I recently changed the signature of the Apache running on modsecurity.org (to pretend to be IIS5). As a result, I've started getting more IIS-related attacks than before. So, the signature does matter.
And what was the security advantage?
Smaller number of attack attempts made specifically against my configuration. Would-be attackers going somewhere else to play.
Also, imagine I have a PHP application (I chose PHP because it runs on Windows and on Unix), and that someone is trying to find a hole in the app. If they think I'm running Windows they'll try to run Windows-specific attempts, completely missing the point (I know about OS fingerprinting but a typical Web attacker doesn't).
Changing the server signature is a small benefit, but one of many you can have.
But, at the end of the day, I think sysadmins should be the ones making the decision, with programmers giving them... rope :)
-- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
