The report released a couple of weeks ago by Gartner suggesting that enterprises should start re-evaluating their reliance on Microsoft server products has stirred up a fair amount of debate on the letters page of this and other publications.
For too long the critics of Microsoft products have been maligned and labelled good-for-nothing hackers.
Alastair Otter, Journalist, ITWeb
For those that missed it, the report followed the most recent worm outbreak - in this case the Nimda worm - and the expected overload placed on Web servers around the world.
Gartner simply pointed out that when it came to Web server technology, the history of vulnerabilities in Microsoft`s IIS product should warrant a second look by enterprises wanting to serve up information online in a secure environment.
In reality, the case goes a lot deeper than just that, and although Web servers are obvious targets for bored Internet surfers, perhaps the full range of products should be brought into the inquisition room.
I, for one, am really pleased that Gartner put out a report of this nature. For too long the critics of Microsoft products have been maligned and labelled good-for-nothing hackers. Perhaps the Gartner report will get just a few more decision-makers to do some of the sums related to vulnerabilities against their existing systems.
Testing the argument
In case the report is not enough, then perhaps the following test will add just a little more weight to the argument. Have a look at a site such as Netcraft (www.netcraft.com). The most recent figures posted on the site collate information from more than 30 million Web sites to determine the relative percentage each product has in the active Web server market.
The most recent results indicate that almost 60% of Web sites are run using the Apache Web server, an open source Web server that runs on most platforms but tends to be favoured by users of Linux, FreeBSD and other free Unix-like variants. Microsoft`s server products represent around 30% of the remaining Web server installations.
Now compare these figures with the results from a site such as the Alldas defacement archive (www.alldas.de). On this site, the most recent figures, representing just over 23 000 Web site defacements, put Microsoft products way at the top of the list with a rather humbling 65% share of the defaced Web sites. Linux is a distant second with only 16% of the defaced market.
Obviously these are not scientific experiments and there are many other factors hidden by the simplicity of the results, but the single most important point remains: if Microsoft accounts for around 30% of the Web server market, how come they are also the most hacked sites with around 65% of the defacements?
It is a fairly easy assumption to make that most companies running Linux or FreeBSD are running Apache or one of the lesser-known Web server brands, but none of them are running IIS. So clearly Microsoft accounts for the majority of defacements.
There are the true believers that will again trot out the same old arguments in favour of Microsoft, but if planning to put your business on the Internet, which would you choose? It`s not a hard decision as far as I can tell.
Share