Microsoft's IIS is Twice as Likely to Host Malware?

← Back to Stories (view on slashdot.org)

Microsoft's IIS is Twice as Likely to Host Malware?

Posted by Zonk on Friday June 8, 2007 @06:22AM from the consider-the-source dept.

eldavojohn writes "According to Google, Microsoft's server software is at least twice as likely to host viruses or malware. The reason why? 'Google reports that IIS is likely used to distribute malware more often than Apache because many IIS installs are on pirated Windows versions which aren't configured to automatically download patches. (Even pirated Windows versions can automatically receive security fixes, however.) Our analysis demonstrates how important it is to keep web servers patched to the latest patch level,' Google notes."

126 of 163 comments (clear)

Min score:

Reason:

Sort:

Help me out by mingot · 2007-06-08 06:25 · Score: 4, Insightful

Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5? Or are these machines that get owned via some other method and then just happen to have IIS so it is used to serve the malware? So really, this has more to do with unpatched windows than IIS? Or am I missing something?
1. Re:Help me out by Ngarrang · 2007-06-08 06:29 · Score: 1, Redundant
  
  It is a combination of both Windows and IIS for being at fault. Microsoft releases patches for both, and neither are apparently being applied by the servers in question.
  
  --
  Bearded Dragon
2. Re:Help me out by spellraiser · 2007-06-08 06:31 · Score: 2, Insightful
  
  Yes, it's probably due to unpatched Windows. They use the term web server, which is ambiguous in that it can mean both the server software and the machine it runs on. In this case they most likely mean the machine. After all, isn't it common knowledge that it's important to keep all your software updated and patched, not least the OS?
  
  --
  I hear there's rumors on the Slashdots
3. Re:Help me out by drinkypoo · 2007-06-08 06:34 · Score: 1, Informative
  
  Has IIS had any remotely exploitable holes since version 5?
  
  yes
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:Help me out by eli+pabst · 2007-06-08 06:35 · Score: 2, Informative
  
  Has IIS had any remotely exploitable holes since version 5?
  
  At least one in version 6:
  
  http://secunia.com/advisories/21006/
  
  Which is actually fairly impressive, but then again you'd really only need one remote vulnerability if you are trying to compromise completely unpatched systems.
5. Re:Help me out by AKAImBatman · 2007-06-08 06:36 · Score: 2, Funny
  
  See! The same thing is going to happen to Macs and Linux as soon as they become popular! Because popularity means that these OSes will get pirated more. Which will lead to more infections of unpatched systems. Even though Linux is "free" (as in beer) and Mac OS X only works on legitimate Mac Hardware. Because free... and official hardware...
  
  Wait...
  
  What was I saying again?
  
  --
  Javascript + Nintendo DSi = DSiCade
6. Re:Help me out by mingot · 2007-06-08 06:40 · Score: 1
  
  This requires uploading a maliciously constructed asp file to a directory where there is script execute privilege. If I can upload script and have it run on a web server (any web server) doesn't that mean I've already pretty much got her pants down?
7. Re:Help me out by goldspider · 2007-06-08 06:46 · Score: 2, Insightful
  
  "Microsoft releases patches for both, and neither are apparently being applied by the servers in question."
  
  So in other words, it's the inattentive sysadmins that are at fault. Why do you blame Windows and IIS then?
  
  --
  "Ask not what your country can do for you." --John F. Kennedy
8. Re:Help me out by Florian+Weimer · 2007-06-08 06:53 · Score: 1
  
  Has IIS had any remotely exploitable holes since version 5?
  
  What about the WebDAV issue that was used to break into DoD systems just before the Iraq war?
9. Re:Help me out by Henry+V+.009 · 2007-06-08 07:03 · Score: 2, Insightful
  
  That was a hole in version 5. Please try again. The question was: "Have there been any since version 5?"
10. Re:Help me out by Foofoobar · 2007-06-08 07:04 · Score: 1
  
  If the flesh eating virus attacks my hand and then has access to my arm as a result of the fact that my nervous system decided to give everything easy access to each other, then that arm desrves to get taken! CHOP THAT BABY OFF AND HEAD FOR THE NECK I SAY!!
  
  If they wanted the apps to remain separate and sandboxed, they should have done so to begin with. Slap on the hand and one in the face to Microsoft for not doing so.
  
  --
  This is my sig. There are many like it but this one is mine.
11. Re:Help me out by forrestt · 2007-06-08 07:05 · Score: 1
  
  I'm the last one to defend Microsoft, but that is an exploit for version 5. The question was since version 5 (i.e. version 6).
12. Re:Help me out by KarmaMB84 · 2007-06-08 07:11 · Score: 1
  
  I'll point to the *since version 5* part and also point out that they wouldn't have been likely to be using Windows 2003 before the Iraq war or using Windows XP for such a purpose... unless you have a link to clarify...
13. Re:Help me out by drinkypoo · 2007-06-08 07:17 · Score: 1, Informative
  
  That was a hole in version 5. Please try again. The question was: "Have there been any since version 5?"
  
  Since, definition 1: "from then till now (often prec. by ever): He was elected in 1978 and has been president ever since." Dictionary.com FTW!
  
  Perhaps you should learn to speak English before you criticize mine. I answered the question asked.
  
  The word you people want is "after", not "since". As my friend Tom says, correct me if I'm wrong, but be damned sure I'm wrong.
  
  Thank you, please drive through.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
14. Re:Help me out by d34thm0nk3y · 2007-06-08 07:24 · Score: 1
  
  That bug was from 6 years ago. If that is the best you can find MS must be doing a pretty good job.
15. Re:Help me out by Ngarrang · 2007-06-08 07:30 · Score: 1
  
  Modded as a troll? Why? I was answering the posters question. Unless, of course, I was moderated down by a sysadmin of an IIS server. Geesh. Some people have no clue how to use mod points.
  
  --
  Bearded Dragon
16. Re:Help me out by Anonymous Coward · 2007-06-08 07:31 · Score: 1, Insightful
  
  You're probably wrong. From the same link:
  "From then until now or between then and now"
  
  Which leaves ambiguity as to whether the endpoints are inclusive. So you will have to take it based on context. In this case, saying something like "There hasn't been a hole since version 5" implies that version 5 had a hole. So when you ask the related question, "Has there been an hole since version 5", it implies that the asker of the question knows there was a hole in version 5, and means to inquire as to whether there was one after.
  
  After all, if your last traffic ticket was in 2001, and I ask you "have you gotten a traffic ticket since 2001?", do you say "Yes, I got one in 2001"?
  
  I think everyone is pretty damned sure you're wrong in this case.
17. Re:Help me out by Henry+V+.009 · 2007-06-08 07:40 · Score: 1
  
  You are inserting words that aren't there. You would be right if he had said "since the release of version 5." But he didn't say that. He said "since version 5."
  
  So, no, I'm not the one who needs English lessons.
18. Re:Help me out by mhall119 · 2007-06-08 08:09 · Score: 2, Informative
  
  Actually the research shows that despite Apache being the more popular web server, IIS had more instances of hosting malware.
  
  --
  http://www.mhall119.com
19. Re:Help me out by kernelpanicked · 2007-06-08 08:27 · Score: 2, Informative
  
  No actually if you had read the link the other poster gave you, it affects 5 and 6. Now that I'm on Secunia I've got another link for ya. Total security advisories for IIS6 (3) http://secunia.com/product/1438. Impressive, but not nearly as perfect as you would like to think.
  
  --
  Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
20. Re:Help me out by GbrDead · 2007-06-08 08:44 · Score: 1
  
  So then you may run IIS on OpenBSD? No?
  A security system is as strong as its weakest part, isn't it? Or am I missing something?
21. Re:Help me out by Jaysyn · 2007-06-08 08:51 · Score: 1
  
  Statistics. It's just math guy, don't get so worked up.
  
  --
  There is a war going on for your mind.
22. Re:Help me out by Henry+V+.009 · 2007-06-08 09:09 · Score: 1
  
  You have a lot of trouble reading. The statement "it affects 5 and 6" is flat out wrong. Also, security advisories are not the same as remote exploits.
23. Re:Help me out by drinkypoo · 2007-06-08 09:31 · Score: 1
  
  You are inserting words that aren't there. You would be right if he had said "since the release of version 5." But he didn't say that. He said "since version 5."
  
  No, actually, you are inserting words that aren't there. Normally, if you were going to use the word to convey the meaning you intend, it would be written as "since after" this-and-such. I am simply failing to insert words you think should be there.
  
  At best you could say that the meaning was up to interpretation, since it certainly was not made clear. I answered one possible interpretation of the question, and in fact it is the interpretation based on the most common meaning of the word.
  
  If you're not comfortable with that, it's okay. You can piss and moan all day.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
24. Re:Help me out by mingot · 2007-06-08 09:54 · Score: 1
  
  Right, and all that says is that a lot a windows boxes got owned and are using IIS to distribute malware. If IIS did not exist we'd STILL have more apache web servers than anything else and some OTHER webserver (probably the meanest and leanest that can easily be distributed inside of the malware itself) would still be responsible for distributing the bulk of the malware.
  
  My irritation with the article and how it is presented in the summary here is that it seems to show that apache is somehow more secure than IIS. Which it is not. What it DOES show is that a LOT of windows machines out there are just not secure. And since this fact is obvious to even the most casual of observers I'm left scratching my head asking "what the fuck was the point of this article?"
  
  I think it was Google trolling, karma be motherfucked. I'll call a spade a spade. ;)
25. Re:Help me out by dave562 · 2007-06-08 09:57 · Score: 1
  
  I will take -1 Troll, -1 OffTopic and -1 Flamebait please Alex.
  Does it hurt to be so anal rententive? Do you get clogged up, or does the shit you spew here on /. help keep it flowing?
26. Re:Help me out by kernelpanicked · 2007-06-08 10:30 · Score: 1
  
  It clearly listed IIS5 and IIS6. I guess it's a bit hard for you to read with Bill's cock stuck all up in your face, but the point still stands.
  
  --
  Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
27. Re:Help me out by Henry+V+.009 · 2007-06-08 11:02 · Score: 1
  
  You're fast with the graphic homosexual imagery. Copy and pasted from the article:
  
  Systems Affected: Microsoft Windows 2000 Internet Information Services 5.0 Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1
  
  I repeat, learn to read.
28. Re:Help me out by gmuslera · 2007-06-08 11:20 · Score: 1
  
  Yes and no. A lot are pirated windows, and some patches are not available for them. Is not in the linked article, but in i.e. http://blogs.zdnet.com/security/?p=266 you can see a bit more of info.
29. Re:Help me out by PitaBred · 2007-06-08 12:59 · Score: 1
  
  Nope. Apache, etc. run chrooted and with minimal external privileges. I don't believe that you can configure IIS6 the same way, and at very least, it's not configured as such out of the box like most Linux distributions have it. It's a much more dangerous bug than you'd assume.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
30. Re:Help me out by shaitand · 2007-06-08 15:40 · Score: 1
  
  'Has IIS had any remotely exploitable holes since version 5?'
  
  Who knows? All I know is how many of the remotely exploitable holes Microsoft has managed to patch since version 5. As far as I can tell they haven't managed to patch any and based upon the real world results it looks like IIS is being remotely exploited left and right.
31. Re:Help me out by shaitand · 2007-06-08 15:48 · Score: 1
  
  'Why do you blame Windows and IIS then?'
  
  Because inattentive sysadmins is not the common factor, windows isn't even the common factor; IIS is. There are plenty of apache installs on windows but those servers aren't being exploited. There are inattentive sysadmins using every system, if there are more in the windows webserver market (despite the fact that windows and IIS aren't dominant players in that market) then there is a flaw in these systems that attracts them. That flaw might be a design methodology the spreads the myths that enough knowledge to setup an IIS webserver is enough to competently administrate that server when in reality it isn't even enough to competently administrate a desktop.
32. Re:Help me out by hdparm · 2007-06-08 17:39 · Score: 1
  
  MS should be blamed for Windows design which is the reason for enormous number of various ways to fuck the computer up. They should also be held responsible for mass-production of MCSE-type engineers, who don't know much about what they do. You're right - it's not Windows that should be blamed.
33. Re:Help me out by Lesrahpem · 2007-06-08 21:48 · Score: 1
  
  Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.
  
  This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.
  
  Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
  http://milw0rm.com/exploits/4016
  http://milw0rm.com/exploits/2056
  http://milw0rm.com/exploits/1260
  http://milw0rm.com/exploits/1178
  And those are just the public ones.
34. Re:Help me out by rbanffy · 2007-06-08 23:55 · Score: 1
  
  It points out IIS admins are twice as lazy or half as clever as other sysadmins.
  
  Since they go for less money, that's hardly surprising ;-)
  
  --
  http://www.dieblinkenlights.com
35. Re:Help me out by mrsteveman1 · 2007-06-09 00:10 · Score: 2, Funny
  
  I agree, I'm currently on my way to getting a CCSP at the moment, and there are people in the college classes i take who barely understand how a windows domain works, let alone network systems and authentication.
  
  Recently one of them was trying to connect to the VPN at his job, which is part of a windows domain, and it wouldn't work because he hadn't authenticated against the schools wireless login yet and obviously wouldn't be able to connect to anything. The wireless auth system basically just grabs users from the mail server, and inserts a access list rule in the router behind it allowing traffic from your MAC address to get out.
  
  So he entered in his user and such, and was able to connect to the VPN at his job. He then went on to say that he forgot to login to the wireless page and that they had to login to the domain at work to use the servers. I explained to him that the wireless login didn't have anything to do with the windows domain where he works, but he pulled out one of those "i don't actually know anything" lines and said "All I know is we have to login to the wireless system at work to use the network, you can use the internet but not the servers", which is completely different and reverse situation. The result being that now he thinks the wireless login authenticated his laptop against the windows domain at his job, never mind the fact that they are completely distinct and unrelated networks, not even using the same authentication system or user database.
36. Re:Help me out by vertinox · 2007-06-09 00:30 · Score: 1
  
  So really, this has more to do with unpatched windows than IIS? Or am I missing something?
  
  Did you even read the summary?
  
  It says the malware is because of pirated versions of windows that don't get updated with security fixes.
  
  Without reading the article you can use logic to assume the following 2 reasons:
  
  1. You can't run IIS on anything but Windows OS
  2. Windows OS isn't free so the users resort to piracy
  
  Now in that respect, you could in theory have a pirated Windows Advanced Server 2003 running Apache if you really wanted to, but anyone that is going through with the trouble of running Apache is most likely going to download a free Linux distro because of two reasons:
  
  1. It is more secure because you do have access to the latest patches
  2. It is legally free
  
  I believe more so the second one has more to do that the first, because even someone who is blatantly disregarding security or technical knowhow may not want to run a website using illegal methods. (Especially running a business)
  
  --
  "I am the king of the Romans, and am superior to rules of grammar!"
  -Sigismund, Holy Roman Emperor (1368-1437)
37. Re:Help me out by figleaf · 2007-06-09 03:03 · Score: 1
  
  I don't think you understand any the links that you posted. None of them are remote exploits in IIS. Its just some exploits that can be hosted on IIS.
  This is like blaming Apache for problems in Java Server Pages.
38. Re:Help me out by WilliamSChips · 2007-06-09 07:27 · Score: 1
  
  Last I checked it was Henry V who was being anal retentive. Though it's hard to be anal retentive when you don't have an anus.
  
  --
  Please, for the good of Humanity, vote Obama.
No kidding /sarc by N3WBI3 · 2007-06-08 06:27 · Score: 3, Insightful

The problem is anyone out there who can install windows services considers themselves a knowledgeable sys-admin. Sure there are technical reasons why LAMP tends to be more secure than IIS but more often than not it comes down to poor configuration (running unneeded services, poor network security, poor hardening standards), lazy maintenance (not checking logs, updating software), and a lack of understanding threats (not keeping up with cert).

Linus once said of Gnome that when you design assuming you're users are idiots in the end thats all the users your going to have. Find an experienced competent admin who has cut his teeth in the real world and not in a MCSE bootcamp and you should be ok.

--
1. Re:No kidding /sarc by porkThreeWays · 2007-06-08 07:10 · Score: 4, Interesting
  
  I know everyone's going to start hating on you... but it's really true. The dirty little secret MS doesn't like to talk about in their TCO studies is that they usually rely on the fact Microsoft consultants make on average the least out of almost every consulting field. One study showed 30 dollars an hour! If you are paying your "experts" next to nothing how expert can they really be?
  
  Your quote at the end really rings true. I have yet to meet an IIS admin whom understands the HTTP standards at all, let alone something as complex as debugging chunked encoding issues. If you can't telnet to port 80 and get usable output, you have no business being a web server administrator. However, the windows culture encourages quite the opposite. If you can't solve a problem with a wizard, does the problem actually exist?
  
  --
  If an officer ever threatens to taze you, say you have a pacemaker.
2. Re:No kidding /sarc by N3WBI3 · 2007-06-08 08:36 · Score: 1
  
  But this is immaterial when you're talking about a negligent or grossly incompetent admin on either OS.
  This is true my point was the proclivity of people to think click and forget is, in and of itself, not negligent by folks in the MS sphere.
  
  --
3. Re:No kidding /sarc by revengebomber · 2007-06-08 13:22 · Score: 1
  
  However, the windows culture encourages quite the opposite. If you can't solve a problem with a wizard, does the problem actually exist? If a server fails in a forest, and no one is around to connect to it, does it generate an error message?
  
  --
  09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Pirates by Threni · 2007-06-08 06:29 · Score: 1

> (Even pirated Windows versions can automatically receive security fixes, however.)

Well, the ones who either patched or didn't download the WGA fix, anyway.
Uh oh.. by pak9rabid · 2007-06-08 06:30 · Score: 1

Those of you in the front row would be advised to watch for falling chairs.
1. Re:Uh oh.. by hotdiggitydawg · 2007-06-08 07:22 · Score: 1
  
  Actually I'd say this is great PR for Microsoft.
  
  Personally I thought it'd be much worse than just "twice" as bad. Maybe I've been buried under too much anti-MS FUD from reading Slashdot...
Big Surprise by ThinkFr33ly · 2007-06-08 06:32 · Score: 4, Interesting

First, there is not nearly enough information provided by Google to come to any real conclusions.

It could be that IIS is more likely to become infected than Apache and then be used to distribute malware, or it could be that malware purveyors are more likely to host their malware on IIS. Or it could be a combination of both.

They also fail to mention what versions of IIS we're talking about, as that makes a huge difference. IIS 5.x had more holes than a cubic mile of swiss cheese. IIS 6, on the other hand, appears to be rock solid and actually has fewer vulnerabilities than Apache.

Second, the fact that Google is a direct competitor to Microsoft is an obvious reason to find their conclusions dubious, at best. They have plenty of reasons to bash Microsoft at every possible opportunity.
1. Re:Big Surprise by mingot · 2007-06-08 06:43 · Score: 1
  
  Actually, 5 was pretty solid. I really think you need to get back to 4 for it to turn into shit.
2. Re:Big Surprise by daeg · 2007-06-08 07:55 · Score: 2, Insightful
  
  When you compare IIS 6 to the comparable Apache version (2.2), they both have the same number of advisories. Note that Apache 2.2 has an unpatched very low risk vulnerability when run on Windows. Interestingly, Apache supports more platforms yet has less bugs considering one of the three bugs only targets one operating system.
  
  I don't question their results, although I'd suspect there are also a high number of Cpanel hosts slammed full of malware, too.
3. Re:Big Surprise by ThinkFr33ly · 2007-06-08 09:01 · Score: 1
  
  I'm not sure comparing IIS 6 to Apache 2.2 is particularly fair. Apache 2.2 was released in December of 2005. IIS 6 was released in March of 2003. It has had about 2 more years for people to attack it and find bugs.
4. Re:Big Surprise by daeg · 2007-06-08 10:27 · Score: 1
  
  Ah, good point, I was off on my release dates on both accounts.
  
  It'll be interesting to look at IIS vs. Apache vs. Other servers once they reach the same general level of maturity/usage.
5. Re:Big Surprise by ThinkFr33ly · 2007-06-08 12:24 · Score: 1
  
  Indeed.
  
  A more fair comparison would be to compare two versions that were released at around the same time and have about the same overall usage.
  
  I'm not sure there is quite a perfect match in this respect between IIS and Apache.
  
  That said, it's hard to deny that Microsoft has completely turned around on security, at least with respects to some of their newer products. IIS 6, ISA Server, and Vista have all (at least so far) shown to be far more resilient to attacks than anything Microsoft has done before.
6. Re:Big Surprise by aztracker1 · 2007-06-08 14:58 · Score: 1
  
  5 was okay, as long as you disabled all the older ISAPI extensions, which I tended to do, I usually only left asp.dll and later the .net support... all my current servers are win2003/iis6 now, so less of an issue.
  
  --
  Michael J. Ryan - tracker1.info
Oh no. by u-bend · 2007-06-08 06:32 · Score: 1

Aahr. There be unpatched pirate servers here.

--
u-bend
Genuine question by feranick · 2007-06-08 06:36 · Score: 2, Insightful

Please don't flame me for this, it's a genuine question: Does Apache download and apply patches itself automatically? Or are sys administrators more careful and quicker to apply patches as soon as they are released?
1. Re:Genuine question by Nibbler999 · 2007-06-08 06:42 · Score: 3, Interesting
  
  Apache won't auto-update but the distribution (assuming linux here) will provide automatic updates if configured for it.
2. Re:Genuine question by jimicus · 2007-06-08 09:31 · Score: 1
  
  It's not as simple as that.
  
  Unlike much of Windows, Linux systems are extremely modular. Apache has literally dozens if not hundreds of modules which can be enabled or disabled more or less at the will of the sysadmin.
  
  A security hole in a specific module which is part of the core Apache distribution will be described as a hole in Apache - but that's a bit disengenous because it only affects systems which have that module loaded. If it's distributed in a separate package to the main program by the Linux distribution, the vulnerable package may not even be installed. And any Unix sysadmin worth his salt only enables exactly what he needs - nothing more. The less there is running, the less there is to go wrong.
3. Re:Genuine question by rbanffy · 2007-06-09 00:20 · Score: 1
  
  Actually setting up Apache in a modern Linux environment is quite easy - it amounts to open the package manager, select the apache package and the modules you will use, let it select any dependencies you may need (languages, libraries) and let the package manager do its job.
  
  That said, I like the way Debian-derived distros install their apache servers and find them very easy and even pleasant to configure.
  
  And, as a bonus, they seem to be quite secure by default, requiring, at most, some very simple tweaks.
  
  And, best of all, your package manager will keep everything up-to-date and consistent.
  
  --
  http://www.dieblinkenlights.com
IIS is good stuff. by jshriverWVU · 2007-06-08 06:40 · Score: 1

I use it on a honeypot server, leaving linux and apache as my real machine.
Newsflash! by DrEldarion · 2007-06-08 06:42 · Score: 4, Insightful

Bad admins run bad servers!

Wouldn't have expected that one.
Free as in beer? by ericrost · 2007-06-08 06:44 · Score: 1

Why is Linux always referred to as free as in beer? It's GPL'd and there are distros (Debian anyone) that are free as in freedom to the core. Where does this come from?

--
My Babylon
1. Re:Free as in beer? by Anonymous Coward · 2007-06-08 06:47 · Score: 2, Informative
  
  Because many of us think BSD is truely free, while the GPL imposes restrictions on what you can do with it, so isn't 'free' in our book. Different folks have different definitions of freedom. I'm sure yours is different than mine.
2. Re:Free as in beer? by AKAImBatman · 2007-06-08 06:54 · Score: 1
  
  Because I was making a point? Specifically, that Linux is freely available to install, use, upgrade, and patch. Which would make the reason for the unpatched Windows machines (i.e. piracy) irrelevant. That's why the distinction was important in this case.
  
  Oh, sorry. I was supposed to give the standard Slashdot response, wasn't I? Ok...
  
  *WHOOOOSH!* :P
  
  --
  Javascript + Nintendo DSi = DSiCade
3. Re:Free as in beer? by ericrost · 2007-06-08 06:58 · Score: 1
  
  But Linux is also freely available to modify, make derivative works of, and redistribute, even for a cost. That's more free than beer.
  
  --
  My Babylon
4. Re:Free as in beer? by ericrost · 2007-06-08 07:01 · Score: 2, Insightful
  
  The GPL doesn't restrict what you can DO with any piece of GPL'd code, it restricts you from restricting others from using your work in the same way you used the work of the thousands of developers who made the GNU system and the Linux kernel.
  
  Share and share alike. Otherwise one bad apple spoils the freedom for everyone.
  
  --
  My Babylon
5. Re:Free as in beer? by lgarner · 2007-06-08 07:08 · Score: 1
  
  "Why is Linux always referred to as free as in beer? It's GPL'd and there are distros (Debian anyone) that are free as in freedom to the core. Where does this come from?"
  
  and
  
  "That's more free than beer."
  
  Linux is free. As in beer. As in speech. As in do-whatever-you-want-with-it. I don't see why you would argue with someone who chooses to pick one to make a point. Failing to include every possible interpretation of something does not make one's statement incorrect.
  
  That reminds me. It's also free as in choice.
6. Re:Free as in beer? by ericrost · 2007-06-08 07:28 · Score: 1
  
  And that's an activity that it was designed to prevent because you shouldn't benefit from other's work without making your own available. Start with a blank codebase if you're going to do something like that.
  
  If you wish to leverage other's work, you must play by their rules. What's Micorsoft's policy on using their source code?
  
  --
  My Babylon
7. Re:Free as in beer? by ericrost · 2007-06-08 07:34 · Score: 1
  
  It doesn't prevent you from accomplishing your goal of having a program that you can charge money to distribute and maintain to fulfill your customer's need of a task being done.
  
  It does, however, protect the intentions of those people who worked to create that codebase that you wish to exploit. It protects that codebase that they made freely available from being used in a way that is not good for the software ecosystem as a whole.
  
  If what you are providing is valuable, how you do it doesn't need to be a secret. You're mistaken that our definitions of freedom are different, its your frame of reference for freedom. You're looking for the "freedom to make others less free". If you make a parallel to American History, the Civil War made the South less free for Plantation owners, "deal with it".
  
  --
  My Babylon
8. Re:Free as in beer? by ericrost · 2007-06-08 07:38 · Score: 1
  
  Because it leaves the impression that it is ONLY free as in beer, which is incorrect. I've seen this point made before, and as the GP clearly indicates in his responses, he BELIEVES it is only free as in beer because a BSD license would be SO much better for GNU and Linux to release under.
  
  It's disingenuous to use the terminology of the software freedom movement (who defined via the GPL what software freedom even was) to leave the impression that by those definitions an OS is licensed under more restrictive terms than it is.
  
  --
  My Babylon
9. Re:Free as in beer? by ericrost · 2007-06-08 07:41 · Score: 1
  
  Oops, mixed up the GP and the AC.
  
  --
  My Babylon
10. Re:Free as in beer? by Achromatic1978 · 2007-06-08 07:44 · Score: 1
  
  designed to prevent
  
  from your previous:
  free as in freedom to the core
  
  You might want to ask for a dictionary for your birthday. These two statements are mutually exclusive.
11. Re:Free as in beer? by ericrost · 2007-06-08 07:49 · Score: 1
  
  And you might want to ask for a course in logic and manners.
  
  Are the citizens of the United States (or any other free country) free? They have restrictions placed on them as to being able to commit murder, rob, steal, defraud. There are any number of activities a free person can not do because it restricts the freedom of another, equally deserving of freedom, person.
  
  Yet still we call them free people. Hmm.. strange how that's similar to the idea of free software.
  
  --
  My Babylon
12. Re:Free as in beer? by Achromatic1978 · 2007-06-08 08:02 · Score: 1, Insightful
  
  Whilst I could have phrased it more eloquently, you do realize there's an inherent irony in you championing how ultimate the freedom of the GPL is and every post after that explaining away and justifying all the ways in which it restricts freedom? Note though that I'm not claiming that there are good moral grounds for such restrictions, just that they are far from compatible with the statement - especially when one only needs to glance a few foot over to the BSD license to see what unrestricted freedom really is.
13. Re:Free as in beer? by ericrost · 2007-06-08 08:12 · Score: 1
  
  To me its the difference between freedom and anarchy. I don't believe that freedom without some protection from other's simply deciding to take that freedom away is freedom at all. Just because I'm at one end or the other of that stick doesn't change my view on it.
  
  Free as in constitutional representative democracy vs Free as in anarchy then?
  
  --
  My Babylon
14. Re:Free as in beer? by BlackSnake112 · 2007-06-08 08:21 · Score: 1
  
  they most likely crashed parties that had self serf kegs hence free beer (to them anyway)
15. Re:Free as in beer? by chromatic · 2007-06-08 09:11 · Score: 1
  
  Hey, that's not fair. Anti-GPL folks should be able to redefine words such as "use" and "force" and "do" in the same way that they complain that GPL fans redefined the word "free".
  
  --
  how to invest, a novice's guide
16. Re:Free as in beer? by jellomizer · 2007-06-08 10:13 · Score: 1
  
  Exactly. For some reason GPL people have a problem with people making money or making choices. Freedom is the ability to do things that the others may not like.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
17. Re:Free as in beer? by Jackmn · 2007-06-08 12:51 · Score: 1
  
  You might want to ask for a dictionary for your birthday. These two statements are mutually exclusive.
  The only freedom eliminated is your ability to restrict the freedom of those who you distribute your code to. The GPL is *more* free for preventing this.
18. Re:Free as in beer? by TheSeer2 · 2007-06-08 21:19 · Score: 1
  
  Every time someone replies with a comment like yours I get annoyed. Why?
  
  Because almost always the parent says "Different folks have different definitions of freedom." but the GPL-pushers refuse to acknowledge that those that prefer BSD may prefer for their own reasons. I have no doubt that they understand why others would prefer GPL, they just don't because of their own preference of 'freedom'.
  
  "it restricts -->you-- from restricting others" -- That's a restriction isn't it? Perhaps you view it as minor but OTHERS may view is as a significant factor.
19. Re:Free as in beer? by rbanffy · 2007-06-08 23:59 · Score: 1
  
  "Start with a blank codebase if you're going to do something like that."
  
  Actually, he can still use BSD code. Microsoft did (and still does, AFAIK) ;-)
  
  --
  http://www.dieblinkenlights.com
20. Re:Free as in beer? by Ash+Vince · 2007-06-09 04:04 · Score: 1
  
  Nah, they dont always use -1 Troll, they seem to be fond of using -1 OffTopic too.
  
  Despite the fact that a discussion of the GPL licence in relation to a story about IIS being more likely to host malware is pretty offtopic anyway.
  
  --
  I dont read /. to RTFA, I read /. to offend people in ignorance.
Slashdot sucks? by dedazo · 2007-06-08 06:44 · Score: 2, Insightful

Are the people who run Slashdot really this dumb? Or are they simply FUDing for ad impressions? They don't really care what the submission says, who is sending it or who initiated it, as long as it's juicy? What time is it? It's 2:00 PM?
Notice I placed a question mark after each one of my phrases so I cannot be held responsible for them. You know, just asking questions, like Fox News and their "Hillary Clinton turns tricks?" headlines.
Speaking of that, there's a hilarious Jon Stewart skit on YouTube about placing question marks after inflammatory statements that surprisingly enough targets Faux News, mostly. Might want to take a look at that? Thanks?

--
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
1. Re:Slashdot sucks? by PhxBlue · 2007-06-08 07:05 · Score: 1
  
  Are the people who run Slashdot really this dumb? Or are they simply FUDing for ad impressions?
  
  You'll notice the editor who ran the story. 'Nuff said?
  
  --
  !#@%*)anks for hanging up the phone, dear.
2. Re:Slashdot sucks? by suv4x4 · 2007-06-08 08:03 · Score: 1
  
  Notice I placed a question mark after each one of my phrases so I cannot be held responsible for them. You know, just asking questions, like Fox News and their "Hillary Clinton turns tricks?" headlines.
  
  I'm running a macro when I visit slashdot that replaces "?" with "(of course this is total bullshit and we know it)."
Original source link by Anonymous Coward · 2007-06-08 06:45 · Score: 3, Informative

Posted anonymously for your enjoyment:

http://googleonlinesecurity.blogspot.com/2007/06/w eb-server-software-and-malware.html
Missing marketing move - by RichMan · 2007-06-08 06:45 · Score: 1

So how much would operating system vendors have to pay the firewall/viris scanner people to add a feature to the firewalls that clearly identified the operating system and web server of the site that was attempting to download a viris/keylogger.

Envision this pop up with appropriatly named guilty parties.
---
Alert: WebServer: MosaicC64 running on AmigaOS_1.5.6 is attempting to infect your computer !!
Anti-Viris-Firewall: Bad Application (XXPdeleteAllYourStuff) found in web stream from site
all.bad.stuff.com: Blocked.
Probably XP Pro by jafiwam · 2007-06-08 06:48 · Score: 2, Insightful

This is probably XP Pro machines that get infected by means other than the webserver.

Once someone has control, they can pretty easily start the service and stick malicious files in the default root in IIS.

You don't need a remote hole to get numbers like this.
It made be hard to get patches for pirated windows by Anonymous Coward · 2007-06-08 06:50 · Score: 1, Funny

...but it is IMPOSSIBLE to get patches for a pirated copy of Apache.

I doubt anyone on Slashdot can prove they did it even with the most leet of cracking skillz.

It may be reckless to run pirated IIS, but it is simply gross negligence to run pirated Apache.
49/49 by jshriverWVU · 2007-06-08 06:51 · Score: 3, Informative

If you look at the actual article, it shows an even split. 49% IIS 49% Apache 2% other:
Pie Graph
1. Re:49/49 by sqlrob · 2007-06-08 06:58 · Score: 4, Insightful
  
  The instances were evenly split, but since Apache is more common that IIS, you should see more Apache.
2. Re:49/49 by Timesprout · 2007-06-08 07:11 · Score: 1
  
  Yay, someone who actually read the article and noticed that yet another Slashdot story is deliberately misleading. No big surprise there. If anyone cares to look of the 70,000 domains distributing malware 49% were IIS and 49% were Apache. The "twice as likely" is pure spin based on overall market share and presumably designed to hide the fact that Apache is being used to push out just as much malware as IIS.
  
  --
  Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
  What truth?
  There is no dupe
Pirates believe in usability, not deactivation by icepick72 · 2007-06-08 06:57 · Score: 1

From what I've seen users who pirate software (like IIS) are not so interested in patching even if the option is available. It's usually not for running production-level hosting anyway. They're just happy the pirated software works and don't want to "rock the boat" so to speak in case a Microsoft patch would detect and deactivate that software.

However when said user is frustrated because of inability to use a specific feature of the pirated IIS software then they go looking for patches, service packs and such. More often than not they use a newer pirated version on their development/testing workstation/server.
Who would of thought? by notlightnorchroma · 2007-06-08 07:00 · Score: 2, Interesting

I work for a company that identifies hacked sites that house phishing attacks. We have analyzed tens of thousands of sites. It was a surprise to me, but over 90% of hacked sites out there are running Linux/Apache -- not Windows/IIS as most people would suspect. The problem is that there are too many people out there install the free version of open source software, but don't have the ability to apply the patches. Since known vulnerabilities are well documented and kits exists to scan these weaknesses, Linux/Apache gets hacked.
1. Re:Who would of thought? by Ash-Fox · 2007-06-08 07:36 · Score: 1
  
  I work for a company that identifies hacked sites that house phishing attacks. We have analyzed tens of thousands of sites. It was a surprise to me, but over 90% of hacked sites out there are running Linux/Apache -- not Windows/IIS as most people would suspect.
  Yes, but the exploit was likely not the Linux/Apache combo, but something else like say... Insecure PHP scripts.
  
  --
  Change is certain; progress is not obligatory.
2. Re:Who would of thought? by RedElf · 2007-06-08 07:53 · Score: 1
  
  We have analyzed tens of thousands of sites. It was a surprise to me, but over 90% of hacked sites out there are running Linux/Apache -- not Windows/IIS as most people would suspect. This falls right in line with the evidence in numerous log files over the past couple years of exploited machines attacking my firewalls.
  
  --
  You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
3. Re:Who would of thought? by notlightnorchroma · 2007-06-08 08:23 · Score: 1
  
  Yes, but the exploit was likely not the Linux/Apache combo, but something else like say... Insecure PHP scripts.
  Not only do we identify hacked sites, but we have an incident response team that works with hosting companies, ISPs, domain registrars, and peering points to prevent consumers from reaching these sites. Often the owner of the computer will provide us forensics for further investigation. You'd be surprised how many of the exploits are not insecure PHP scripts, but simple root kit attacks. Unfortunately, this site has too many Microsoft haters to discuss web security without bias. I just thought I would provide real evidence that might allow them to make informed statements.
4. Re:Who would of thought? by WilliamSChips · 2007-06-08 08:36 · Score: 1
  
  I'm pretty convinced you don't know what you're talking about now, because a rootkit cannot exploit a system on its own, by the very definition of a rootkit. A rootkit usually requires an existing root account, and attaches a 'hook' into the system to allow the cracker to regain root access. Rootkits perpetuate attacks, they don't start them. Considering you don't know what a rootkit is, I'm calling into question the honesty of the rest of your evidence.
  
  --
  Please, for the good of Humanity, vote Obama.
5. Re:Who would of thought? by Ash-Fox · 2007-06-08 08:56 · Score: 1
  
  You'd be surprised how many of the exploits are not insecure PHP scripts, but simple root kit attacks.
  Uhuh...
  I just thought I would provide real evidence that might allow them to make informed statements.
  I would like to see properly documented information on this 'real evidence' from reliable sources to backup your "simple root kit attacks" information. Thanks.
  
  --
  Change is certain; progress is not obligatory.
6. Re:Who would of thought? by WilliamSChips · 2007-06-09 07:33 · Score: 1
  
  In that case, it's more than just a rootkit and the rootkit is part of the general exploit.
  
  --
  Please, for the good of Humanity, vote Obama.
Fair Use by huckamania · 2007-06-08 07:05 · Score: 1

You don't have to visit their sites and if you do, they are perfectly within their rights to distribute anything they wish, so long as they keep the copyright intact and provide updates. Unless they are using a BSD license.
Version of IIS? by leather_helmet · 2007-06-08 07:17 · Score: 2, Interesting

Agreed with the other posts that IIS 5.x was rather shitty and was a lot more vulnerable than Apache, etc.
With the release of IIS 6, security was significantly improved & according to various stats out there, IIS 6 is actually stronger than Apache in a lot of areas. We are running IIS & have had several intrusion attempts but our systems have been pretty solid; Humble admission, we did get hacked once but it was our negligence more than anything else.
Having admin'ed both Apache and IIS servers, IIS has treated us well, with a properly configured firewall and auto-patching servers, IIS is rock solid
1. Re:Version of IIS? by Stormcrow309 · 2007-06-08 07:58 · Score: 1
  
  I would agree with you. Our only intrusion breach was a zero-day apache.
  
  --
  In God we trust, all others require data.
Admin or the machine, who is the weak link? by cyfer2000 · 2007-06-08 07:20 · Score: 1

I think the research really mean is the administrators behind those softwares are the weak links, not the software. Those bad administrators use pirated windows servers and refuse to update are the most dangerous and damaging guys around.

--
There is a spark in every single flame bait point.
Pirated? by KarmaMB84 · 2007-06-08 07:22 · Score: 1

So a bunch of thugs pirate Windows and start serving malware via IIS? So how do we know the discs they installed with weren't pre-infected with malware or that they didn't INTENTIONALLY put up servers for the purpose of serving malware? This story is coming from a competitor of Microsoft who has every reason to bash their products. It is probably a total crock anyway.
This is slashdot isn't it? by angelasmark · 2007-06-08 07:33 · Score: 2, Insightful

What with the lack of MS hate? Is google on the shitlist now too or something? I haven't seen so many comments bashing an article that pokes at MS ever...
1. Re:This is slashdot isn't it? by SEMW · 2007-06-08 09:43 · Score: 1
  
  Sadly not.
  
  --
  What's purple and commutes? An Abelian grape.
2. Re:This is slashdot isn't it? by WilliamSChips · 2007-06-09 07:35 · Score: 1
  
  You're thinking about the old Slashdot. This is the new Slashdot. The New Slashdot loves Microsoft, loves Bush, loves everything bad in this world. It's like Ronald Reagan's election--it was at that point that the world had surely gone insane. And the worst part is: the new Slashdot can't be stopped.
  
  --
  Please, for the good of Humanity, vote Obama.
So you blame the user again. by twitter · 2007-06-08 08:03 · Score: 2, Insightful

It's amazing how M$ security problems are always the user's fault when you ask a M$ person. Case in point, you blame the problem on ignorant, lazy and stupid users:

... it comes down to poor configuration (running unneeded services, poor network security, poor hardening standards), lazy maintenance (not checking logs, updating software), and a lack of understanding threats ... Find an experienced competent admin who has cut his teeth in the real world and not in a MCSE bootcamp and you should be ok.

I'm going to leave alone how you just called most M$ customers idiots. Why would consider someone lazy because they are forced to do all the work it takes to keep up a Windoze box?

What you don't mention is that most distributions have reasonable defaults for Apache because they can. In the free software world people are free to share ALL of their improvements and that includes configurations and updates. Of course, there's no such thing as a "pirated" GNU/Linux, which eliminates the problem Google identified.

As with desktop users, the only consistent trait and problem people with problems have is choosing the wrong OS. Software design, configuration, documentation and ease of upkeep are all inferior in the Windoze world - the user is screwed at every point. It's not their fault.

--
Friends don't help friends install M$ junk.
1. Re:So you blame the user again. by N3WBI3 · 2007-06-08 08:20 · Score: 1
  
  It's amazing how M$ security problems are always the user's fault when you ask a M$ person. Case in point, you blame the problem on ignorant, lazy and stupid users:
  Firstly I am not an MS person I am a Unix admin but in a previous job I did both (and hated every minute I had to support windows). Secondly I am not blaming users I am blaming *ADMINS* how need to be held to a much higher standard.
  I'm going to leave alone how you just called most M$ customers idiots. Why would consider someone lazy because they are forced to do all the work it takes to keep up a Windoze box?
  Thank you for leaving out something I did not say. I am talking about admins not users. $MY_EMPLOYER has 6000 users and about 100 admins for their various systems (Intel, Unix, DB, Desktop, Network, Sec, ....). Most people who can add a tool in the MS world consider themselves to be an admin (this is not a problem with the software per se') this is not culturally as true in the Unix sphere.
  What you don't mention is that most distributions have reasonable defaults for Apache because they can. In the free software world people are free to share ALL of their improvements and that includes configurations and updates. Of course, there's no such thing as a "pirated" GNU/Linux, which eliminates the problem Google identified.
  Hmm lets see... "Sure there are technical reasons why LAMP tends to be more secure than IIS" nope don't think I left that out I just did not dive into it because by in large its not the biggest problem. A properly hardened IIS7 server is not the swiss cheese many think of , its not all that bad.
  As with desktop users, the only consistent trait and problem people with problems have is choosing the wrong OS. Software design, configuration, documentation and ease of upkeep are all inferior in the Windoze world - the user is screwed at every point. It's not their fault.
  There is plenty of documentation out there for windows, and it can when used right be an acceptable tool and will likely not be hosting malware. Being careful is 99% of an admins job and thats true if you're on Windows, UNIX, OpenVMS, or anything else under the sun.
  
  --
2. Re:So you blame the user again. by dedazo · 2007-06-08 08:38 · Score: 1
  
  So let me see if I get this right. If I have a "Windoze" server I fail to patch and it gets p0wn'd then "M$" is to blame, correct? But if I'm running Linux and I have an OpenSSH exploit that I fail to patch, then... who is at fault? Me? Yours? The easter bunny?
  I'm going to leave alone how you just called most M$ customers idiots.
  
  Maybe that's because he didn't. Oh, wait. I see what you did there. That's very clever!!
  Why would consider someone lazy because they are forced to do all the work it takes to keep up a Windoze box?
  
  What is all this "work" you refer to? Simple post-imaging or out-of-the-box configuration? With mostly GUI tools or automated WMI scripts to disable services and change DCOM configuration settings and whatnot? A process that can be easily encapsulated in simple sets of scripts and executed again and again against new boxes? And heck, it's not like Server 2003 doesn't ship in lock down state as it is. Updates? Wow, super hard to schedule download, install and automatic reboot, if needed.
  What you don't mention is that most distributions have reasonable defaults for Apache because they can.
  
  Again, how is this different from Server 2003?
  In the free software world people are free to share
  
  Yeah, I've never seen a web site that provides free tested WMI scripts for servers. Never.
  As with desktop users, the only consistent trait and problem people with problems have is choosing the wrong OS
  
  Until now just about every instance of Linux or BSD out there that hasn't been rooted is run and maintained by people whose knowledge of computing is eons away from the average "Windoze" user. That's a simple fact. When your painful "M$ sux" evangelizing finally conquers the world and you inherit 400 million completely clueless people, we'll have a chat.
  
  --
  Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
3. Re:So you blame the user again. by WilliamSChips · 2007-06-08 08:42 · Score: 1
  
  So let me see if I get this right. If I have a "Windoze" server I fail to patch and it gets p0wn'd then "M$" is to blame, correct? Well, considering that Microsoft has been denying many users the right to patch, yes.
  But if I'm running Linux and I have an OpenSSH exploit that I fail to patch, then... who is at fault? Me? Yours? The easter bunny? Well, your distribution should make it easy to update, and most fasttrack security updates, so either you or your distributor.
  
  --
  Please, for the good of Humanity, vote Obama.
4. Re:So you blame the user again. by dedazo · 2007-06-08 08:49 · Score: 1
  
  Well, considering that Microsoft has been denying many users the right to patch, yes.
  
  The "study" simply theorizes that pirated versions of Windows are to blame but offers no proof of that whatsoever. In any event, you can still patch pirated versions of Windows XP, AFAIK. Though I fail to see why Microsoft should be forced to provide updates to people who pirate their software.
  Well, your distribution should make it easy to update, and most fasttrack security updates, so either you or your distributor.
  
  As opposed to Windows Update, for example?
  
  --
  Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
5. Re:So you blame the user again. by WilliamSChips · 2007-06-09 07:23 · Score: 1
  
  The "study" simply theorizes that pirated versions of Windows are to blame but offers no proof of that whatsoever. In any event, you can still patch pirated versions of Windows XP, AFAIK. Though I fail to see why Microsoft should be forced to provide updates to people who pirate their software. Well, because spreading viruses is a security risk to nonpirated versions of Windows too? Also: Windows Genuine Advantage makes it much harder to get updates if you're pirated.
  As opposed to Windows Update, for example? It takes the average FOSS program less than a day--at the very longest, a week--to patch its critical programs, because of the many eyes thing. Microsoft takes up to a month, because of things like Patch Tuesday.
  
  --
  Please, for the good of Humanity, vote Obama.
Shouldn't be a surprise but for other reasons by JohnnyComeLately · 2007-06-08 08:20 · Score: 2, Interesting

The fact they're IIS and pirated seems to be moot, the point is many people just don't feel like "proving" to M$ that their version isn't pirated and give up trying to do security updates. I have one computer, out of about 9 or 10 I own at home, that has XP loaded on it. When I put it online and try to patch it, it does it's "Authenticity Check" and fails saying it was not a valid install. I know I bought a copy of XP specifically for this computer since it was for a businesses' use (and hence, tax deductible as an expense). Since it's never going to be on-line I said, "Screw it" and didn't bother with trying to update it. I'm sure many home owners are in the same boat...except they keep it online.

Maybe they'll come around like they did on Win2K. They said they stopped supporting updates and I noticed no nags on my laptop for a really long time...lately I've noticed M$ is pushing security updates to it again. This is a computer I almost pulled from the "on line" array when it got infected twice by MySpace and YouTube....but I got it cleaned up through a few programs and a couple hours...
Re:It made be hard to get patches for pirated wind by WilliamSChips · 2007-06-08 08:31 · Score: 1

That's funny, because I got patches for every single pirated Apache server I own!

--
Please, for the good of Humanity, vote Obama.
Why is this surprising by SQLz · 2007-06-08 09:37 · Score: 1

I mean, windows users are 99% more likely to be hosting malware.
Ummm, no. Basic conditional probability, people. by SEMW · 2007-06-08 09:38 · Score: 1

Yay, someone who actually read the article and noticed that yet another Slashdot story is deliberately misleading. No big surprise there. If anyone cares to look of the 70,000 domains distributing malware 49% were IIS and 49% were Apache. The "twice as likely" is pure spin based on overall market share and presumably designed to hide the fact that Apache is being used to push out just as much malware as IIS. It's not deliberately misleading unless you have a rather strange misunderstanding about statistics. Of course market share matters.

Basic Conditional probability:

Probability of {Malware given that running IIS} = P{Malware and running IIS} / P{Running IIS}.

So the Slashdot summary was correct: P{Malware given that you're running IIS} is twice as big as P{Malware given that you're running Apache}.

--
What's purple and commutes? An Abelian grape.
Don't need to prove legit to get security updates by SEMW · 2007-06-08 09:41 · Score: 1

The fact they're IIS and pirated seems to be moot, the point is many people just don't feel like "proving" to M$ that their version isn't pirated and give up trying to do security updates You don't need to prove anything. You can still get security updates if you fail a WGA check. The only thing failing a check stops you from getting are things like WMP.

--
What's purple and commutes? An Abelian grape.
Libel and Slander.... by darkonc · 2007-06-08 10:24 · Score: 1

The real reason why is that Malware purveyors know good software when they see it and, thus, they prefer to use Microsoft software.
That's my story, and I'm sticking to it!

--
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Re:Don't need to prove legit to get security updat by JohnnyComeLately · 2007-06-08 10:48 · Score: 1

Really? I guess I'll have to reconnect it and try again. To be honest, WMP is the ONE thing I don't want updated.
"Pirated" Windows versions without "patches"? by Rudisaurus · 2007-06-08 10:54 · Score: 1

They can't possibly be genuine pirated versions, then!

Arrrrrrrr(gh)!

--
licet differant, aequabitur
Re:dictatorships by frup · 2007-06-08 14:34 · Score: 1

I think it would be fair to note that the BSD maintains a Quasi Government through out the dictatorship, still giving freedom to the Freedom Fighters outside the reach of the dictatorship. Every now and then another leader would come along and use the Freedom Fighters' ideas to launch an attack against the current dictatorship and cause another election between the two dictators. Freedom Fighter spies would also gain access to the dictatorship's secrets every now and then and implement policy against them. Finally the Freedom Fighters would be forever immortalized in the history of every dictatorship, no matter what the dictator wanted to do, because he would face a revolution if he chose to take down their names from The Great Temple of the About Tablet That Few Even Visit. And the saying BSD programmers code for free GPL programmers make free code. holds true. Viva la GPL.
well he says the sites are in China by setrops · 2007-06-08 15:03 · Score: 1

>The majority of that malware appears to originate from China and South Korea, according to Google.

I don;t know about you guys but this looks more like the sysadmin is installing the malware on purpous rather than being infected by malware.
Re:dictatorships by rbanffy · 2007-06-09 00:02 · Score: 1

"bad analogy time, with no cars involved!"

Actually, it was a good one.

Well... At least if was not incorrect. And... It was amusing.

What else can you ask for?

--
http://www.dieblinkenlights.com
Security through obscurity by Overly+Critical+Guy · 2007-06-09 08:46 · Score: 1

Bigger question, does this article mean the "security through obscurity" argument people throw at systems like OS X is bullshit? Apache servers outnumber IIS, yet IIS gets twice as owned.

--
"Sufferin' succotash."
1. Re:Security through obscurity by mingot · 2007-06-11 08:25 · Score: 1
  
  Hate to reply so late, but you do understand that just because IIS is hosting malware does NOT mean that IIS got owned. It means that WINDOWS got owned. BIG difference. If the majority of windows machines that got owned were running apache then it would just be apache serving malware. This study speaks more to how well people keep their operating systems patched than it does to the quality/security of apache/iis. But that's not how it is presented.