> Yes the default WWW Service runs as System on Windows and yes you can > (and should) change that. It is quite unbelievable just how much you
That's very good. > > It is interesting that you point out one of the exploits available for > OpenSSH which highlights the fact that other systems have security > exploits also. No disagreement there, but my point was that running services as "root" or the windows equivalent of root is, in most cases, a very bad idea. > Icecast is a freeware media streamer but is it for audio, not movies. My mistake. > > On the flame point, you may have noticed some irate responses to my > first entry. Yes, we can all be a overly sensitive at times :-) > IIS is certainly not alone in this > database, a lot of CGI stuff in there. Very true. There are a lot of insecure CGI programs out there, but that's not a security hole in the web server itself. Anyone can write a bad application for a web server that opens them to an attack. On a properly configured system, compromising the host that the web server is running on should be very difficult to do from a CGI program. Cheers! Steve Bremer
