Sure, I'm not saying that either Apache or other web server don't have
holes, but running IIS is like walking around with a 'kick me' sign stuck to
your back knowing full well it's there.

People don't usually write viruses/worms for apache and other web servers...
they usually just hack them which is always possible, but with IIS people
are writting automated viruses/worms. I'd rather be hacked by a hacker with
a sense of humour than have my how web serving directory nuked by an
automated program.

My point is that you would have less exposure to risk running alternatives
because they aren't a massive target like IIS is.

Benjamin


----- Original Message -----
From: "Costas Piliotis" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, September 26, 2001 6:19 AM
Subject: RE: Check out what Gartner is recommending. Drop IIS!


> You know it's funny though.  A quick search at www.securiteam.com shows
that
> Apache and iPlanet have many vulnerabilities as well.  Think perhaps that
> the research is simply political?  Hackers seem to actually target IIS
boxes
> likely for their hatred of Micro$oft.  I think there's more to this than
> meets the eye...
>
> Remember, nothing's ever secure.  As stated in the movie The Score: "If
> someone built it, someone can break it".
>
>
> -----Original Message-----
> From: Benjamin Falloon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 12:42 PM
> To: CF-Talk
> Subject: Re: Check out what Gartner is recommending. Drop IIS!
>
>
> Maybe a little OT, but my 2c.
>
> I wouldn't call that stupid at all.
> Consider all of the attacks aimed squarely at IIS in the past few months.
> It's only going to increase. I've had personal experience with being
hacked.
> I run 2 internal IIS development boxes for CF and an internal hack
replaced
> *ALL* index.htm, default.htm files in all folders in the web serving
> directory. Lucky more files where cfm.
>
> I'm not a 'server' admin (by title) but I can thank MS for this. If they
> released a tighter web server with less vunerabilities maybe there would
be
> fewer viruses/hacks that could penetrate. People shouldn't need to have to
> patch every week.
>
> Doesn't that fact indicate that just *maybe* the software itself is pretty
> shaky?
>
> Consider this quote from the article,
>
> "Gartner remains concerned that viruses and worms will continue to attack
> IIS until Microsoft has released a completely rewritten, thoroughly and
> publicly tested, new release of IIS,"
>
> Rewritten. That would be a good idea. Try to imagine a pair of pants with
as
> many 'security' patches as is and will continue to be required for IIS.
I'd
> say the pants would be more patches than pants.
>
> Just a thought,
>
> Benjamin
>
> PS maybe apache would be a good alternative.
>
>
>
> ----- Original Message -----
> From: "Rey Bango" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, September 26, 2001 3:03 AM
> Subject: OT: Check out what Gartner is recommending. Drop IIS!
>
>
> > Now, I've always found Gartner to sway in a particular direction based
> > in the wind changes and the phases of the moon but this recommendation
> > is
> just
> > plain stupid. Check it out:
> >
> > http://news.cnet.com/news/0-1003-200-7294516.html
> >
> > Rey Bango
> >
> >
> >
>
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to