just my opinion:
a) there are lots more apaches than IIS
b) statistics is the art to lie.. (forgot the author)
c) it is easier to harden a open system than a proprietary.
c-1) And I donot know any other way to harden a IIS than obscure
patches.. which closes a lot of holes just opening new ones.
Hornat, Charles wrote:
> I recently read a statistic that said apache is hacked more than IIS web servers.
>and I have also seen statistics go the other way. I did a quick search in google to
>try and see if I could find a solid believable statistic, and was unsuccessful. I
>found many individuals stating facts without citing their references.
>
> Besides this, Does it really matter what web server you choose? I have worked with
>many and would answer this with, the system is as secure as the administrator of that
>system is knowledgeable. I know administrators who can secure an IIS server and
>others who can secure Apache. Its like asking which os is the most secure? There
>isn't really an answer.
>
> I am doing a study right now on OS's, and which are the most secure out of the box
>and out of the box with the latest security patches applied. The study consist of
>operating systems like Solaris 6 and 8, redhat, windows and so on. We are using the
>latest nessus and nmap to scan the boxes and will be writing our findings up on each
>os.
>
> Lets face it, Apache isn't more secure than IIS. They are both vulnerable unless
>hardened and protected.
>
> Charles
>
>
>
> ________________________________________________________________
> The information contained in this message is intended only for the recipient, may be
>privileged and confidential and protected from disclosure. If the reader of this
>message is not the intended recipient, or an employee or agent responsible for
>delivering this message to the intended recipient, please be aware that any
>dissemination or copying of this communication is strictly prohibited. If you have
>received this communication in error, please immediately notify us by replying to the
>message and deleting it from your computer.
>
> Thank you,
> Standard & Poor's
>
>
--
sauda��es,
irado furioso com tudo.
Linux User (SuSE) 179.402
explicando o padre marcelo ('o mala', the pope's boy, the pope's star):
mer$&^ velha com roupa nova.
