"However, to address your point, the belief that you have to apply patches every other day is incorrect"
Not really a belief to be honest, I was being a little sarcastic in the realm of the evergoing IIS (Is it Secure?) joke. I have worked with IIS before and yes, I agree with all that you've said about removing what you don't need, etc. You answered my questions already and... I'm not looking to pick a fight, I was just looking for a discussion in which you've more than answered already (this being the 2nd email on it). This is good stuff to read and good things for IIS admins to take into account. Thanks Dave! ~Todd On Thu, 6 Jun 2002, Dave Watts wrote: > > > We're not a hosting house, and from my perspective, free > > > beats cheap. The thing is, WebSite doesn't really offer > > > any features that IIS doesn't, and I don't think it's any > > > better than IIS, really. IIS has to be set up correctly, > > > but that's pretty trivial to do. In that sense, I'm a > > > satisfied IIS user. > > > > Even if it means having to apply a patch every other day? > > Just curious. Ever since IIS started getting hacked left and > > right, I started leaning towards Apache. Not starting a fight > > here, just having a discussion. > > Well, for that matter, I'm a satisfied Apache user, but I and our clients > typically use IIS on Windows and Apache on other platforms. > > However, to address your point, the belief that you have to apply patches > every other day is incorrect - if you've configured your IIS server > correctly. By default, IIS includes all sorts of things that you usually > just don't need. And, of course, following the general best practice for > configuring any kind of server, you should remove or disable the things you > don't need. Here are some things that IIS allows you to do: > > - handle server-side includes (I use CFINCLUDE for that, and don't deal with > static HTML.) > - allow NT users to change their NT passwords > - allow IIS to handle local print jobs received through a web browser (IIS 5 > only) > - allow direct interaction with databases through MSADC > - provide a direct interface to MS Index Server > - manage IIS itself through a browser > (and much, much more!) > > Now, I don't need any of that stuff, so I just remove it. If a patch comes > out for it, I don't bother patching it, except when routine maintenance > comes up, when I'll just apply all outstanding patches at once - you can do > this with one reboot using QChain. That's it. Trust me, I don't spend much > post-installation time applying patches. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists