At this point, this is probably true.
The security landscape changes with time, and as professionals, we must
change with it. We should be willing to learn other platforms if IIS
isn't the best solution; we must also guard against the Microsoft
bigotry that runs rampant. If this was Apache, people would say, "There
are costs to the freedom that the open source revolution brings us!" If
it's IIS, "Typical Microsoft sh**. That's what they get for their bold
attempt at world domination!"
For fun, the next time someone mentions worms and IIS, and how *Nix is
the best alternative, say three words: "UNIX. Morris. Worm."
---
Billy Cravens
Web Development, EDS
[EMAIL PROTECTED]
-----Original Message-----
From: Benjamin Falloon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 3:32 PM
To: CF-Talk
Subject: Re: Check out what Gartner is recommending. Drop IIS!
Sure, I'm not saying that either Apache or other web server don't have
holes, but running IIS is like walking around with a 'kick me' sign
stuck to your back knowing full well it's there.
People don't usually write viruses/worms for apache and other web
servers... they usually just hack them which is always possible, but
with IIS people are writting automated viruses/worms. I'd rather be
hacked by a hacker with a sense of humour than have my how web serving
directory nuked by an automated program.
My point is that you would have less exposure to risk running
alternatives because they aren't a massive target like IIS is.
Benjamin
----- Original Message -----
From: "Costas Piliotis" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, September 26, 2001 6:19 AM
Subject: RE: Check out what Gartner is recommending. Drop IIS!
> You know it's funny though. A quick search at www.securiteam.com
> shows
that
> Apache and iPlanet have many vulnerabilities as well. Think perhaps
> that the research is simply political? Hackers seem to actually
> target IIS
boxes
> likely for their hatred of Micro$oft. I think there's more to this
> than meets the eye...
>
> Remember, nothing's ever secure. As stated in the movie The Score:
> "If someone built it, someone can break it".
>
>
> -----Original Message-----
> From: Benjamin Falloon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 12:42 PM
> To: CF-Talk
> Subject: Re: Check out what Gartner is recommending. Drop IIS!
>
>
> Maybe a little OT, but my 2c.
>
> I wouldn't call that stupid at all.
> Consider all of the attacks aimed squarely at IIS in the past few
> months. It's only going to increase. I've had personal experience with
> being
hacked.
> I run 2 internal IIS development boxes for CF and an internal hack
replaced
> *ALL* index.htm, default.htm files in all folders in the web serving
> directory. Lucky more files where cfm.
>
> I'm not a 'server' admin (by title) but I can thank MS for this. If
> they released a tighter web server with less vunerabilities maybe
> there would
be
> fewer viruses/hacks that could penetrate. People shouldn't need to
> have to patch every week.
>
> Doesn't that fact indicate that just *maybe* the software itself is
> pretty shaky?
>
> Consider this quote from the article,
>
> "Gartner remains concerned that viruses and worms will continue to
> attack IIS until Microsoft has released a completely rewritten,
> thoroughly and publicly tested, new release of IIS,"
>
> Rewritten. That would be a good idea. Try to imagine a pair of pants
> with
as
> many 'security' patches as is and will continue to be required for
> IIS.
I'd
> say the pants would be more patches than pants.
>
> Just a thought,
>
> Benjamin
>
> PS maybe apache would be a good alternative.
>
>
>
> ----- Original Message -----
> From: "Rey Bango" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, September 26, 2001 3:03 AM
> Subject: OT: Check out what Gartner is recommending. Drop IIS!
>
>
> > Now, I've always found Gartner to sway in a particular direction
> > based in the wind changes and the phases of the moon but this
> > recommendation is
> just
> > plain stupid. Check it out:
> >
> > http://news.cnet.com/news/0-1003-200-7294516.html
> >
> > Rey Bango
> >
> >
> >
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
