(no subject)
From:Date: 08/06/02
- Next message: Rod G: "Re: VPN/Pix Question"
- Previous message: : "Re: Why Does Zonealarm Help Not Work Properly?"
- In reply to: Jeff Cochran: "(no subject)"
- Next in thread: karl [x y]: "Re: security on iis 5 open port router"
- Reply: karl [x y]: "Re: security on iis 5 open port router"
- Reply: karl [x y]: "Re: security on iis 5 open port router"
- Reply: : "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 6 Aug 2002 01:34:03 +0000 (UTC)
In article <3d51a66a.65927338@news.supernews.com>,
jcochran at naplesgov dot com (Jeff Cochran) wrote:
>>>> Security is only as good as the weakest point. IIS has a much worse
>>>> security track record than Apache, both in numbers of vulnerabilities
>>>> and time to fix those that are found. IIS is definitely a weak point in
>>>> system security.
>>>
>>> Depends on how you look at it. Most of the IIS servers being hacked are
>>> hacked because the latest patches haven't been installed and the default
>>> configuration was not changed or improved. I agree that a large number of
>>> buffer overruns have been found for Microsoft IIS. However, an
>>> administrator that doesn't update IIS won't update Apache either.
>>
>>Taking into account their security record, which one do you think is
>>more likely to be the next to have a serious security flaw discovered?
>
> Discovered, or invented? :)
Discovered, definitely. It's the people that create the software the
"invent" the flaws!
> If security is your major concern,
What do you mean "if"??? If you are connected to the internet then
security is always the main concern.
> make sure you run whatever OS and
> web server you find appropriate and that you have the ability to
> secure. What that turns out to be may or may not be what will resolve
> the same issue for another organization.
But this avoids the issue. The track record of IIS is poor. There is
no reason to assume this will change. When the next flaw is found, how
do you inted to secure it against attack before a reliable workaround or
fix is produced? Obviously no software is perfect, but IIS does seem to
be worse than most.
-- Ian.EOM
- Next message: Rod G: "Re: VPN/Pix Question"
- Previous message: : "Re: Why Does Zonealarm Help Not Work Properly?"
- In reply to: Jeff Cochran: "(no subject)"
- Next in thread: karl [x y]: "Re: security on iis 5 open port router"
- Reply: karl [x y]: "Re: security on iis 5 open port router"
- Reply: karl [x y]: "Re: security on iis 5 open port router"
- Reply: : "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
