In reporting its second-quarter financial results Thursday, Microsoft said revenue at its Server and Tools division, which caters to business customers, grew 18 percent, year over year. Licenses sales of Windows server, which competes head-to-head with open-source software Linux and other server operating systems, grew 17 percent, year over year.Despite the threat posed by open-source products, Microsoft server software sales have been growing at double-digit rates for several quarters, C|Net reports.
Elsewhere, the Free Software Foundation is lobbying the European government to reject the server license that Microsoft has proposed following the European Commission’s antitrust ruling.
Errr, how about no? You quoted the Fortune 1000 figures as a response to someone who pointed out that Apache runs most of the internet. Therefore it is your responsibility to back up the references and figures you used. You are the one who said it was easy to verify port80 statistics, not me.
Well, there’s a list of Fortune 1000 companies on port80 web site. If you don’t trust them, go ahead and investigate yourself.
Tell me why that Fortune 1000 survey should be taken as gospel, tell me why it should be taken seriously
Because Fortune 1000 are.. Fortune 1000 companies. They have business to run and they need good servers pal. It’s not some “Here’s my blog ma” web site there.
and tell me how the Netcraft figures artifically inflate the amount of Apache usage to the extent it does. I’m not holding my breath.
“The Netcraft survey results are skewed in favor of those Web servers that are most commonly used for virtual hosting. Apache is the web server of choice for virtual hosting and this is one reason why the Apache numbers are so high.
There’s nothing wrong with virtual hosting and with the Netcraft results. You simply need to understand what the results are saying. Apache is the number one web server for organizations that support large numbers of virtual hosts. Most of these organizations are Internet Service Providers (ISPs).
While Microsoft’s IIS and the Netscape servers support virtual hosting as well, far fewer ISPs use these products opting instead for the free and highly-regarded Apache.”
Now, when we talk about large number of virtual hosts and IIS, things have changed A LOT with the release of IIS 6.0
> I don’t see Linux anywhere on that page.
http://uptime.netcraft.com/up/accuracy.html#linux26
> FreeBSD is derived from.. Unix, right?
Yes, but those servers are running apache, which you were bashing as insecure open-source crap, weren’t you?
> Now, given that FreeBSD delivers those long uptimes, here’s a question: how is any other
> OS going to penetrate into that list when those BSD boxes are just running and running..?
Well, you won’t figure it out for sure.
> Anyways, 5 or 50 years uptime, what’s the difference?
Alright, then check out
http://uptime.netcraft.com/up/today/requested.html
Look who’s number one and compare the uptimes of apache servers with those of the iis servers.
Man I wish you were a better one to argue. What this numbers prove ?
I gave you an example of one of my clients:
2 windows servers ~15 debian.
How would you count that ? So what if MS gets the money ? no one cares, and good for them.
Who’s actually doing the job ? How would you calculate that ? if not for the whole lot of debian, MS figures would be much higher. Yet no one can count the servers actually doing the job.
You see, instead of 17 server shipments, MS only got 2 (they’d probably should’ve got more – each debian box handles lot of services).
Oops… My bad,
The line in my last post that said…
“Do you see 4 and 5 years between NT Server 3.1 and 3.5, 3.5 and 3.51 or even 3.51 and 4.0? No.”
Should have said…
“Do you see 4 and 5 years between NT Server 3.1 and 3.51 or even 3.51 and 4.0? No.
Do you see 4 and 5 years between NT Workstation 3.1 and 3.5? No.”
“Luke, I AM your Operating System.” – Darth Linux
“http://uptime.netcraft.com/up/today/top.avg.html
Based on that it doesn’t seem to be a tough choice whether to go for Apache or ISS when looking for long uptimes”
Have you even looked at those sites half of them are only page sites with almost zero content. Not that hard to keep those running forever.
Darth,
sure, I want them to slow down even more. 5-year release cycle is good for me.
You guys have to go like new release every six months, because you have SO MANY things to fix. They don’t.
It’s not like number of patches is increasing. Actually, compared to, for example, 2000-2002, number of patches that MS releases is I believe going down. And it’s only going to get even better.
Support end for Win 2K: you are right. My mistake. Still, not bad at all. 2005 and 2010. So, 2008 is the average of the two
Just kidding 
<quote>I gave you an example of one of my clients:
2 windows servers ~15 debian. </quote>
Where I work, we have 17 Windows servers and nothing else.
Now what?
I’m just telling you to pay attention to the article. MS Server sales are increasing. You can say what ever you want.
Wrong as usual David. RussianGuy proved you wrong and the article proved you wrong.
You are Russian Guy
.
“Licenses sales of Windows server, which competes head-to-head with open-source software Linux and other server operating systems, grew 17 percent year over year.”
“Microsoft server software sales have been growing at double-digit rates for several quarters. Meanwhile, revenue from its current cash cows–its Windows desktop and Office products–have been flat or growing in the single digits, analysts noted.”
Are you deaf and blind as well as stupid? Don’t quote figures by revenue, because I’ve disredited them. If you want to, write a rebuttal. Quote me some figures on actual Windows server installations and units sold, and then we can actually compare them. Until then, learn to read what’s actually been written and don’t regurgitate what I’ve gone over before.
Just because you claim to discredit something doesn’t mean you do discredit it David.
Blah, blah, blah, I’ll tie myself in bullshit and maybe he’ll think I know what I’m talking about. You provide evidence to disredit it. Those with the most and best evidence, wins. The above is, well, you tell me.
So you’re going to sit here and say that both Microsoft and Linux are not eating into the market share of Unix and that Microsoft’s market share of servers is not rising? I dare you.
That’s not what was being discussed, so please don’t wriggle. Maybe you’re not so stupid afterall, but I’m afraid you can’t get around things by wording it differently.
– Is Microsoft’s server unit sales rising? Most probably yes.
– Do they have the share of the market that Microsoft says they have? No, not with the figures they’ve based it on.
– Are Linux server unit sales rising? Yes.
– Are Windows, and mostly Linux, eating into Unix? Yes.
– Is Windows eating into Linux? No.
– Is Linux Unix? No.
Novell just hired the Gtk+ windows developer fulltime. I’m sure you’re real happy about that.
Oh wow. A loss-making division of Novell has hired one developer to try and turn around a graphical toolkit that just isn’t good enough, on one platform. All things being equal, it’s just more cost-effective to buy Qt licenses!
Suse is the Enterprise Linux Division of Novell, they make the actual money and they don’t use GTK. So no, just because an insignificant loss-making division of a company that happens to have a big mouth speaks, it doesn’t mean they are using it. I don’t see GTK being used on a Suse (read Novell) server any time soon, and judging from the amount of memory and resources a Red Hat server running with GTK graphical front-end consumes I don’t want to either.
I understand that Microsoft servers handle many tasks fine for many people and because of whatever psychological hangups you have, you can’t just accept that.
So do I, but you don’t come on forums shouting about how fantastic Windows servers are, because they aren’t. Given the functions they perform you have to ask what the point of them actually is. When you bring that up the amount of vitriol poured out is just incredible. I’ve never had a response to any of my posts before.
Have you even looked at those sites half of them are only page sites with almost zero content. Not that hard to keep those running forever.
LOL
And that is exactly related to large number of virtual hosts that Apache supports. Thousands of sites with static pages.
One of the improvements with IIS 6 is that thing indeed.
When you need dynamic sites, like businesses do, they use IIS, as port80 survey shows.
Did I already say that..
The Netcraft survey results are skewed in favor of those Web servers that are most commonly used for virtual hosting. Apache is the web server of choice for virtual hosting and this is one reason why the Apache numbers are so high.
There’s nothing wrong with virtual hosting and with the Netcraft results. You simply need to understand what the results are saying. Apache is the number one web server for organizations that support large numbers of virtual hosts. Most of these organizations are Internet Service Providers (ISPs).
While Microsoft’s IIS and the Netscape servers support virtual hosting as well, far fewer ISPs use these products opting instead for the free and highly-regarded Apache.
:)))
Welcome to the real world, Neo the OSS-fanboy.
One day you will stop embarassing yourself.
Apparently, you have problems comprehending numbers, which you prove again and again like a broken record.
Blah, blah, blah. Try reading what’s actually been written.
Let me put it plain and simple for you: freeloaders prefer Apache (Netcraft numbers) while American IT professionals from Fortune 1000 prefer IIS (Port80 numbers).
That’s just a sentence out of frustration. I like the IT professionals bit.
Port80 lists all 1,000 companies they query- and they let you view for yourself what each company reports.
If I can pick the companies I survey, and if I can pick the departments and functions that I query I can get it to look like almost anything.
I repeat – Apache runs two-thirds of the internet. No, “We’ll pick these sites and not these” or “If you take a cross-section of these companies” – that’s it.
and also try to prove again and again that more revenue and income means company is doing worse and worse,
Err, no that’s not what I said. I pointed out that the by revenue figures Microsoft were meaningless for what they were claiming i.e. their share of the server market, how much they’ve grown relative to others. Reading is obviously not a strong point.
but your resistance is futile.
I take it that’s a standard saying in Microsoft Certified Professional companies.
The truth will set you free. Until then, you can “blah, blah, blah” as many times as you want, because all your posts are silly attempts to find way around facts and numbers you don’t like with some weak and tired and (pardon me) very boring arguments nobody buys.
Blah, blah, blah, blah. I’m afraid people do buy them, like you, because they’re frustrating the hell out of you. What’s been produced in response is just non-existant.
Again, tell me why Microsoft does not produce figures on actual installations and units of Windows servers sold. Provide a response as to why Microsoft decide to produce all their figures by revenue, meaning you can’t compare with how companies using and selling Linux are doing relative to them.
If I can pick the companies I survey, and if I can pick the departments and functions that I query I can get it to look like almost anything.
No, companies are not picked to favor MS or OSS. Those are Fortune 1000 companies. You know what Fortune 1000 stands for, right?
I repeat – Apache runs two-thirds of the internet. No, “We’ll pick these sites and not these” or “If you take a cross-section of these companies” – that’s it.
Read my previous post and wake up
Nothing,
Honestly, how much do you know about Linux or *BSD?
It’s not like number of patches is increasing. Actually, compared to, for example, 2000-2002, number of patches that MS releases is I believe going down. And it’s only going to get even better.
Really? That’s funny, because according to the XP SP2 the list of items patched has actually increased. It’s just that they waited to release a bunch of patches at one time and of course this list is not complete as it does not include those post XP SP2 hotfixes. Of course we will never know exactly what Microsoft is fixing, we just have to “trust” them when they say it’s fixed…until the same problem creeps up again later.
XP SP1a
http://support.microsoft.com/?kbid=324720
XP SP2
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;…
I could go on but I’m not going to. You’re a big boy/girl and can go look up the real facts about Linux and Windows yourself. =)
“Luke, I AM your Operating System.” – Darth Linux
No, companies are not picked to favor MS or OSS. Those are Fortune 1000 companies. You know what Fortune 1000 stands for, right?
Most Fortune 1000 companies use a huge mix of technology, from Java and Apache right through to Microsoft – I know
. If I can pick the right departments and projects that these companies have then I can make it look like almost anything.
Read my previous post and wake up
Oh damn, ISPs favour Apache. We’ve got to cut that out of the equation!
Virtual hosting or not, two-thirds on the internet runs on Apache. If you are looking at actual server installations then virtual hosting does skew the figures, but who the hell has one site per server unless you’re running IIS?
If you ask yourself how many sites actually run on Apache and compare it to others like IIS, the percentage of share makes sense. From that point of view Netcraft doesn’t lie, because physically speaking two-thirds of the sites on the internet run Apache – that’s the about the ratio you’ll get when doing a search on Google, so that’s the way it is.
I’m afraid the port80 stuff is just a Microsoft poor-man’s version of Netcraft
.
I don’t care – SP2 was one patch for me. It was your camp that started that shit – how many bugfixes per 1 patch. I repeat, SP2 was just ONE update for me.
IIS 6, how many patches since release? Come on, tell me that number too.
Apache 2, how many bugfix releases since 2.0.0? 50+. That’s 50+ times you had to update your system.
I honestly didn’t care how many bugs are fixed in each release till you guys started it.
Now compare IIS 6 and Apache 2.0, please
because according to the XP SP2 the list of items patched has actually increased
Hey, I said “number of patches that MS releases” not number of items fixed per one patch. SP2 was just one patch for me, as I said.
Please, be fair. I know you didn’t get any sleep because of me, but this is not the way to do it
))
Why the hell all this fighting… isn’t it easy to realise numbers does not equal quality! Obviously Windows 2003 is a great improvement over past releases and everyone needs to admit that. Great, now that’s the only conclusion we need. It doesn’t mean on this imaginary 2D scale that somemany seem to refer to that windows or linux is all-round better.
> The Netcraft survey results are skewed in favor of those Web servers that are most
> commonly used for virtual hosting.
Netcraft counts the uptime of each virtual host seperately. That’s only skewed in favor of Apache servers according to your twisted logic.
In any case, your reasoning that the quality of software is inverse proportional to the number of released patches reveals you as too braindamaged to qualify for any remotely serious discussion.
Linux Zealots, Windows is turning out to be a very capable, secure, easy, reliable OS with great support (7 + years). There are many reasons why it makes businesses deploy it. It is a great OS and will only get much better. This is why sales have increased
Microsoft fanboys, Linux is also turning out to be a very capable, scalable OS. It has many advantages that Windows currently lacks (who else but Microsoft can choose to run Hotmail on Windows?). Businesses deploy it where it makes sense and there are lots of places where it makes sense. This is why sales have increased.
Anyone see a pattern? Ford and GM are both gonna be around.
I find it rather humorus that our “M$-Only” campus, at least over the last half-decade, is now training its IT staff, I am going just for fun, in *nix and Linux. This is in advance of a new *nix-based administrative system.
🙂
i now the secret why win servers is growing.
my w2kSRV was :
+ easy to install
+ great OpenSource software, better then linux/bsd equalents
+ fast with gui
+ a free good firewall or router is the magicword
+ update the OS & softwares
wanted to go all the way OpenSource and installed Debian because RedHat or other gui dists is to hoggy on my system.
my debian sarge was :
+ easy to install
+ apt-get
that was it , it was a hell to configure samba and ftp in textmode and my install got bigger and bigger.
conclusion : linux isnt lean and fast anymore when X installed. maybe a graphical debian distro like Ubuntu but only with daemons/services is the receipt for linux to grow some more.
I´m gonna try some more on my debianbox and decide to go back to w2kSRV or not. My Ubuntu desktop is fine, damn fine
my srv hardware : p2 300, 256 ram, 80 gb Samsung etc
have used linux since ´98 – pygmy, redhat, mandrake etc
That’s only skewed in favor of Apache servers according to your twisted logic.
Keep dreaming pal. We all know that is the truth. Millions of “Look ma, I have my own web site” sites. Who cares about that? Well, you guys do, but not Fortune 1000 companies.
Netcraft also has statistics for business use (SSL access). What do you think, who’s better? Find it on their site. Yeah, I know, you won’t believe it: SSL access!!! Check it out and then come back and tell us who’s doing better
))
In any case, your reasoning that the quality of software is inverse proportional to the number of released patches reveals you as too braindamaged to qualify for any remotely serious discussion.
Well, it all started when OSS fanboys said IIS6 is still insecure, etc. with no facts to support that. I said that number of security patches decreased when looking at IIS 5 and 6. At least it’s some kind of proof. Better than none, you’ll agree. Go back and see it for yourself.
You guys just can’t stand the fact that Microsoft is doing better and better.
… there are plenty of ways to do serious work in Unix without ever needing these … I get MP3s, DVDs, movies, CD playing etc
And I don’t have to spend all day with a desktop full of cryptic black terminal windows … and these can all play without skipping a beat, even when I’m in the middle of compiling a major application.
Do you even read your posts before you submit them? Are you totally blind to the contradictions?
Look at Python, PHP, Ruby, each of which are easier to use and cleaner in syntax than anything Microsoft produces. Look at Mozilla XUL and its Javascript-on-steroids. Look at PostgreSQL, which is one of the most elegant pieces of software ever created. Then look at the ridiculous ease of scripting anything in the Bash shell (or better yet, Expect) …
Now those statements are just self-defeating.
you stopped answering to my posts, what’s happend ? can’t comment on those anymore ?
About the fortune XXX companies, I find it quote funny. I’m not a child and been around for a long time.. and it’s fun to see tables turned.
To start with, fortune xxxx companies are slow moving when change is needed. What they can afford != what others can afford. Their needs != everybody elses needs.
They also involve lots of politics, very favorable terms, costs and support from MS (others can only dream about).
Guss they can keep a large stuff needed to admin windows servers (test patches, service packs, rollback if needed etc…).
One would guess that hosting companies (the ones you shun – regarding netcraft) were the ones with best experties to evaluate and maintain web servers on various loads.
Back to my opening statement, when MS was fighting for their role in server space, the same exact points raised by NBM’rs here were raised by others, IBM, large unix vendors – you name it. “MS is not good enough, no one was fired for choosing XXXX”.
But it was good enough for what it did – the price was right – and they failed. Ms got their foothold.
What’s funny is that they (and blind supporters here) are trying to use exacatly they same lame FUD against OSS, linux, BSD and whatever.
This already failed – and MS is the proof to that. Are they pretending that it never happend ?
This already failed – and MS is the proof to that
Yeah, we are looking at this article.. MS sales numbers. Clearly, MS is the proof.
Ms is going to fail, if not this year, then it’s next year, right?
Same ol’ story pal, every year it’s the same story.. Yadayadayda..
We’ve been already through that. I gave you examples from clients fwe posts ago – those sales numbers mean nothing.
Want me to repeat it ?
A client. 2 windows servers (for specific apps), ~15 debian.
MS got to 2 sales, and counted – cool they made profit. Server sales income increase – but they lost 15 sales which no one counted (or can count actually).
So good for MS, they’ve increased income (and I’m glad for them) – but lost a large account.
This situation is not unique. Be it Linux, *BSD, it’s a quote common scenario.
No, I don’t see that as a problem.
You know why? Because once that is a problem for MS, we will see a drastic price cuts from MS. (They may even go $0, just to keep monopoly position at desktop market.)
Since prices are not changing significantly, I don’t think MS is doing bad. Not at all.
Once we see that, we can comment on it. But.. that also means MS will be selling more, so… As I said, let’s wait for that to happen.
’till then, I can only see that they have more and more cash in the bank. Hardly sign of doing bad. And they sell more and more despite the fact that their products are MUCH more expansive than any Linux distros.
Not wanting to go through 160 comments, but do they mean 17% growth in absolute numbers compared to number of Windows licenses sold last year? I mean, it doesn’t compare how sales of Windows OS relate to the number of Linux/FreeBSD/whatever servers deployed? These number are probably only due to the fact that more servers are needed each year! Not because Windows is getting more popular than, say, Linux.
I see, and non fortun 1000 companies are not dependant on their servers ?
It’s not contradicting. IBM is still here and still successful, just not the monopoly they were. So will Microsoft.
When companies get very powerfull, it usually brings their downfall. They start to ignore their customers, play hardball with them, audit and alienate them – same thing happens right now with many of my clients.
note that downfall != total annihilation. They still be around like the rest. Just not as powerfull.
BTW it was not a very good trollig @ the end, I though that IBM, RedHat, Sun and others were American comapnies as well.
BTW it was not a very good trollig @ the end, I though that IBM, RedHat, Sun and others were American comapnies as well.</i?
Oh you yet another ignorant linux fanboy… Don’t tell me you didn’t know it was from..
[i]In the 1950s, testifying for the Senate Armed Services Committee, Charlie Wilson, then a former president of GM and later secretary of defense under President Eisenhower, said, “What’s good for GM is good for the country.” That quote continues to create controversy regarding the role of business, politics and social well-being. But the idea that, in technology procurement, what is good for GM will be good for the technology industry is an idea whose time has arrived.
I strongly advise you to go to bed now. You’re a disgrace to all the other MS fanboys.
Yet, for some unknown reason (unknown force, I guess), Linux holds position #1 at zone-h, 90% of the days.
Why does 99.9% of malware target Windows? Apply your predictable answer to the fact that Linux/Apache is the most defaced Web server combo: popularity.
Yeah, I know it’s frustrating. 1% in ten years. Great job.
This is off-topic, but Linux on the desktop is at 2.5%, not 1%. The Google Zeitgeist figure was misleading, so much so that they don’t provide it anymore.
Anyway we’re talking about servers, here. And how there is still an unpatched remote security hole in IIS 6. If MS followed the “release early, release often” philosophy, this hole might already have been patched.
And that’s the truth!
Sounds a little bit like: RETREAT! RETREAT!!!
Geez, how old are you man? Getting this giddy over an internet flame war is a bit, well, lame…
huh? no reply to my last (admittedly pretty lame) insult yet? what is wrong with you? Tired of trolling?
It’s not difficult to increase revenue having a monopoly
Since when did Microsoft have a monopoly on server operating systems, eh? Nice try.
18% growth is great! But that growth might have been a lot higher if MS didn’t have to compete with Linux.
It’s zero sum game. If it weren’t competing with Linux, Win2003 Server would be competing with Solaris, AIX, etc.
At least do it right.
http://gandalf.home.digital.net/trollfaq.html
Someone please report this (Report abuse) so I’ll end up in the right place..
🙂
(Bugs Bunny) Whata morooon.
hylas
does anyone know, how they got to these numbers?
I mean, how would you calculate the growth of Linux/FreeBSD in comparisson? I think it’s impossible! Because most Linux Distros are freely available on the net. Who knows how many people are using those on their servers?
It just doesn’t work that way in the real world, friend. Most companies do not download and install a free Linux distribution from the Web. They get their server OS installed with their server hardware at the time of purchase. That’s why it’s not that difficult to track who’s up and who’s down.
<<It just doesn’t work that way in the real world, friend. Most companies do not download and install a free Linux distribution from the Web. They get their server OS installed with their server hardware at the time of purchase.>>
I’m going to have to disagree with you there.
Argentina cries out for Linux
<QUOTE>
The survey also found that only 7 percent of companies using Linux are working with the large multinational distributors such as Novell or Red Hat. Instead they are choosing to train their employees themselves or hire independent professionals.
</QUOTE>
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39181464,00.h…
Also looking at netcraft suggests that the fastest growing Linux distros are Gentoo/Debian.
http://news.netcraft.com/archives/2004/01/28/debian_fastest_growing…
HP/IBM/Sun/Dell/etc don’t offer Gentoo/Debian support so it must be coming from somewhere.
<<Also looking at netcraft suggests that the fastest growing Linux distros are Gentoo/Debian.>>
Sorry that should be
1:Debian
3:Gentoo
You shouldn’t compare apples and oranges. FOSS is known for “releasing early, releasing often.” In the proprietary software world such a method of development is impractical. This doesn’t demonstrate in any way that Apache is less secure than IIS.
Well, clearly, the current patch-and-release model is giving Apache problems. Look at secunia for Apache (http://secunia.com/product/73/). 24 advisories, some of them serious. Now, look at secunia for IIS 6 (http://secunia.com/product/1438/). 3 advisories, all of which are very low criticality.
I know that people aren’t going to like this but you’ve got to give MS a little credit here for doing something right. They completely rewrote IIS 6 from the ground up and, as a result, IIS 6 simply represents a better product, in terms of security and capability. Churn in a codebase is not necessarily bad; however, if it becomes excessive, all kinds of management problems start to creep in. The code gets crufty. Hacks are applied on top of hacks. People become more inclined to lower their standards during code reviews — because they’re under time pressures.
Anyway we’re talking about servers, here. And how there is still an unpatched remote security hole in IIS 6. If MS followed the “release early, release often” philosophy, this hole might already have been patched.
Whoa, let’s be honest here. This “unpatched remote security hole” is nothing more than a cross-site scripting attack — which requires that the server admin be browsing the web on the same box on which IIS 6 is installed. There’s no need to patch it. Simply DON’T browse the web on your web server box. IE specifically warns you not to do it.
First, intresting that you ignore my comment about the lack of commerical support for Debian even though its the fastest growing Linux distro.
Secondly, maybe you want to write off the rest of the world as “backwater banana republics”, but their still very relevant none the less, even though I was only citing them as an example.
How about a serious rebuttal instead of bashing everyone outside the US?
Hmmm, from what I can see, Apache 2.0.x is rated “less critical” and IIS 6 “moderately critical”. Now you’re not going to claim the latter is more desirable, are you?
Follow the advise by hylas and do it right:
http://groups-beta.google.com/group/alt.troll/msg/30636f0abb8eb12c
> > Argentina cries out for Linux
> I was talking about industrialized nations, not backwater banana republics.
Wow, you sure try hard, I give you that.
Churn in a codebase is not necessarily bad; however, if it becomes excessive, all kinds of management problems start to creep in. The code gets crufty. Hacks are applied on top of hacks.
…which is why Apache2 was developed. And as Cosmo just pointed out, the link you gave indicated that both Apache versions are indicated as being subject to “less critical” advisories (two for Apache2.0, one for Apache1.3) while IIS 6 suffers from a “moderately critical” advisory.
(Ironically, IIS 5’s only security advisory is rated as “not critical”, which tends to discredit your theory about rewriting the code base to get better security…)
This “unpatched remote security hole” is nothing more than a cross-site scripting attack — which requires that the server admin be browsing the web on the same box on which IIS 6 is installed.
It is still a remote vulnerability credited as “moderately critical” by Secunia. And it’s not only web browsing that is discouraged, but e-mail and remote administration as well. From the advisory:
Administration of sensitive web based systems should always be done from a system which you do not use to read email or browse untrusted sites. This limits the attack vectors.
If you do not need the Remote Administration Tool it should be disabled.
I’m sorry, but isn’t the Remote Administration Tool one of the much-vaunted advantages of using IIS? What good is it if it introduces a security risk?
Meanwhile, despite the incessant drivel from some of the MS cheerleaders on this thread, both Apache 1.3 and 2.0 are considered to be less risky by Secunia, so I think we can stop flogging that dead horse now.
You’re kidding me, right? I was talking about industrialized nations, not backwater banana republics.
Argentina is an industrialized nation. It is the most european of south american countries. While it did go through an economic crisis recently, the economy of the country has been picking up steam in the recent months. In any case, calling the country a “backwater banana republic” shows a lack of knowledge about current economic affairs in Latin America and smacks of xenophobia. All of this because of anti-Linux zealotry, too…
That’s pretty scary. I guess those that don’t have lives have to turn software into a radical leftist political movement.
Again, trying to insult those you disagree with instead of trying to actually come up with arguments. At the risk of repeating myself, any one of your post is either an ad hominem attack, a strawman argument, or both! In other words, you are acknowledging that you can’t win in a rational debate, so instead you resort to name-calling and misrepresentation of your opponent’s viewpoint. Pathetic.
I guess that’s your way of rationalizing your defense of a murdering thugs like Castro.
No, that’s my way of toning down the exaggerate statements that were being said on Cuba – a place where you’ve never been, might I add. In fact, you’re simply repeating the same old hypocritical conservative propaganda we’ve been hearing for decades. Yet, you won’t even address the fact that the U.S. does business with China, Indonesia and Saudi Arabia (where human rights are in much worse shape than Cuba) – so I can only surmise that you’re defending these murdering thugs.
The only one that rationalizes things around here is you, Lumbergh. I’ve been to Cuba. I’ve spoken to cubans there, and cuban refugees here in Canada. I’m aware of the problems facing Cuba, and of Castro’s intolerance of dissent. But to make exaggerated statements on Cuba doesn’t help futher the debate in any way.
I don’t debate demented fanboys that try to attach Stallman’s socialist political views on software. I expose and humiliate them.
Translation: I don’t have any arguments, so I resort to demonizing my opponents, calling them names and misrepresenting what they say. In doing so, I expose myself as a troll for all to see.
I can’t believe you managed to name Stallman yet again. This obsession is really getting out of control. You should seek help.
You too.
So far, out of 13 posts in this thread, you have 10 moderated ones. Out of 11 posts, I have 6 moderated ones (which are responses to your off-topic posts, like this one which will probably be moderated down as well). I think this speaks for itself.
I have more than once extended an olive branch to you, so that we could have a civilized debate. I ask you again, please stop using ad hominem attacks and strawman arguments. Please stop showing such a lack of respect for those you disagree with. Please stop using insults instead of arguments. Help elevate the debate around here, instead of dragging it in the mud every time you get the chance. We will all be the better for it.
This Windows vs. Linux pissing match is just silly. Just use Solaris if you want an OS that is more full featured, secure, and cheaper by a long mile than both Windows and Linux.
Why do people keep haring on Fortune 1000 companies’ websites like they’re something special. Most of them are mostly static pages and product brochures. If you want to see real dynamic websites are using, look up Yahoo!, Amazon, eBay, Google. You’ll find that very few large dynamic websites actually run IIS. Wasn’t it only a year ago that Microsoft was able to move Hotmail off of FreeBSD on onto Windows? And even that was only a partial migration and the migration paper talked about how many things were more difficult to do because of Windows’ reliance on GUI tools.
Do you even read your posts before you submit them? Are you totally blind to the contradictions?
Apparently so, if by “contradiction” you mean that you managed to copy and paste my words together to make them say something new.
As I said, I have spent plenty of time with Windows, both before and during the time I learned *nix. From your posts, I can only conclude that your familiarity with Unix comes from the circa-1992 “Unix-Haters Handbook”. Things have changed a little since then. Of course I agree that many things could be done better than the typical Unix, but Windows ain’t it. Based on actual capability and design, the best contender for a desktop OS was probably BEOS, but that’s another sad story in computing history. Mac has some advantages, but is a performance hog, whereas BEOS was a dream (booting in 5 seconds on 1998 hardware).
As far as a server OS goes, Microsoft had to really struggle valiantly to get away from using FreeBSD for Hotmail. Even now, there are rumors that FreeBSD lurks behind the scenes at Hotmail. There was even an internal whitepaper by Microsoft employees explaining why FreeBSD had a better administrative model than Windows 2000 for such tasks.
http://www.google.com/search?hl=en&q=Microsoft+hotmail+internal+whi…
Apparently so, if by “contradiction” you mean that you managed to copy and paste my words together to make them say something new.
No. By ‘contradiction’ I mean that you give evidence that contradicts the statements that you are making.
I can only conclude that your familiarity with Unix comes from the circa-1992 “Unix-Haters Handbook”.
No. My experience with unix comes from years of being a good little weenie and submitting to the false god. I’ve never even heard of the Unix Hater Handbook until last year.
Based on actual capability and design, the best contender for a desktop OS…
Where have I said anything about the desktop. It seems that you like to make up shit and hear yourself talk.
As far as a server OS goes, Microsoft had to really struggle valiantly to get away from using FreeBSD for Hotmail. Even now, there are rumors that FreeBSD lurks behind the scenes at Hotmail. There…
Unsubstantiated rumors and documents are good enough for me. I’m converted.
Just some interesting posts I found on the subject – in terms of hard numbers.
IIS6 security better(less bugs) than Apache in last 11 months (IIS 11 – Apache 30)
http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/03/30/103…
ASP.NET security -> less vulnerabilities than open source PHP (ASP.NET 2 – PHP 27)
http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/03/31/104…
IIS6 vs Apache2 Security Defects
http://weblogs.asp.net/michael_howard/archive/2004/10/15/242966.asp…
Follow-up on IIS6 and Apache Security
http://weblogs.asp.net/michael_howard/archive/2004/10/18/244181.asp…
SQL Server vs MySQL security 2003-2004
http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/10/11/282…
http://www.eweek.com/article2/0,1759,1666134,00.asp
“SecurityFocus’s vulnerabilities database shows no vulnerabilities reported for IIS 6.0 in the past year and a single one overall…….IIS6 has a pretty good security record.”
“It’s probably going too far to say that IIS is now as secure as Apache. In a sense, it’s an apples-and-oranges comparison. Out of the box, IIS6 still comes with far more complex and ambitious facilities than Apache—along with the accompanying risks. More importantly, an IIS server can become compromised through holes in other services running on the same box.
But there was a time where IIS could have lost out badly due to a poor security reputation, and Microsoft stopped the bleeding mostly through a technique it needs to use more aggressively elsewhere: defaulting services off.”
IIS was once a piece of stinking shit. Bugs were leaking everywhere, worms were happy…but Microsoft invested some money in it and finally fixed the holes. It’s now one of the best web servers out there.
There was a time when Windows NT Server was dog vomit. Reboot your NT4 server every week was once a common policy for many companies. However, Windows Server 2003 is now a stable platform. Of course, I would be upset if I was a customer that bought NT4 and have to pay for an update to get something decent… but it still doesn’t change the fact that Microsoft finally got a solid product. While I am no longer in IT (now in computer engineering), I wouldn’t hesitate to put W2K3 on servers, even for a client.
I am using Linux on my servers. I’d like to eventually switch my desktops to Linux, mainly for ideological reasons. I have been locked down to a single platform for enough years. Still, I am not blind. Microsoft responded to the Linux threat by improving their products. That’s why I like competition. I personally believe it’s a little bit late, but it’s better late than never.
It seems to me that many Linux fanboys are still believing that their competition is Windows 98. It isn’t. Even comparing Linux to Windows XP pre-SP2 is a mistake since we are no longer in that era.
Many OSS programs are riddled with bugs (even if the devs don’t admit it) but I am confident that they will eventually be wrinkled out, just like Microsoft did with theirs. It might take some time though as most projects don’t have their work force but I am supporting them.
Malware on Windows hits Joe Sixpack.
Servers are not operated by Joe Sixpack.
I guess you didn’t understand me. I’m using the “popularity” myth that is usually associated with malware (i.e. Windows gets 99.9% of viruses, worms and trojans because of its large market share). If you agree with this (and I’m supposing you do – correct me if you don’t), then you must also accept that the fact that more Apache sites are defaced because the server has more than twice the market share of IIS.
In any case, it’s not true that malware only targets desktops. Code Red and other notorious worms that exploited RPC vulnerabilities used corporate servers as well.
Firefox 1.1 to be Delayed[…]
Oooh, this time we’re doing some testing.. Where’s your ‘release early, release often’ now, boys?
Here’s a hint: if you don’t want to be moderated that much, try to stay on-topic and try to not to troll too much. Meanwhile, you can bet the next couple of versions of Firefox will come out before the next Internet Explorer…
What the heck are you dogging firefox for. It works. The same will never be said for ie. Three weeks ago I had to kill 3 worms on my dad’s computer because of stinking activex… and this was on xp sp2.
I moved him to firefox and haven’t had one worm or spy crop up yet.
Really, I know you’re a microsoft employee, but that doesn’t mean you have to be blind to reality.
Any problem with firefox will be fixs 100 times quicker than IE… period.
IE is riddled with all sorts of problems right now, but Microsoft won’t touch it until 2006. Get a life.
No, you are wrong. You are clearly comparing apples and oranges.
I don’t think so. The “popularity” argument is either valid, or it isn’t. The popularity argument states that the bigger the market share, the more hackers and malware writers will target the platform.
Average Joe Sixpack doesn’t know much about protecting his desktop system. On the other hand, anyone operating (Linux) server knows much more about security.
That is generally true, but not always true. You have lots of Windows users here who know more about security than some Linux users. Anyway, it’s irrelevant to the discussion: we’re talking about the frequency of attacks as it relates to market share. The security experience of users/admins does not enter the equation.
Yet, results are almost the same. IIS has big enough market share on the server market, yet, it is not defaced as often as Linux/Apache systems. Linux’s presence on desktop systems is insignificant compared. IIS’s presence on the server market is not.
IIS’s market share is less than a third of Apache. That’s a significant difference. The popularity argument does not say that there is a direct equivalency between market share and frequency of attacks. On the contrary, any advantage in market share is multiplied.
For example, Windows has about 92% market share, vs. 2.5% for Linux. Yet Windows has much more than 92% of malware. There are about 100,000 malware programs for Windows, and only about 50 for Linux, which means that with a market share of 92%, it has 99.95% of the malware. Clearly there is a disproportion.
The same disproportion can be found with Web servers, where Apache has a market share of 68% (vs. 20% for IIS), but suffers from 90% of defacements.
That’s if you buy the popularity argument. I don’t, personally, neither for malware or web site defacement. The truth is that Apache/Linux does not suffer from 90% of all defacements. In fact, today on Zone-h Linux only has 76% of all defacements.
And if you look at the numbers over the past year, Windows was actually defaced more than Linux for a period of 5 months. In other words, this fluctuates a lot, and doesn’t really have anything to do with the OS/Server combination.
As the guys from Zone-H say themselves (completely destroying your argument in the process):
“So far, so good except from one detail: the only exact action after watching these data is that
YOU SHOULD SEND ALL THIS ANALYSIS AND THESE GRAPHS IN /DEV/NULL
Why? The reason is simple.
First of all, somebody might argue that the data should be re-evaluated and proportioned to the total amount of worldwide installations.
Second, crackers are choosing OS depending of what is “leet” at that very moment (remember the Solaris Armageddon 18 months ago?)
Availability of 0days for particular OSs is also contributing to the “mumbo jumbo” curves of the above graph.
EVEN THEN, EVERYTHING SHOULD STILL GO TO /DEV/NULL
In fact, nowadays many of the intrusions are performed at database or application level.
Regardless the OS.
Regardless the web server.
Sql injection and file inclusion are the most used tecniques in the latest months. This is happening because the usual “availability” of exploiting codes has been constantly decreasing over the last 12 months since groups like Teso has stopped to release to the public.
The moral is, in this historical period of the Internet, don’t trust anybody who is “lecturing” about the inherent vulnerability of a particular Operating System.”
http://www.zone-h.org/en/winvslinux2
So basically, the link you gave us also tells us not to listen to people like you…please continue to provide us with such links, it makes demonstrating how wrong you are a lot easier! 🙂
Oh, and about what you said earlier:
I don’t see Linux anywhere on that [Netcraft Uptime] page.
That’s because when Linux uptime reaches 497 days, it rolls over back to 0. It’s an annoying flaw, but it explains why you don’t see Linux machines up there, even if some have been running for years. Meanwhile, Windows uptime doesn’t have that flaw, so the fact that there are so few Windows machines in the list does mean that they rarely reach such impressive uptimes.
The same rollover “bug” also happens to Solaris and HP-UX, which explains why these rock-solid OSes also don’t appear in the list.
http://uptime.netcraft.com/up/accuracy.html#whichos
http://uptime.netcraft.com/up/accuracy.html#cycle
As for Firefox delay: it is perfectly on topic with your “release often, release early” fanboy phrase.
It’s not a fanboy phrase (p.s. using insults only shows that you don’t have actual arguments), it’s a philosophy. Firefox will still realeas early and often, the fact that there is a small delay because one of the main developers is going over to Google doesn’t change the fact that there will be quite a few Firefox releases before the next IE release…
Not only is it erroneous, it is in fact off-topic, since the topic is MS server growth (and, by extension, Linux server growth and the relative merits of both as server platforms).
Please try to stick to the subject at hand and refrain from using insults if you don’t want any more of your posts moderated (how many is it now? 22?).
The security experience of users/admins does not enter the equation.
Oh, yeah? “Security experience of user/admin does not enter the [SECURITY] equation.” Do you realize what you’ve just said?
Experience doesn’t matter. Where? What planet is that?
Have you ever applied for a job in IT? Experience didn’t matter? So Joe Sixpack will get job in IT as easy as experienced admin?
To quote Bush (senior): “Well, yes, but no.”
🙂
So basically, the link you gave us also tells us not to listen to people like you…please continue to provide us with such links, it makes demonstrating how wrong you are a lot easier! 🙂
No, it tells you that security of a system depends on MANY factors and not only on OS itself. (Security) Experience of a user is one of them.
Oh, yeah? “Security experience of user/admin does not enter the [SECURITY] equation.” Do you realize what you’ve just said?
That is not what I said. What I said is that the experience of users/admin does not have an incidence on the number number of viruses or hacking attempts. It does have an incidence on whether these attempts are successful or not, however.
Don’t put words into my mouth.
No, it tells you that security of a system depends on MANY factors and not only on OS itself.
Exactly. Meanwhile, you’ve been repeating the Zone-H stats ad nauseam as an argument that Linux is less secure than Windows. It’s too late to do an about-face at this point and try to pretend otherwise – you’ve been exposed by the very link you provided.
(Security) Experience of a user is one of them.
An experienced user/admin can make an OS installation more secure, for certain. However, he can’t make the actual OS more secure than it already is. I hope you can understand the disctinction (though, judging from your posts so far, I doubt it…)
You’ve said that Linux is defaced more because of popularity on servers and then you compared that to malware problem on Windows.
What you failed to recognize is that users are not equally experienced in those two cases.
Bigger popularity on Windows desktop means more completely inexperienced users. Bigger popularity of Linux on servers doesn’t bring Joe Sixpack to administer them.
Meanwhile, you’ve been repeating the Zone-H stats ad nauseam as an argument that Linux is less secure than Windows.
Sure, and it is like that. Zone-h shows that when in hands of professionals, Windows is more secure than Linux. You can deny it all day long.
You know, seeking security by using Linux on desktop is — security through obscurity. You use OS that no one even writes malware for and then you guys claim it is more secure
Following that logic, everyone shoud switch to OpenBSD, or even Atari ST.
Using Windows and Linux on desktop is like living in New York and on isolated island. Yeah, it is safer on isolated island: no criminals, no traffic, etc, etc.
I don’t think so. The “popularity” argument is either valid, or it isn’t. The popularity argument states that the bigger the market share, the more hackers and malware writers will target the platform.
*AND/OR* that any exploits will be far more noticable, spread quicker, be more difficult to contain and have larger, longer lasting impacts.
In any event, the “popularity argument” is simply one aspect of a *larger* argument and chain of reasoning that basically says Windows has a much higher measure – both proportionally and absolutely – of ignorant users. You’d expect it to be over-represented in any statistics because any arbitrary Windows system is far, far more likely to have been configured, or be active used, by someone who has no idea how to not only secure a machine, but also not be soecially engineered into running malicious code.
Anyway, it’s irrelevant to the discussion: we’re talking about the frequency of attacks as it relates to market share. The security experience of users/admins does not enter the equation.
No, you’re talking about the frequency of *successful attacks* as it relates to market share. The frequency of *attacks* is, by its nature, practically unmeasurable.
User experience most certainly has a *massive* impact on the security “equation”. To state otherwise is to try and dismiss the biggest security hole in any modern system with a wave of the hand. Sorry, but those *are* the droids we’re looking for.
For example, Windows has about 92% market share, vs. 2.5% for Linux. Yet Windows has much more than 92% of malware. There are about 100,000 malware programs for Windows, and only about 50 for Linux, which means that with a market share of 92%, it has 99.95% of the malware.
Have you tried running the numbers after taking out all those different bits of malware that are all the same thing just with different names ? I mean, any particular bit of malware tends to have at least 20 – 30 variants all targeting the same vulnerability, don’t they ? How about all those nasties that arrive in emails and “trick” the user into running them by promising free porn/money/ipods/whatever ? How could you justifying counting them as more than one piece of malware, from the perspective of assessing *vulnerability* ?
Clearly there is a disproportion.
Of course. You need critical mass. If a worm can only exploit every 100th system it sumbles upon, it should be obvious it’s going to spread a lot slower – and be a lot more vulnerable to extermination – than one that can infect 95/100 systems it finds.
Graphs of infection rates are *not* linear.
If you’ve only got 5 unix systems on your network and 500 Windows systems, then isolating, protecting and, where applicable, repairing the unix systems is trivial. Doing the same for your 500 Windows systems will be a hell of a lot more involved – particularly the “cleaning” scenario.
That’s if you buy the popularity argument. I don’t, personally, neither for malware or web site defacement.
Based on what reasoning ?
I’ve never understood why anyone would *dismiss* a platform’s prevalence as a key factor in how often it is targeted, how often it is exploited and the results of those attacks. So many other things that influence system security are effectively directly tied to a platform’s prevalence it just defies logic.
The truth is that Apache/Linux does not suffer from 90% of all defacements. In fact, today on Zone-h Linux only has 76% of all defacements.
But by limiting yourself to *only* looking at webservers, you’re self-selecting your sample and cutting out a *massive* proportion of all machines, not to mention dramatically reducing the primary security vulnerability of any system – the end user – by effectively imposing a minimum competency level.
The moral is, in this historical period of the Internet, don’t trust anybody who is “lecturing” about the inherent vulnerability of a particular Operating System.”
I have to ask, do you agree with this reasoning ?
What you failed to recognize is that users are not equally experienced in those two cases.
This is a blanket statement based on conjecture, not facts. Since securing a web server against defacement is more complex than protecting a PC from malware, the fact that an admin is “more experienced” than a user is useless. They may be more experienced but the task is harder, so this is not a valid comparative measure.
Sure, and it is like that. Zone-h shows that when in hands of professionals, Windows is more secure than Linux.
No they don’t. In fact, they specifically say the contrary in the excerpt I printed: “The moral is, in this historical period of the Internet, don’t trust anybody who is “lecturing” about the inherent vulnerability of a particular Operating System.”
You are lecturing us about the inherent vulnerability of Linux, so you fit the mold perfectly. As I said, you’ve been proven wrong by the very link you’ve provided. Keep it up, you’re really convincing me so far! 🙂
You know, seeking security by using Linux on desktop is — security through obscurity.
Not obscurity. Scarcity. Words have meaning, you know…
So you do, in fact, believe the popularity argument. So Windows gets more viruses because it’s more popular, in your opinion. Then, you have to admit that Apache gets attacked more often because it’s more popular as well.
You can’t have it both ways: either you reject the popularity argument, or you accept it. Since you’ve indicated that you accept it for malware, you have to accept it for Website attacks as well.
Have you tried running the numbers after taking out all those different bits of malware that are all the same thing just with different names ?
Irrelevant: unless you have proof to the contrary, we are to assume that “duplicate” viruses are as prevalent on Windows as they are on Linux, so the proportion would remain the same.
But I’ll give you the benifit of the doubt. Let’s imagine an extreme scenario (one that is probably not true): even if each Windows virus has 50 variants, and each Linux virus is unique, Windows would still have 97.5% of all malware for a 92.5% market share. My point still stand: the popularity argument presupposes that the percentage of vulnerabilities is higher than actual market share.
But by limiting yourself to *only* looking at webservers, you’re self-selecting your sample and cutting out a *massive* proportion of all machines, not to mention dramatically reducing the primary security vulnerability of any system – the end user – by effectively imposing a minimum competency level.
I know you’re simply inserting yourself in the discussion, but you should have actually taken the time to follow it first: I didn’t bring up the web server stats, and nothing but the truth did. If you have something against that, look it up with him.
My argument was that if you accept the popularity argument for malware (like you both seem to do), then it’s hypocritical not to accept it for web site defacements.
Now, I know you’ll try to have the last word on this (you always do) even if it means dragging this in the 200+ posts. So since you seem to have an issue with looking only at web servers, I suggest you continue the discussion with and nothing but the truth instead. I mean, you’re both prolific posters, and he seems equally critical of Unix and the *BSDs as he is of Linux, so I’m sure you’ll find plenty to argue about.
See ya!
An experienced user/admin can make an OS installation more secure, for certain. However, he can’t make the actual OS more secure than it already is
And that is exactly why Linux gets defaced that much.
And that is exactly why Linux gets defaced that much.
Or it’s because Linux has a bigger market share. Or, as Zone-H suggests, because of a variety of reasons that make it impossible to say for sure which OS is more secure. Again, the link you provided argues that we should not listen to you.
Once more, I have to thank you for providing that link. It has done more to demolish your own arguments than anything else we’ve come up with.
P.S. For half of last year, IIS was defaced more than Linux, despite having a third of the market share. Following your logic, it means that the OS/Server combo was inherently insecure (even though it hasn’t changed that much since then…)
An experienced user/admin can make an OS installation more secure, for certain. However, he can’t make the actual OS more secure than it already is
Read it again, pal. Your own words. We’re not talking about Joe Sixpack here. Read and repeat.
Irrelevant: unless you have proof to the contrary, we are to assume that “duplicate” viruses are as prevalent on Windows as they are on Linux, so the proportion would remain the same.
On what basis do you justify this assumption ?
But I’ll give you the benifit of the doubt. Let’s imagine an extreme scenario (one that is probably not true): even if each Windows virus has 50 variants, and each Linux virus is unique, Windows would still have 97.5% of all malware for a 92.5% market share.
That’s a fairly close ratio. Particularly taking into account the inherent limitations of malware proliferance and th eneed for critical mass.
My point still stand: the popularity argument presupposes that the percentage of vulnerabilities is higher than actual market share.
The “popularity argument” merely states the a platform’s prevalence is a key factor in how often it is targeted, how often it is exploited, how quickly exploits spread and how big the impact of any arbitrary exploit is.
The “popularity argument” – despite numerous attempts by yourself and others like you to redefine it – does *not* say “Windows is more popular, and that is the only reason it suffers more”.
My argument was that if you accept the popularity argument for malware (like you both seem to do), then it’s hypocritical not to accept it for web site defacements.
I’m still awaiting even a preliminary line of reasoning as to why platform prevalence isn’t a significant influence on “security”.
Now, I know you’ll try to have the last word on this (you always do) even if it means dragging this in the 200+ posts.
Generally that’s in an effort (usually futile) to extract some sort of reply to the questions I ask.
Good day,
Often I find myself employing more Windows Servers, and accompained licenses, then I’d like to. Mostly this stems from a lack of vendor cross platform compatibilty, only running on Windows.
Applications such as ADP Payroll, and its accompined MS SQL Server, have strict guidelines when it comes to support – and if not followed – won’t support you. So there’s one license, plus the MS SQL license.
Then marketing will have some new app/server product they want to purchase , and say they need a dedicated Windows Server.
Sales will do a similiar like project requiring another server, and so on-and-so-on.
With all these Windows Servers my only way of keeping them somewhat organized, and keep hardware costs down, is to use VMWare GSX Server (for Windows, or Linux – I use Linux).
It gets even more annoying with some of the server based products, such as Human Resources Self Service based products, that require two Windows servers (one for database, one for www). Again, if you don’t follow their guidelines – no support.
With all these Windows production servers, figure 2 more licenses just for lab testing.
Sometimes I can bend the rules when it comes to support, and sometimes I can’t. It depends on the vendor, and the situation we may find ourselves in should I break or bend their policy.
Most businesses don’t consult their IT departments before launching a new application, and usually say – “We want this, the vendor needs us to have that, go make it happen”.
In corporate America each vendor is still very much doing their own thing, and require their own dedicated Windows server. Its quite frustrating, espically these products that some departments purchase that turn out to be little more than vaporware that were supposed to magically solve all their operating problems.
An experienced user/admin can make an OS installation more secure, for certain. However, he can’t make the actual OS more secure than it already is
And that is exactly why Linux gets defaced that much.
No, I would rather think that it is due to lack of Linux admins familliar with the latest security features of Linux.
If applied correctly, modern Linux is an extremely secure system. When more admins learn how to handle and make the best of the new security features of the 2.6 kernel, defaced Linux servers will be less common.
On what basis do you justify this assumption ?
I could ask you the same question: on what basis do you justify the assumption that there are enough duplicate viruses to say that less than 99% of malware target Windows.
That’s a fairly close ratio.
Perhaps, but only if you accept that every virus made for Windows has 49 “duplicates” for it. I don’t believe this is true. Hence the “extreme” scenario.
The “popularity argument” – despite numerous attempts by yourself and others like you to redefine it – does *not* say “Windows is more popular, and that is the only reason it suffers more”.
As usual, you go and put words in my mouth. I never said that Windows being popular is the only reason it suffers more. I agree with your definition of it 100%.
Stop trying to misrepresent what I say. You always do that and I find it extremely annoying. If I remember correctly, it is that dishonest habit of yours that made me stop trying to have a rational debate with you some months ago.
Again, re-read my argument, because you just proved it. If one subscribes to the popularity argument, then that can be seen as one of the reasons why Apache/Linux leads in web site defacements. To say it using your words: Apache’s prevalence is a key factor in how often it is targeted, how often it is exploited, how quickly exploits spread and how big the impact of any arbitrary exploit is. So we agree, and you disagree with and nothing but the truth, so I suggest you argue with him instead.
I’m still awaiting even a preliminary line of reasoning as to why platform prevalence isn’t a significant influence on “security”.
Maybe it is, maybe it isn’t. Again, this is something you should argue with and nothing but the truth, since he’s the one that seems confused about this.
Generally that’s in an effort (usually futile) to extract some sort of reply to the questions I ask.
If you didn’t constantly put words in people’s mouth, or try to misrepresent what they say, then perhaps you’d get better answers. Think about it.
Read it again, pal. Your own words. We’re not talking about Joe Sixpack here. Read and repeat.
I stand by what I wrote. In no way does it validate your argument. You’re the one who dragged Joe Sixpack in here. I merely pointed out that if you accept the popularity argument, which you seem to do, then you must accept that argument to explain why Apache/Linux gets defaced more than IIS/Windows (even though, during half of last year, IIS/Windows got more defacing than Apache/Linux).
You still have to provide a counter-argument for this. I suggest you take time to think this through. As for me, this thread has gone on long enough, I’m going to check out the newer ones.
even though, during half of last year, IIS/Windows got more defacing than Apache/Linux
Does that include all those defaced-via-phpBB sites? I guess, no.
If applied correctly, modern Linux is an extremely secure system. When more admins learn how to handle and make the best of the new security features of the 2.6 kernel, defaced Linux servers will be less common.
I doubt that. The problem in security breaches is rarely the technical limitations of the security capabilities of the system, but usually the fault of the user (be they an admin or otherwise) not actually using them.
A more comprehensive, complex and subseuqntly more difficult to use security infrastructure will make this problem worse, not better.
I could ask you the same question: on what basis do you justify the assumption that there are enough duplicate viruses to say that less than 99% of malware target Windows.
I didn’t actually make that assumption, I posited it as a hypothesis.
My reasoning is that there always seems to be dozens of duplicates of any major trojan with names like w32.beagle.a, w32.beagle.b and so on.
However, I still wouldn’t expect the percentage of unique “malwares” to be in any way proportional to OS marketshare. As I said, those sort of things tend not to be linear relationships – in either the natural world or the computer one.
As usual, you go and put words in my mouth. I never said that Windows being popular is the only reason it suffers more.
“I guess you didn’t understand me. I’m using the “popularity” myth that is usually associated with malware (i.e. Windows gets 99.9% of viruses, worms and trojans because of its large market share).”
I agree with your definition of it 100%.
That’s nice to know. I’ll keep it in mind the next time you say Windows’ popularity has no bearing on its security history.
Again, re-read my argument, because you just proved it. If one subscribes to the popularity argument, then that can be seen as one of the reasons why Apache/Linux leads in web site defacements. To say it using your words: Apache’s prevalence is a key factor in how often it is targeted, how often it is exploited, how quickly exploits spread and how big the impact of any arbitrary exploit is. So we agree, and you disagree with and nothing but the truth, so I suggest you argue with him instead.
Except you *also* disagree with that hypothesis (and, it appears, the very comments you’ve just made):
“That’s if you buy the popularity argument. I don’t, personally, neither for malware or web site defacement.”
That’s nice to know. I’ll keep it in mind the next time you say Windows’ popularity has no bearing on its security history.
Again, don’t put words into my mouth. You always do that. I said I agreed with your definition 100% – not necessarily that I believed in the “popularity” argument. I just happen to think your definition is correct, without being convinced that it is actually a major factor.
I hope you can see the distinction.
“I guess you didn’t understand me. I’m using the “popularity” myth that is usually associated with malware (i.e. Windows gets 99.9% of viruses, worms and trojans because of its large market share).”
Yes, this is the popularity argument as it is usually presented by those who believe in it. Your definition is more accurate, but not incompatible with the one I provided.
Again, I don’t necessarily believe in it, but that’s the way it is most often presented by those who use it to excuse Windows’ dismal malware record.
Except you *also* disagree with that hypothesis (and, it appears, the very comments you’ve just made)
Exactly. I’m not saying that I buy the popularity argument, however I’m arguing that, if and nothing but the truth believes in it, then he should also accept it as an important element of why Apache gets defaced more than IIS.
I’ll say it again as clear as I can: I’m not taking position as far as the validity of popularity argument is concerned. I don’t buy it, but I’m not saying I’m certain it’s not true either. I’m undecided about it. My entire argument, which you might have understood if you had taken the time to read the thread, is that IF you subscribe to the popularity argument for malware, then you also have to accept it for website defacement.
Therefore, at no point did I contradict myself. Meanwhile, you provided additional arguments that have supported my position, and invalidated and nothing but the truth‘s, which is why you should be debating with him, and not with me (not in this thread, at least! 😉
nothing but the truth believes in it
To a certain degree. You stop there, while I don’t.
Joe Sixpack plays a big part on Windows desktop in terms of overhyped security problem, but he is not working with (Linux) servers.
Take Joe Sixpack out of the picture and then tell me which system is more secure.
Take Joe Sixpack out of the picture and then tell me which system is more secure.
Well, you admitted that you believed in the popularity argument, which is (as drsmithy put it): a platform’s prevalence is a key factor in how often it is targeted, how often it is exploited, how quickly exploits spread and how big the impact of any arbitrary exploit is.
If you accept that this can explain why Windows gets 99.9% of viruses, then you must also accept that it explains why Apache gets a little more than it’s market share in defacements. It’s as simple as that.
Meanwhile, you still haven’t tried to explain how come Windows was more targeted by defacements than Linux for several months last year (which, I’ll admit, tends to invalidate the popularity argument somewhat).
You can also try to explain the many,many worms that have Windows systems over the past few years, and the very, very few that affected Linux systems. Remember Blaster? Code Red? MyDoom? All their variants (as drsmithy would remind you)?
Ultimately, both OSes can be made pretty secure but for some reason the biggest, costliest security issues always happen on Windows. And now that a Russian team has found a way to bypass new security features in XP SP2, how long before that becomes exploited by malicious hackers?
http://news.com.com/Report+Major+Windows+security+update+foiled/210…
I don’t think that drsmithy is an astroturfer, but I’m beginning to think that you are…
Blaster, Code Red, etc. all were released AFTER MS issued patches. It’s simply a matter of having something in your head. Not to mention that even the simplest firewall stops them (even the one that you get with Win XP without SP2, but it’s too hard for Joe Sixpack to turn it on. That’s why it’s turned on by default since SP2). Sure, shit happens, but Linux? Give me a break..
Here’s today’s report:
192 single IP
1467 mass defacements
Linux (87.8%)
Win 2000 (9.5%)
Win 2003 (1.4%)
..
Go on, deny it
.. or you can call me names if that makes you feel better.
Go on
Why would I call you names?
Still, you haven’t given any explanation for the fact that for many months last year there were more web site defacements for Windows than Linux – or that Zone-H expressely said that you can’t use the numbers they provide to say that an OS is more secure than another (therefore invalidating your argument). Or that Secunia rates security issues in Apache as “Less Critical”, while IIS is rated “Moderately Critical”? You’ve been dancing around these points since I brought it up.
Blaster, Code Red, etc. all were released AFTER MS issued patches. It’s simply a matter of having something in your head. Not to mention that even the simplest firewall stops them (even the one that you get with Win XP without SP2, but it’s too hard for Joe Sixpack to turn it on. That’s why it’s turned on by default since SP2). Sure, shit happens, but Linux? Give me a break..
Shit happens? Is that all you can come up with? Code Red, Blaster, MyDoom and the other worms that affected Windows servers (no Joe Sixpack here) cost hundreds of millions of dollars, in addition to slowing down the entire Internet. That’s a lot more serious than some web site defacements.
And how about the fact that a Russian team found a way to circumvent some security elements in XP SP2, which will undoubtedly lead to some serious exploits.
Yeah, shit happens. Too bad you can’t connect the dots.
…and you still haven’t given a good reason why the popularity argument should apply to malware, but not to web site defacement. And no Joe Sixpack story here – we’re talking about servers only, where malware has caused a lot of trouble as well (Code Red, Blaster, MyDoom, etc.)
When you don’t have a firewall on a server then it IS Joe Sixpack, you know. When you have SQL Server database exposed directly to the Internet, with no firewall, then it IS Joe Sixpack. Not to mention patches.
I do SQL Server (and Oracle) programming and administration for living and none of our servers were infected.
You’ll have to find something better cause this proves nothing to me.
When you don’t have a firewall on a server then it IS Joe Sixpack, you know. When you have SQL Server database exposed directly to the Internet, with no firewall, then it IS Joe Sixpack. Not to mention patches.
I KNEW that Joe Sixpack is an idiot, who dabbles with things he does not understand!
Must be why he is so popular.
You’ll have to find something better cause this proves nothing to me.
The Internet slowing down to a crawl is nothing to you?
I think you forgot that Code Red used port 80, which is open on a lot of firewalls (Nimda did, too). Lots of firewalled servers were hit by these worms.
So basically your argument is based on false premises, i.e. that all you need to be safe is a firewall. A firewall helps, but if you’re running services on a server then there is always a risk – as Code Red and Nimda demonstrated.
Of course there are other problems, such as MyDoom-like worms who used compromised “Joe Sixpack” PCs to launch DDoS attacks on servers. It didn’t do much good for Yahoo! or SCO to be protected by firewalls, they still collapsed under the amount of traffic they got bombarded with.
The malware problem that plagues the Windows installed base is very serious, and you shouldn’t try to downplay it.
Meanwhile, you still haven’t said anything about the numerous points I have raised. How about that Russian team who found a way circument some of XP SP2’s security features? How long before we start to see exploits based on this?
However, patch was released on time. Don’t know about you or your company, but we do schedule “server maintenance downtime”. Very simple. And it works. Patches are released for reason, you know.
However, Code Red doesn’t affect Windows 2003. Are we talking about something that was like.. 4 years ago?
Now, go back to 1st page and see it — how it all started: OSS fanboys basically disputing that W2K3 is more secure that W2K. Microsoft is delivering on its promises and that is what you guys fail to recognize.
About SP2 “software NX” flaw? Let’s wait and see what happens with that.
Now, go back to 1st page and see it — how it all started: OSS fanboys basically disputing that W2K3 is more secure that W2K.
I fail to see how that led to you repeating that Linux had more web sites defacement than Windows, oh, what, 20+ times?
Microsoft is delivering on its promises and that is what you guys fail to recognize.
Nope. Almost every pro-Linux poster has acknowledged that XP SP2 was a step in the right direction (despite the recently-discovered flaw). On the other hand, you have consistently attacked Linux’s security record, despite the fact that overall it’s been excellent.
As far as Win2K3 is concerned, it probably hasn’t been widely deployed enough for significant vulnerabilities to come up. I expect some to crop up over the next couple of months…
About SP2 “software NX” flaw? Let’s wait and see what happens with that.
Yes, “wait and see.” That seems to be Microsoft’s approach to security.
As far as Win2K3 is concerned, it probably hasn’t been widely deployed enough for significant vulnerabilities to come up.
More than Linux on desktop I’d say.
Have you read it? IIS 6 doesn’t “clearly win” at all. The only places it showed weakness and downright no support was with Microsoft specific features. Everything else could be added in via modules. In the end the article didn’t state, “IIS 6 blows apache away.” It said it was based on your needs.
Yeah I did read it.
Look, if you need Apache then you use Apache. If you need IIS then, well, you use IIS. However, if you have no specific needs — IIS is better choice according to the article. Take a better look. IIS ALWAYS has advantage, not only when talking about MS specific features. All together, IIS does clearly win: Apache has no advantages. None. Even the price is in question — read the last paragraph.
As far as Win2K3 is concerned, it probably hasn’t been widely deployed enough for significant vulnerabilities to come up.
Those viruses were released AFTER patches were released by MS. It has nothing to do with # of servers deployed.
More than More than Linux on desktop I’d say.Linux on desktop I’d say.
Stop comparing apples and oranges. Win2K3 is not a desktop OS. Now, I’m pretty sure there are more Linux servers than Win2k3 ones out there.
Take a better look. IIS ALWAYS has advantage, not only when talking about MS specific features.
Actually most of the time they’re pretty much the same, so IIS doesn’t always have the advantage. Putting it in caps won’t make it true.
All together, IIS does clearly win: Apache has no advantages.
Which I guess is why its market share is 70%, compared to IIS’s 20%. The global market has spoken, dude. Apache is the leader.
None. Even the price is in question — read the last paragraph.
How much is the cost of a Win2K3 license + IIS 6? How much is a Linux install with Apache 2? ’nuff said!
Oh, and when you’re quoting to provide a response, make sure the quote is actually relevant to what you have to say (i.e. your last post). We’ll let this one slip, you’re obviously very emotional about this subject…
Stop comparing apples and oranges. Win2K3 is not a desktop OS. Now, I’m pretty sure there are more Linux servers than Win2k3 ones out there.
Hey, was it you who started comparing security of servers (Linux) to desktops (Windows) or was it me?
Which I guess is why its market share is 70%, compared to IIS’s 20%. The global market has spoken, dude. Apache is the leader.
Apache is the leader when it comes to virtual hosting. Port80 shows another side of the story.
How much is the cost of a Win2K3 license + IIS 6? How much is a Linux install with Apache 2? ’nuff said!
Read the article at Serverwatch.com (last paragraph). They clearly say: “..on the surface..” Don’t shoot the messenger, pal.
Oh, and when you’re quoting to provide a response, make sure the quote is actually relevant to what you have to say (i.e. your last post).
It IS relevant. Too bad you can’t connect the dots. I’ll do it for you, free of charge (as in *free beer*
Code Red, Blaster.. let’s say there were no patches available, say Windows 2003 was already released at that time. It would have been vulnerable too, right? It doesn’t matter if there was only one W2k3 server deployed – it still would’ve been vulnerable — if patches were not available.
We’ll let this one slip, you’re obviously very emotional about this subject…
Hehehe, someone is, but I don’t think it’s me.
Right
Look, there’s one thing about security: Linux IS inherently insecure due to the nature of open source model. Source is available to anyone and that makes it inherently insecure. GPL ensures that inherent insecurty.
Hey, was it you who started comparing security of servers (Linux) to desktops (Windows) or was it me?
It wasn’t me, that’s for sure. I guess you still didn’t understand what I wrote about the popularity argument. It was not a comparison between servers and desktops by any means.
Read the article at Serverwatch.com (last paragraph). They clearly say: “..on the surface..” Don’t shoot the messenger, pal.
No, I won’t read the article. I’m asking YOU. How much is a Win2K3 server license + IIS 6? Then how much is a Linux + Apache license? I want YOU to give me the answer.
It IS relevant.
No it isn’t.
You quoted me as saying: “As far as Win2K3 is concerned, it probably hasn’t been widely deployed enough for significant vulnerabilities to come up.”
Then you responded: “Those viruses were released AFTER patches were released by MS. It has nothing to do with # of servers deployed.”
Tell me, what’s the link between what you quoted and what you responded? Oh, right, there is none.
Admit that you made a quoting mistake here and we’ll let it slip by. Continue to deny the fact that the quote has no relevance to what you responded and I’ll continue making fun of you.
Code Red, Blaster.. let’s say there were no patches available, say Windows 2003 was already released at that time. It would have been vulnerable too, right? It doesn’t matter if there was only one W2k3 server deployed – it still would’ve been vulnerable — if patches were not available.
That’s your argument? No wonder I didn’t get it, it doesn’t make any sense, and is based on conjecture (what if, what if).
No, what I’m saying is that there are probably vulnerabilities in Win2K3 that have not yet surfaced because it hasn’t been widely deployed, and for not long enough.
Hehehe, someone is, but I don’t think it’s me.
Actually, it is you. I could point to a couple of your modded down fanboy outbursts.
Look, there’s one thing about security: Linux IS inherently insecure due to the nature of open source model. Source is available to anyone and that makes it inherently insecure.
That is completely false reasoning. You can’t get a more secure distribution than SELinux, developed by the NSA, and yet it’s completely open-source. Having access to the source does not make software more insecure – look at Internet Explorer or Outlook Express, two of Microsoft’s biggest security risks ever! No one outside MS has had access to the source of these programs, and yet look at the dozens of exploits that were found.
Simply put, what you’re saying is total BS. Pure FUD, and nothing more. I’m starting to believe that you ARE a paid Microsoft shill, to be repeating such nonsense. That’s a bad investment, though, because we’re the only two people left in this thread since it went below the radar, and I’ve wasted enough time on you. You can have the last word if you want, you’ll be the only one to read it (fortunately for you, as each time you post you further erode your credibility). Goodbye.