Linked by Thom Holwerda on Tue 17th Jul 2007 14:35 UTC, submitted by E. Stride
Internet & Networking From Netcraft's latest web survey: "Microsoft adds 2.4 million sites this month, pushing the total number of sites running on Windows servers past 40 million, and helping Microsoft improve its market share by 1.01% to 32.8%. The open source Apache server has an increase of 556k, and slips back 1.11% to 52.65%. Google gains 592k sites this month, and now has 4.35% share. In active sites, Apache is now at 49.98% share, less than 14.5% ahead of Microsoft. While that's still a considerable lead, Apache had a 33.4% advantage at this time last July, meaning MS has cut its deficit in half in the past 12 months."
Thread beginning with comment 256064
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Too bad
by CapEnt on Tue 17th Jul 2007 16:41 UTC in reply to "RE: Too bad"
CapEnt
Member since:
2005-12-18

From secunia site:

"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

Apache is equivalent of IIS in security. You just need to read the ENTIRE report to understand why.

Reply Parent Score: 5

RE[3]: Too bad
by sappyvcv on Tue 17th Jul 2007 17:06 in reply to "RE[2]: Too bad"
sappyvcv Member since:
2005-07-06

Uh. Ok. 3 vulnerabilities in over 4 years for IIS6. 1 rated not critical, 2 rated Moderately Critical. 1 of the latter 2 only worked if the admin enabled remote administration (probably not a great idea).

33 vulnerabilities for apache 2.0 in over 5 years. 3 still unpatched. 2 of the 33 which were rated highly critical.

How exactly is apache equivalent?

Reply Parent Score: 3

RE[4]: Too bad
by CapEnt on Tue 17th Jul 2007 17:55 in reply to "RE[3]: Too bad"
CapEnt Member since:
2005-12-18

No security advisory in entire 2007 so far and all critical holes as patched.

The ones unpached for such lenght period of time are clearly dismissed by apache dev team, and even secunia agree then to being non critical.

And secunia only lists vendor supplied or publicly listed vulnerabilities, MS stopped making that information available and now silently patches vulnerabilities they detect in-house.

Reply Parent Score: 5

RE[4]: Too bad
by spanglywires on Wed 18th Jul 2007 22:20 in reply to "RE[3]: Too bad"
spanglywires Member since:
2006-10-23

Uh. Ok. 3 vulnerabilities in over 4 years for IIS6. 1 rated not critical, 2 rated Moderately Critical. 1 of the latter 2 only worked if the admin enabled remote administration (probably not a great idea).

33 vulnerabilities for apache 2.0 in over 5 years. 3 still unpatched. 2 of the 33 which were rated highly critical.


What you are missing here is that Apache 2.0 is timeline equivalent of IIS3/4, IIS 5/6 are much closer time-wise to Apache 2.1/2.2, which are supposedly much more secure rewrites.

I must admit IIS 6 is getting strong recommendations from my Wintel colleagues, personally I'd stick with what I know as a Unix admin, but given the people telling me things have changed drastically I'd give IIS 6 a go.

The crux of it is, either will be swiss-cheeseware if misconfigured.

Reply Parent Score: 1