T
The poster formerly known as Nina DiBoy
Alias said:
Even with servers it doesn't look good from the Microsoft side!
http://www.windowsitpro.com/Articles/ArticleID/96243/96243.html?Ad=1
Microsoft to blame for Malware hell?
"Microsoft's Internet Information Services (IIS) Web servers are more
than twice as likely to deliver malware to unsuspecting users than the
open source Apache Web server, according to a recent security survey
performed by Internet search giant Google. That's quite an allegation,
coming as it does from one of Microsoft's chief competitors.
Google made the revelation from its Online Security Blog. "We
investigate[d] the distribution of Web server software to provide
insight into how server software is correlated to servers hosting
malware binaries or engaging in drive-by-downloads," wrote Nagendra
Modadugu, a member of Google's anti-malware team. "We examined about
70,000 domains that over the past month have been either distributing
malware or have been responsible for hosting browser exploits leading to
drive-by-downloads."
According to the survey, Microsoft IIS pops up twice as often--49
percent vs. 23 percent--as a malware distributing server than does
Apache. This comes despite the fact that Apache appears to be in use on
far more servers worldwide than does IIS. The majority of that malware
appears to originate from China and South Korea, according to Google.
(Curiously, most malware coming out of Germany is actually sent via
Apache, not IIS.)
Google reports that IIS is likely used to distribute malware more often
than Apache because many IIS installs are on pirated Windows versions
which aren't configured to automatically download patches. (Even pirated
Windows versions can automatically received security fixes, however.)
"Our analysis demonstrates how important it is to keep web servers
patched to the latest patch level," Google notes.
While I can't quibble with the data per se, I find it interesting that
Google used this survey to promote Apache over an Internet product made
by its chief competitor. Google notes that, in its research, there was
"a slightly larger fraction of Apache servers compared to the Netcraft
web server survey," suggesting that Apache actually has higher market
share than reported. Coincidentally, perhaps, Netcraft recently reported
a drop in Apache market share, due largely to Google's Web servers being
removed from under the Apache banner.
Microsoft, incidentally, says that the Google survey doesn't provide
enough data to draw any conclusions. "It is difficult to draw any viable
conclusions about the security of the Web servers mentioned or what the
intended use of a given Web server was in this particular
investigation," a Microsoft spokesperson said. "As the blog points out,
the administrator's intended use could be to intentionally distribute
malware."
--
Priceless quotes in m.p.w.vista.general group:
http://protectfreedom.tripod.com/kick.html
Most recent idiotic quote added to KICK (Klassic Idiotic Caption Kooks):
"Spoken like a true NixTurd (oops, NixTard)."
"Good poets borrow; great poets steal."
- T. S. Eliot