenue they made on the Net (so companies like Amazon would rank much higher), and found that by that measure, Apache was again on top.

  4. Something smells... by pridefinger · · Score: 5, Interesting

    I tried several sites myself with my own javascript and guess what?

    My results were were different than their's more than half the time! I figured they had multiple servers running, etc., so I rechecked at least 5 times on all sites (all sites checked, that is ~50)...NO CHANGE!

    Take disney.com, for example. Their site says IIS 5.0. I got netscape...so did netcraft.

    One word... BULL#%&*!

    -Pride

    1. Re:Something smells... by a.koepke · · Score: 5, Interesting
      I just checked this too... Port80 displays MS IIS and Netcraft displays Netscape. I thought I would do my own check. This now shows a flaw in both checks, Netcraft and Port80.

      andreas:/var/mail# telnet disney.com 80
      Trying 198.187.189.55...
      Connected to disney.com.
      Escape character is '^]'.
      HEAD / HTTP/1.0

      HTTP/1.1 302 Moved Temporarily
      Server: Netscape-Enterprise/3.6 SP3
      Date: Thu, 27 Nov 2003 06:44:12 GMT
      Location: http://disney.go.com/
      Content-length: 0
      Content-type: text/html
      Connection: close

      Connection closed by foreign host.
      andreas:/var/mail# telnet disney.go.com 80
      Trying 198.187.189.93...
      Connected to disney.go.com.
      Escape character is '^]'.
      HEAD / HTTP/1.0

      HTTP/1.0 200 OK
      Server: Microsoft-IIS/5.0
      P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR SAMo OTRo BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
      Set-Cookie: SWID=E4481904-1BC1-4D6B-A21F-5FB993D69628; path=/; expires=Thu, 27-Nov-2023 06:44:39 GMT; domain=.go.com;
      Cache-Expires: Thu, 27 Nov 2003 06:47:13 GMT
      Cache-Control: max-age=300
      Date: Thu, 27 Nov 2003 06:44:39 GMT
      Content-Type: text/html
      Accept-Ranges: bytes
      Last-Modified: Thu, 27 Nov 2003 06:42:13 GMT
      ETag: "ba9b4197b1b4c31:b10"
      Content-Length: 6260
      Vary: Accept-Encoding, User-Agent
      Via: 1.1 redline-7 (Redline Networks Accelerator 2.2.8 0)

      Connection closed by foreign host.


      Interesting, Disney.com is a Netscape webserver which just does a 302 Moved header and sends the client to Disney.go.com which is an IIS box.

      So the actual Disney site you end up with (Disney.go.com) is IIS so in that case Port80 are sort of right in reporting it as so. But Netcraft are also right in reporting Netscape for the Disney.com domain since that is what Disney.com is running, Disney.go.com is a seperate domain and would be counted seperately.
      --


      (\(\
      (^.^)
      (")")
      *This is the cute bunny virus, please copy this into your sig so it can spread
  5. Servermask didn't see that coming! by morcheeba · · Score: 4, Interesting

    Port80 Survey header check
    Microsoft OLE DB Provider for ODBC Drivers error '80040e57'
    [Microsoft][ODBC SQL Server Driver][SQL Server]String or binary data would be truncated. /surveys/top1000webservers/headercheck.asp, line 121

    A suggestion for their servermask product: COVER UP ERRORS THAT GIVE AWAY INFORMATION. Seriously, if they think that headers are going to give away a lot of info, then forced errors will, too. But, there is boatload of other techniques (including passive techniques) that get around their security-throught-obscurity program.

    --
    HIV Crosses Species Barrier... into Muppets
  6. Absolutely Nothing by servoled · · Score: 4, Interesting
    What does that say about the quality of the respective servers?
    It says absolutely nothing because you are not factoring in the amount of traffic handled by each machine, the connection speed, processing power, RAM, speed of I/O communications between the processing system and network interfaces, hard drive latency for retrieving data, etc...

    You can't make an accurate comparison unless you can remove all the other factors which directly affect how the server will perform.
    --
    "I have a porkchop, you have a porkchop. I have a veal, you have a veal".
  7. Re:A bit more than the average MS bias by boneshintai · · Score: 5, Interesting

    i mean, after all, we all turn off ping before we put our servers up... don't we?

    No, as a matter of fact I don't turn off ECHO responses on boxes I manage. I prefer to be able to tell if an operating system or tcp/ip stack has fallen over without having to go over and hook up a console. I'm actually rather annoyed at certain ISPs for continuing to block ping even after Welchia and Slammer have mostly abated.

    Which is not to say you can't turn off pings on your boxes, but neither your preference nor mine is everyone's preference.

  8. Re:Yes they are... check this out by kyrre · · Score: 5, Interesting

    Apperantly servermask is their product. When I try a site I knew running IIS response is like so:

    Protect your Web server identity with ServerMask!
    Why let anyone find out you're running a Microsoft IIS server? Don't tempt potential hackers!

    Try ServerMask FREE for 30 days. Download Now!
    Buy ServerMask for only $49.95 today!

    No: "No matter what the above results show, this company may be running Apache and protecting its Web server identity with ServerMask."

    Security through masking the server string sounds very secure. sigh.