Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's IIS is Twice as Likely to Host Malware?

Posted by Zonk on from the consider-the-source dept.

eldavojohn writes "According to Google, Microsoft's server software is at least twice as likely to host viruses or malware. The reason why? 'Google reports that IIS is likely used to distribute malware more often than Apache because many IIS installs are on pirated Windows versions which aren't configured to automatically download patches. (Even pirated Windows versions can automatically receive security fixes, however.) Our analysis demonstrates how important it is to keep web servers patched to the latest patch level,' Google notes."

8 of 163 comments (clear)

  1. Re:Help me out by drinkypoo · · Score: 1, Informative

    Has IIS had any remotely exploitable holes since version 5?

    yes

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:Help me out by eli+pabst · · Score: 2, Informative

    Has IIS had any remotely exploitable holes since version 5?

    At least one in version 6:

    http://secunia.com/advisories/21006/

    Which is actually fairly impressive, but then again you'd really only need one remote vulnerability if you are trying to compromise completely unpatched systems.

  3. Original source link by Anonymous Coward · · Score: 3, Informative

    Posted anonymously for your enjoyment:

    http://googleonlinesecurity.blogspot.com/2007/06/w eb-server-software-and-malware.html

  4. Re:Free as in beer? by Anonymous Coward · · Score: 2, Informative

    Because many of us think BSD is truely free, while the GPL imposes restrictions on what you can do with it, so isn't 'free' in our book. Different folks have different definitions of freedom. I'm sure yours is different than mine.

  5. 49/49 by jshriverWVU · · Score: 3, Informative
    If you look at the actual article, it shows an even split. 49% IIS 49% Apache 2% other:

    Pie Graph

  6. Re:Help me out by drinkypoo · · Score: 1, Informative

    That was a hole in version 5. Please try again. The question was: "Have there been any since version 5?"

    Since, definition 1: "from then till now (often prec. by ever): He was elected in 1978 and has been president ever since." Dictionary.com FTW!

    Perhaps you should learn to speak English before you criticize mine. I answered the question asked.

    The word you people want is "after", not "since". As my friend Tom says, correct me if I'm wrong, but be damned sure I'm wrong.

    Thank you, please drive through.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Re:Help me out by mhall119 · · Score: 2, Informative

    Actually the research shows that despite Apache being the more popular web server, IIS had more instances of hosting malware.

    --
    http://www.mhall119.com
  8. Re:Help me out by kernelpanicked · · Score: 2, Informative

    No actually if you had read the link the other poster gave you, it affects 5 and 6. Now that I'm on Secunia I've got another link for ya. Total security advisories for IIS6 (3) http://secunia.com/product/1438. Impressive, but not nearly as perfect as you would like to think.

    --
    Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it