Dumb is an unsupported operating systems known to have a ton of bugs.
I run Windows 95 OSR2 on three machines at home, for example. No "bugs" that I'm aware of given the software mix I use. Most businesses running older boxes and older Windows variants are likely using a smaller mix of software than I am as a hobbyist, so chances are they haven't encountered any serious problems either (which is why they are still willing to run that software). Dumb is replacing an older OS which is already paid for and which does what is required without intervention.
Doing what is required is not mutually exclusive of not doing things that you DON'T want it to do. The day your machine becomes a zombie and is packed with trojans and viruses, it may still do what is required but it is also doing other things that you don't want.
Dumb is assuming that just because it does what is required that is also isn't doing something you don't want it to do.
Dumb is having an OS that no one is writing anti-virus updates for
You are incorrect. F-Prot's DOS signature files are compatible with the old F-Prot scanner engine for Win9x, so that one is still being updated. I'm not aware if AVG or other common Windows scanners run on Win9x since I'm covered by the above. Dumb is making erroneous assumptions about the support available for older platforms.
Just because a product exists, doesn't mean it's up to date support. This product hasn't been up to date with current viruses for a LONG time. As I said, no one is writing virus UPDATES not virus software.
Dumb is assuming that just because you have a product, it is always going to be up to date.
Dumb is hooking that OS up to the net to transfer data such as daily sales
...unless you're an intelligent user or business and are using a dedicated firewall between your LAN and your older Windows boxes with a good port blocking/stealthing configuration, in which case the network connection is still relatively secure. Dumb is not using a firewall regardless of platform!
Good point and this time you are right and I agree 100%. But holes occur and all that is needed is for one machine to become comprimised for all the machines to be comprimised. Not in every case but let's face it... end users are morons.
Dumb is assuming the end user knows what he's doing.
Dumb is having this operating system installed on hundreds of networks
That would depend on the financials involved, and also on the nature of the network connections. See my above comments about firewall usage. Dumb is making sweeping assumptions about the business needs of all businesses.
See above responses to your above comments.
Dumb is assuming that 5-8% statistics mean nothing.
Dumb is running an OS that no one else can update or patch because it is proprietary and no longer supported.
The first Microsoft OS that I ever patched/updated was Windows NT 4. I never updated Windows 95 OSR2 because it was never an issue, and were I running Windows 98 that would probably also be the case. The dependency on vendor support is VASTLY overstated. Dumb is the act of blindly applying patches just because they've been released by the vendor.
On proprietary systems where no one else is allowed to look at the code, modify the code, patch or update? I tend to think the proprietary vendors support is a very highly regarded commodity. And you know what else? Businesses and IT departments do as well. This has nothing to do with blindly applying patches... it has to do with patches being available when no one else can patch.
With every effect turned out and it runs well? Now I know youre full of shit. Even Microsoft says that Aero needs 1 GB of RAM to run WELL. Nice try at fud though. Next time at least check the reviews and read the stats before trying to pull FUD out of your ass. Maybe then it might be believable... especially if you can match what Microsoft states about their own product.
If they know the new systems better than current staff, I'd say 'replace'. If current staff can get up to speed on new systems (less likely), they are merely temps then. Current staff is merely the skeleton support crew once the implementation is finished. All they have to do is maintain... not develop or implement.
Dumb is an unsupported operating systems known to have a ton of bugs. Dumb is having an OS that no one is writing anti-virus updates for Dumb is hooking that OS up to the net to transfer data such as daily sales Dumb is having this operating system installed on hundreds of networks Dumb is running an OS that no one else can update or patch because it is proprietary and no longer supported.
You see where this is headed. The may not have had an issue before when they still got patches. Now imagine when a machine needs to be reinstalled and they can't get all those updates. Imagine what happens when a virus comes out that they can do nothing about. Imagine when an exploit is found that isn't ever going to get patched.
The clock is now ticking for most of these companies.
Precisely but again this is to assume that people will sell support for a product on an older system. Good luck finding one outside of open source. Most companies wil NOT sign a contract if they cannot get support on an older system. And considering now that most virus and firewall vendors will also drop support for 98, this means 'you are on your own'.
Again, the issue still remains that there will mostly definitely be the added cost of the new POS, the new SOFTWARE and the new HARDWARE. Compare those costs over hundreds of POS systems in comparison to the cost of one developer to add additional functionality.
They may. If the upgrade requires a new OS and hence new hardware, this is when the situation becomes more difficult. Most older POS systems either have upgraded to newer OS's or have gone out of business. Assuming that the company is still in business, the only OS's that are sold that they could upgrade to are XP. This will require new monitors, hardware, etc.
The bottom dollar then becomes... new employees to install all new systems + new POS system + new OS + new hardware
This in comparison to new employees to install all new systems + open source
If the company is smart and wants to save money (two not being mutually inclusive), they most likely will go with open source.
Either way they have to higher new staff. Current staffing will not be able to revisit all these store with new hardware AND new software and configure everything all over again and get it working.
They have to higher new staff to get these machines up and running on new os's in the stores no matter what. It's part of the cost and part of the equation no matter what they do. But by7 going with open source POS and OS, they will save millions. Plus if their current staff cannot adapt, they can easily be replaced by the new hires that just installed all those systems.
I interviewed at a company called Centeris that makes a product so that Windows admins can easily integrate with Linux systems via a GUI interface. They found that Linux sys admins usually can easily integrate Windows and Linux because they are used to it but Windows sys admins become bogged down because of the unfamiliarities.
So still, the hires they have to make to install all these new systems could still do the same job of the current admins in a mixed environment.
On the day of the 11th, the day support for all Win 98 systems, I stopped by a Fedex and realized their POS systems (pun intended), were are win98. I let the guy know that Microsoft stops support for them and he said 'good luck getting corporate to upgrade'. At that point I realized that this was a POS system that was sold to them by another compny and that it is most likely that TONS of POS systems still ran 98.
I suspect that alot of companies at this point may actually decide to replace these systems with Linux based POS to save money and as a result of that, they will see the benefit of using Linux elsewhere as well. The big issue will be that these companies will have to upgrade all their terminals and hardware as well as all their software and potentially, if they just switched to Linux and a Open Source POS system, they could save MILLIONS.
Feel free to insert opinions here. I'm interested how others think corporate America will respond.
My moms ISP told her that she had to buy a new computer or else she wasn't going to be able to use their service after the 11th. I called them up and screamed at them and the finally admitted that she could still USE their service but they wouldn't be able to give her tech support for Windows.
So I'm buying her a new computer and installing Ubuntu on it. I already have her converted to Firefox (which she loves) and Open Office (which she didn't even realize WASN'T Microsoft Office).
Actually this is arguable. The 'shadow' api's do exist and are undocumented (as mentioned at various places on the web) or are documented so vaguely so as to be unusable. Just search Google for hidden apis.
but let's face it -- there is NOTHING that Microsoft can do with their apps that a third party can't
Ever heard of Shadow API's?? Microsoft got in trouble for this because they told companies how to work with their products through one API and in secret had their OWN products using different API's. The outcome? Their products ran faster.
Since getting caught, they SUPPOSEDLY have stopped but that remains to be seen.
Actually this proibably wont work since so many governments (both city, state and country) have adopted open source, open standards or software that depends on those two in order to save many and interoperate. Europe is big on open source and have been major proponents.
If Microsoft were to offer Windows free to governments and schools, they would be losing more than the daily fine and it would most likely still be rejected.
No, Europe wants interoperability above all else and it's more than likely going to get it.
The question is to what extent; I doubt Microsoft will gladly allow competing products to interoperate freely. But if they don't, they will more than likely get nailed even worse since Europe has now shown that they don't fuck around... and they don't put up with monopolists.
Do not put words in my mouth. I never said that IIS6 had no vulnerabilities. I said it had no critical vulnerabilities
And when I pointed them out, you casually dismissed them. Even though they WERE vulnerabilities, some of which were critical and ALL of which had an effect on IIS.
But that didn't count cause I stepped over the line and it was a Tuesday and you had your fingers crossed... right?
You are confusing me now. You say that I live in a 'fantasy world'.
Someone get this man a cup of coffee! I think he's regaining conciousness.
My main point has been that IIS6 has never had any serious vulnerabilities since it was released. Is secunia living in a fantasy world too?
And from that webpage...
The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Microsoft Internet Information Services (IIS) 6.
Recognize the word 'unpatched'? Notice that it does not say 'has zero exploits'. It says zero UNPATCHED. Now you are a semi-intelligent ape being with relatively few scabs on your knuckles. What do you suppose they are trying to say? Hmmm... I wonder.
Why not trying out others security experts websites? I'll bet you'll find that IIS is affected by other exploits as well. Gee, didn't I say this to begin with? And didn't you say they had ZERO?? And didn't you also say none that were critical???
I love the fact that you are doing my work for me by showing how wrong you are but dude... have some pride. At least do the Microsoft thing and deny deny deny even in the face of overwhelming evidence.
I'd hate for you to have integrity this late in the game.
The only thing I've seen overwhelming evidence of, is that you don't have very good reading comprehension, you view open source software as a panacea, and you are a card carrying member of the ihatemicro$oft club.
...and because you can pigeonhole and troll, it must mean that facts don't matter. I may have flaws with my reading comprehension but IO at least make up for it with my understanding of logic and the ability to detect dubios logic. Sadly, the fantasy world in which you live would crumble to the house of cards it is should you accept what business and governments around the world have already come to understand.
They say that ignorance is bliss. You sir must be one blissed out individual.:)
I'm just happen to not a zealot* like some other people...
In the face of overwhelming evidence, denial is still the default state. One must admire you ability to equate fact with zealotry. I salute you sir and the fantasy world in which you live.
You still neglect to talk about reliability. Apache uptimes are CONSISTENTLY 2-4 times greater than IIS. This is still true for 6. This is a dual problem of the OS and IIS... and since IIS is tied into the OS (yes there are DLL's loaded at runtime even if you are NOT running IIS), issues with the OS are often issues for IIS.
And sure, I think that there is a market for all web servers. I know of one still being sold using 'server side javascript' (no joke). But when you get something for free, that has better uptime, better security (you can sandbox Apache better), better virtual hosting, better online support and loads and loads of documentation plus the fact that you have the ability to modify it and extend it at will, why buy something that performs worse?
That is the question.
As to my reading level, if you didn't mean to imply something, learn how to write above a 3rd grade level.
1. you say #1 is a fake when it was patched before a exploit was published? If you say so. After all you know the inner workings of Microsofts patches better than security experts.
2. In link #2, They specifically explain where those explots affects IIS6. Feel free to read and follow links. You can read can't you? I'm beginning to doubt it.
3. Link #3 again specifically states IIS6. Again, you ability to read is lacking.
4. Bringing up IIS5 is important because people base opinions of current products on past experiences with older products. You unfortunately can never say this about Apache cause consumers have always been happy. Changes are made monthly, patches fixed in 24 hours, ZERO major vulnerabilities.
And if you don't want to believe me, they you probably don't want to believe the multimillion dollar companies that use this every day, the millions of Microsoft customers that switched from 2000 to current (check Netcraft stats) or the list of Windows vulnerabilities to this day (yes you still can't run IIS on any other server).
Yes, everyone must be so wrong and those stats must be inflated and you must be right and those vulnerabilities are all wrong and security experts are all wrong and everything is fine and dandy with Microsoft. Do you feel better now?
Faster? Perhaps, but by who's measure? I've never seen a useful (yes, Microsoft's don't count as useful) Apache/IIS performance comparison.
Meausre yourself. Apache doesn't have the same overhead. Use the exact same computer and install IIS on Windows. Do the same with Apache on Linux. Optimize them both as much as you want; for Linux, run without Xwindows and shut down all other unecessary services. Now see which handles 1000 concurrent requests better. You will find that the Apache webserver can run using 25-50% fewer resources. Windows cannot as it requires the GUI to be able to run, has several other services running that it can't shut down and cannot vitualize well nor fill as many requests as fast.
Try it if you don't believe it.
More secure? Why do you think that? IIS6 has never had a critical vulnerability discovered for it. In the same time frame you can't say that for Apache 1.x and 2.x.
Oh really? Must we forget that IIS before that had vulnerabilities every MONTH that were so bad that it allowed several different viruses and exploits destroy any market gains they had made over 5 years??
Lets also not forget that it is IMPOSSIBLKE to run IIS without Windows and thus several vulnerabilities to underlying systems and DLL's caused IIS6 to be vulnerable as well. Look through the long long list of Windows vulnerabilities and you will find several that claim they affect IIS as well. Others you won't see even though hacks, viruses and exploits directly affect DLL's that it needs to run. Does Microsoft count that as a hack? Nope. It's to an underlying system that they consider Windows and NOT IIS (even though IIS would crash in a heartbeat).
And finally, let us not forget the long list of security experts that mention these exploits and only get them fixed AFTER a published exploit is released or after the security expert threatens to release the information to the public.
Reliability and Usability are not the same thing--and neither is market share.
So immediately you say reliability and market share don't matter? Well maybe if I didn't own a business or wasn't a government agency and reliability of my data from a known market leader didn't matter, then yes... those two wouldn't really matter. If all I worried about was sharing pictures of my family with others members of my family then yes. You are 100% correct. If having a website that only got hit by 5 friends, then yes. reliability isn't that big of a deal.
Apache has the size of the market it does because, more than other resons, the cost of an Apache box is hardware + setup, not hardware + setup + software fees
Cost is the only REASON? Well yes, when you take reliability out of the equation, that is true. If you don't consider how reliable Apache is, then price would be the OTHER reason why it has such a high market share.
But now lets say I'm insane. Lets assume that as a company or government agency, I LIKE having my web server crash and get hacked regularly. And lets also assume I want to pay for the privilege of having my machine die under the load of a couple hundred hits and have viruses plague it on a regular basis. Who would I choose then?
...because there are things that IIS does, and people want their server to do, that Apache (or any other OSS app) doesn't do, there's a rather profitable market for IIS webhosting.
So there you have it folks. Apparently, people DOI like having their websites hacked and crashing. Apparently the rest oif the market has been wrong this whole time.
Thank you kind sir, Thank you for showing us the truth. I myself know that I look forward to my site crashing regularly now that you have made me so aware of what fun it is.
How could I have been so so very wrong for so long? DAMN YOU RELIABILITY AND LOW COST!!! Do you not realize that as consumers, we like to pay high prices for crap??
Your metaphor is mixed. If you choose to compare the web to delivery of packages, then Firefox and IE are method for accepting that delivery; little more than mail slots in that since.
When a company wants to deliver that 'packet' (excuse the pun), the want a delivery method that is reliable, sturdy, inexpensive and a carrier that can handle the load of packages that they send on a daily basis. This decision is made by the business owner sending those packets... not the end user.
To the end user, this is all transparent.
But business is about reliable delivery, and if you can't deliver reliably, businesses will find someone who will. Because unreliable delivery means lost business.
Knowing that and knowing Apaches market share, who would you say is more reliable?
Not even 30% and the gains made ever so recently were due to deals made with hosting companies doing domain parking... not ACTIVE sites. I'd be willing to bet that basic sites still get more hits than a parked domain anyday.:)
Any web server can handle a parked domain that gets no traffic.
Besides lets not forget the last time Microsoft made a big push with IIS; tons of people switched then too and they actually had 35% of the market. Thats when people realized that their servers couldn't handle the load and crashed all the time and switched. In under 5 years, they lost all the gains they made.
Why do you think they are making bargains with domain hosters of parked domains? They can't handle the load.
You can spin it anyway you want but the fact still remains that Apache is far better, far faster and far more secure than Microsoft has ever been... which is why they have always had the market.
Not to be a negative Nancy but since Apache is 70% of the market (not including domain parking), it's not really a profitable area for people to do managed hosting for such a small market. It's funny because I get this same run around from people when I tell them I run Linux... but in this case, the reverse is true; LAMP (linux, apache, mysql and php) are the standard that the web revolves around and having gone with ASP and IIS sort of leaves you in a bind.
Honestly, I can also say that it is not going to get any better. More and more hosting companies are lowering their IIS support do to the costs it incurs and mainly because a LAMP architecture can host more domains with fewer resources, lower costs and lower amount of day to day maintenance.
Maybe PHP isn't your best bet and maybe you'd like to even try Apache Tomcat instead of Apache but honestly, it is in your companies best interest to move their architecture over to something more commonly used in order for them to lower their costs in the long run and take advantage of a larger and cheaper employee pool.
Slashdot Mirror
Doing what is required is not mutually exclusive of not doing things that you DON'T want it to do. The day your machine becomes a zombie and is packed with trojans and viruses, it may still do what is required but it is also doing other things that you don't want.
Dumb is assuming that just because it does what is required that is also isn't doing something you don't want it to do.
Just because a product exists, doesn't mean it's up to date support. This product hasn't been up to date with current viruses for a LONG time. As I said, no one is writing virus UPDATES not virus software.
Dumb is assuming that just because you have a product, it is always going to be up to date.
Good point and this time you are right and I agree 100%. But holes occur and all that is needed is for one machine to become comprimised for all the machines to be comprimised. Not in every case but let's face it... end users are morons.
Dumb is assuming the end user knows what he's doing.
See above responses to your above comments.
Dumb is assuming that 5-8% statistics mean nothing.
On proprietary systems where no one else is allowed to look at the code, modify the code, patch or update? I tend to think the proprietary vendors support is a very highly regarded commodity. And you know what else? Businesses and IT departments do as well. This has nothing to do with blindly applying patches... it has to do with patches being available when no one else can patch.
Dumb is thinking that
With every effect turned out and it runs well? Now I know youre full of shit. Even Microsoft says that Aero needs 1 GB of RAM to run WELL. Nice try at fud though. Next time at least check the reviews and read the stats before trying to pull FUD out of your ass. Maybe then it might be believable... especially if you can match what Microsoft states about their own product.
If they know the new systems better than current staff, I'd say 'replace'. If current staff can get up to speed on new systems (less likely), they are merely temps then. Current staff is merely the skeleton support crew once the implementation is finished. All they have to do is maintain... not develop or implement.
For what? Linux on the desktop?
Dumb is an unsupported operating systems known to have a ton of bugs.
Dumb is having an OS that no one is writing anti-virus updates for
Dumb is hooking that OS up to the net to transfer data such as daily sales
Dumb is having this operating system installed on hundreds of networks
Dumb is running an OS that no one else can update or patch because it is proprietary and no longer supported.
You see where this is headed. The may not have had an issue before when they still got patches. Now imagine when a machine needs to be reinstalled and they can't get all those updates. Imagine what happens when a virus comes out that they can do nothing about. Imagine when an exploit is found that isn't ever going to get patched.
The clock is now ticking for most of these companies.
Precisely but again this is to assume that people will sell support for a product on an older system. Good luck finding one outside of open source. Most companies wil NOT sign a contract if they cannot get support on an older system. And considering now that most virus and firewall vendors will also drop support for 98, this means 'you are on your own'.
Again, the issue still remains that there will mostly definitely be the added cost of the new POS, the new SOFTWARE and the new HARDWARE. Compare those costs over hundreds of POS systems in comparison to the cost of one developer to add additional functionality.
Again, still saving millions.
They may. If the upgrade requires a new OS and hence new hardware, this is when the situation becomes more difficult. Most older POS systems either have upgraded to newer OS's or have gone out of business. Assuming that the company is still in business, the only OS's that are sold that they could upgrade to are XP. This will require new monitors, hardware, etc.
The bottom dollar then becomes...
new employees to install all new systems + new POS system + new OS + new hardware
This in comparison to
new employees to install all new systems + open source
If the company is smart and wants to save money (two not being mutually inclusive), they most likely will go with open source.
Either way they have to higher new staff. Current staffing will not be able to revisit all these store with new hardware AND new software and configure everything all over again and get it working.
They have to higher new staff to get these machines up and running on new os's in the stores no matter what. It's part of the cost and part of the equation no matter what they do. But by7 going with open source POS and OS, they will save millions. Plus if their current staff cannot adapt, they can easily be replaced by the new hires that just installed all those systems.
I interviewed at a company called Centeris that makes a product so that Windows admins can easily integrate with Linux systems via a GUI interface. They found that Linux sys admins usually can easily integrate Windows and Linux because they are used to it but Windows sys admins become bogged down because of the unfamiliarities.
So still, the hires they have to make to install all these new systems could still do the same job of the current admins in a mixed environment.
On the day of the 11th, the day support for all Win 98 systems, I stopped by a Fedex and realized their POS systems (pun intended), were are win98. I let the guy know that Microsoft stops support for them and he said 'good luck getting corporate to upgrade'. At that point I realized that this was a POS system that was sold to them by another compny and that it is most likely that TONS of POS systems still ran 98.
I suspect that alot of companies at this point may actually decide to replace these systems with Linux based POS to save money and as a result of that, they will see the benefit of using Linux elsewhere as well. The big issue will be that these companies will have to upgrade all their terminals and hardware as well as all their software and potentially, if they just switched to Linux and a Open Source POS system, they could save MILLIONS.
Feel free to insert opinions here. I'm interested how others think corporate America will respond.
My moms ISP told her that she had to buy a new computer or else she wasn't going to be able to use their service after the 11th. I called them up and screamed at them and the finally admitted that she could still USE their service but they wouldn't be able to give her tech support for Windows.
So I'm buying her a new computer and installing Ubuntu on it. I already have her converted to Firefox (which she loves) and Open Office (which she didn't even realize WASN'T Microsoft Office).
Actually this is arguable. The 'shadow' api's do exist and are undocumented (as mentioned at various places on the web) or are documented so vaguely so as to be unusable. Just search Google for hidden apis.
Ever heard of Shadow API's?? Microsoft got in trouble for this because they told companies how to work with their products through one API and in secret had their OWN products using different API's. The outcome? Their products ran faster.
Since getting caught, they SUPPOSEDLY have stopped but that remains to be seen.
Actually this proibably wont work since so many governments (both city, state and country) have adopted open source, open standards or software that depends on those two in order to save many and interoperate. Europe is big on open source and have been major proponents.
If Microsoft were to offer Windows free to governments and schools, they would be losing more than the daily fine and it would most likely still be rejected.
No, Europe wants interoperability above all else and it's more than likely going to get it.
The question is to what extent; I doubt Microsoft will gladly allow competing products to interoperate freely. But if they don't, they will more than likely get nailed even worse since Europe has now shown that they don't fuck around... and they don't put up with monopolists.
Viva la European Union!!!
And when I pointed them out, you casually dismissed them. Even though they WERE vulnerabilities, some of which were critical and ALL of which had an effect on IIS.
But that didn't count cause I stepped over the line and it was a Tuesday and you had your fingers crossed... right?
Someone get this man a cup of coffee! I think he's regaining conciousness.
And from that webpage...
The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Microsoft Internet Information Services (IIS) 6.
Recognize the word 'unpatched'? Notice that it does not say 'has zero exploits'. It says zero UNPATCHED. Now you are a semi-intelligent ape being with relatively few scabs on your knuckles. What do you suppose they are trying to say? Hmmm... I wonder.
Why not trying out others security experts websites? I'll bet you'll find that IIS is affected by other exploits as well. Gee, didn't I say this to begin with? And didn't you say they had ZERO?? And didn't you also say none that were critical???
I love the fact that you are doing my work for me by showing how wrong you are but dude... have some pride. At least do the Microsoft thing and deny deny deny even in the face of overwhelming evidence.
I'd hate for you to have integrity this late in the game.
They say that ignorance is bliss. You sir must be one blissed out individual.
In the face of overwhelming evidence, denial is still the default state. One must admire you ability to equate fact with zealotry. I salute you sir and the fantasy world in which you live.
You still neglect to talk about reliability. Apache uptimes are CONSISTENTLY 2-4 times greater than IIS. This is still true for 6. This is a dual problem of the OS and IIS... and since IIS is tied into the OS (yes there are DLL's loaded at runtime even if you are NOT running IIS), issues with the OS are often issues for IIS.
And sure, I think that there is a market for all web servers. I know of one still being sold using 'server side javascript' (no joke). But when you get something for free, that has better uptime, better security (you can sandbox Apache better), better virtual hosting, better online support and loads and loads of documentation plus the fact that you have the ability to modify it and extend it at will, why buy something that performs worse?
That is the question.
As to my reading level, if you didn't mean to imply something, learn how to write above a 3rd grade level.
Wow. Denial isn't just a river in Egypt is it?
1. you say #1 is a fake when it was patched before a exploit was published? If you say so. After all you know the inner workings of Microsofts patches better than security experts.
2. In link #2, They specifically explain where those explots affects IIS6. Feel free to read and follow links. You can read can't you? I'm beginning to doubt it.
3. Link #3 again specifically states IIS6. Again, you ability to read is lacking.
4. Bringing up IIS5 is important because people base opinions of current products on past experiences with older products. You unfortunately can never say this about Apache cause consumers have always been happy. Changes are made monthly, patches fixed in 24 hours, ZERO major vulnerabilities.
And if you don't want to believe me, they you probably don't want to believe the multimillion dollar companies that use this every day, the millions of Microsoft customers that switched from 2000 to current (check Netcraft stats) or the list of Windows vulnerabilities to this day (yes you still can't run IIS on any other server).
Yes, everyone must be so wrong and those stats must be inflated and you must be right and those vulnerabilities are all wrong and security experts are all wrong and everything is fine and dandy with Microsoft. Do you feel better now?
Meausre yourself. Apache doesn't have the same overhead. Use the exact same computer and install IIS on Windows. Do the same with Apache on Linux. Optimize them both as much as you want; for Linux, run without Xwindows and shut down all other unecessary services. Now see which handles 1000 concurrent requests better. You will find that the Apache webserver can run using 25-50% fewer resources. Windows cannot as it requires the GUI to be able to run, has several other services running that it can't shut down and cannot vitualize well nor fill as many requests as fast.
Try it if you don't believe it.
How about a buffer overflow exploit? Doies that count?
http://lists.grok.org.uk/pipermail/full-disclosur
How about this long list as compiled by a Microsoft MVP?
http://msmvps.com/blogs/bernard/archive/2004/06/1
How about these honorable mentions as well?
http://www.aqtronix.com/Advisories/AQ-2003-02.txt (unannounced by Microsoft)
http://isc.sans.org/diary.php?date=2005-10-11
http://www.securityfocus.com/bid/9409
Oh really? Must we forget that IIS before that had vulnerabilities every MONTH that were so bad that it allowed several different viruses and exploits destroy any market gains they had made over 5 years??
Lets also not forget that it is IMPOSSIBLKE to run IIS without Windows and thus several vulnerabilities to underlying systems and DLL's caused IIS6 to be vulnerable as well. Look through the long long list of Windows vulnerabilities and you will find several that claim they affect IIS as well. Others you won't see even though hacks, viruses and exploits directly affect DLL's that it needs to run. Does Microsoft count that as a hack? Nope. It's to an underlying system that they consider Windows and NOT IIS (even though IIS would crash in a heartbeat).
And finally, let us not forget the long list of security experts that mention these exploits and only get them fixed AFTER a published exploit is released or after the security expert threatens to release the information to the public.
So immediately you say reliability and market share don't matter? Well maybe if I didn't own a business or wasn't a government agency and reliability of my data from a known market leader didn't matter, then yes... those two wouldn't really matter. If all I worried about was sharing pictures of my family with others members of my family then yes. You are 100% correct. If having a website that only got hit by 5 friends, then yes. reliability isn't that big of a deal.
Cost is the only REASON? Well yes, when you take reliability out of the equation, that is true. If you don't consider how reliable Apache is, then price would be the OTHER reason why it has such a high market share.
But now lets say I'm insane. Lets assume that as a company or government agency, I LIKE having my web server crash and get hacked regularly. And lets also assume I want to pay for the privilege of having my machine die under the load of a couple hundred hits and have viruses plague it on a regular basis. Who would I choose then?
So there you have it folks. Apparently, people DOI like having their websites hacked and crashing. Apparently the rest oif the market has been wrong this whole time.
Thank you kind sir, Thank you for showing us the truth. I myself know that I look forward to my site crashing regularly now that you have made me so aware of what fun it is.
How could I have been so so very wrong for so long? DAMN YOU RELIABILITY AND LOW COST!!! Do you not realize that as consumers, we like to pay high prices for crap??
Your metaphor is mixed. If you choose to compare the web to delivery of packages, then Firefox and IE are method for accepting that delivery; little more than mail slots in that since.
When a company wants to deliver that 'packet' (excuse the pun), the want a delivery method that is reliable, sturdy, inexpensive and a carrier that can handle the load of packages that they send on a daily basis. This decision is made by the business owner sending those packets... not the end user.
To the end user, this is all transparent.
But business is about reliable delivery, and if you can't deliver reliably, businesses will find someone who will. Because unreliable delivery means lost business.
Knowing that and knowing Apaches market share, who would you say is more reliable?
All web servers and lanmguages can. LDAP is an open protocol. We run a LAMP architecture at work that I integrated with the Windows network logins.
Not even 30% and the gains made ever so recently were due to deals made with hosting companies doing domain parking... not ACTIVE sites. I'd be willing to bet that basic sites still get more hits than a parked domain anyday. :)
Any web server can handle a parked domain that gets no traffic.
Besides lets not forget the last time Microsoft made a big push with IIS; tons of people switched then too and they actually had 35% of the market. Thats when people realized that their servers couldn't handle the load and crashed all the time and switched. In under 5 years, they lost all the gains they made.
Why do you think they are making bargains with domain hosters of parked domains? They can't handle the load.
You can spin it anyway you want but the fact still remains that Apache is far better, far faster and far more secure than Microsoft has ever been... which is why they have always had the market.
Not to be a negative Nancy but since Apache is 70% of the market (not including domain parking), it's not really a profitable area for people to do managed hosting for such a small market. It's funny because I get this same run around from people when I tell them I run Linux... but in this case, the reverse is true; LAMP (linux, apache, mysql and php) are the standard that the web revolves around and having gone with ASP and IIS sort of leaves you in a bind.
Honestly, I can also say that it is not going to get any better. More and more hosting companies are lowering their IIS support do to the costs it incurs and mainly because a LAMP architecture can host more domains with fewer resources, lower costs and lower amount of day to day maintenance.
Maybe PHP isn't your best bet and maybe you'd like to even try Apache Tomcat instead of Apache but honestly, it is in your companies best interest to move their architecture over to something more commonly used in order for them to lower their costs in the long run and take advantage of a larger and cheaper employee pool.