Thanks for the feedback bud but I still disagree. IIS and Microsoft are just the flavor of choice now for the cracker community. If you go to SecurityFocus.com, you'll see that both Linux and Apache have a long history of security issues. Look up Sun and you'll find the same thing. If we were to call IIS "shaky" simply because of the current security issues, then I'm not exactly sure what to call the other operating systems that at one time had many security breaches and to this day, still have to constantly patch their implementations. I truly hope MS is sincere in their statement of rewriting IIS but inevitably, there are still going to be hacks. The strongest OS that I've seen publicly available is OpenBSD and that's because they audit *every* line of code in their BSD offering and many of the accompanying packages. Those that can't be audited are put into a "ports" tree and an advisory is specified accordingly. Anyone that would come out and say that SunOS, Linux or FreeBSD (very good webserving alternatives) are without security issues would be a liar. I certainly acknowledge that IIS & WinNT/2K have some security issue but I have seen and experienced the same thing on other OSes. As for Gartner, like I mentioned originally, they sway with the wind. I find them to be very good sometimes and VERY crappy on other occasions. I've seen they're reports for the last eight years, through the client/server days and now with ecommerce and, frankly, have seen a steady decline in their analysis of anything. Its almost as if they just hire any schmoe to do a review of some business practice, regardless of that person's skills or past experiences. I remember when they smacked Sybase around because they didn't have row-level locking when in reality, 90% of DBMS users, at that point, had no need for that feature because they weren't in a high-OLTP environment. Its was stupid and this latest report is right in line w/ the deteriorating level of their reports. It makes very poor fiscal sense for a large corporation to drop critical web servers and start a huge migration to a new platform of which they probably have no knowledge. You want to see a real security mess? Get a bunch of MS-focused companies to switch to Linux and watch the crackers have fun. Then lets see what Gartner would have to say. A better argument would've been to recommend that companies start taking security seriously and invest in training their existing staff as well as supplementing those overburdened admins. Rey... ----- Original Message ----- From: "Benjamin Falloon" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, September 25, 2001 3:42 PM Subject: Re: Check out what Gartner is recommending. Drop IIS! > Maybe a little OT, but my 2c. > > I wouldn't call that stupid at all. > Consider all of the attacks aimed squarely at IIS in the past few months. > It's only going to increase. I've had personal experience with being hacked. > I run 2 internal IIS development boxes for CF and an internal hack replaced > *ALL* index.htm, default.htm files in all folders in the web serving > directory. Lucky more files where cfm. > > I'm not a 'server' admin (by title) but I can thank MS for this. If they > released a tighter web server with less vunerabilities maybe there would be > fewer viruses/hacks that could penetrate. People shouldn't need to have to > patch every week. > > Doesn't that fact indicate that just *maybe* the software itself is pretty > shaky? > > Consider this quote from the article, > > "Gartner remains concerned that viruses and worms will continue to attack > IIS until Microsoft has released a completely rewritten, thoroughly and > publicly tested, new release of IIS," > > Rewritten. That would be a good idea. Try to imagine a pair of pants with as > many 'security' patches as is and will continue to be required for IIS. I'd > say the pants would be more patches than pants. > > Just a thought, > > Benjamin > > PS maybe apache would be a good alternative. > > > > ----- Original Message ----- > From: "Rey Bango" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, September 26, 2001 3:03 AM > Subject: OT: Check out what Gartner is recommending. Drop IIS! > > > > Now, I've always found Gartner to sway in a particular direction based in > > the wind changes and the phases of the moon but this recommendation is > just > > plain stupid. Check it out: > > > > http://news.cnet.com/news/0-1003-200-7294516.html > > > > Rey Bango > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
