But software giant says IIS is safer than the rest...
By Pia Heikkila
Published: 12 October 2001 07:45 GMT
A Microsoft security expert claims system administrators do not do enough to shore up IIS web servers from security threats, with the result that the software looks more vulnerable than it actually is.
Ian Hellen, principal security consultant at Microsoft UK, said that a large percentage of system administrators' approach to updating patches on server software is too laidback, with the result that the company's reputation for server security has been distorted.
Analyst house Gartner issued a controversial warning two weeks ago to companies using Microsoft's web server software, recommending them to seek alternatives to Internet Information Server (IIS) because of the serious security risks.
However, Microsoft has defended its corner and said its software is as secure as its competitors, if not more so.
Hellen said the vulnerabilities of IIS are distorted because of a large user base, and because the easy installation option does not invoke the highest security settings available in the software.
He said: "When IIS gets hit by viruses the figures look a lot worse than they are because 50 per cent of the world's servers have IIS... Also there is always a risk of human error as lot of people just get the software up and running quickly and then just forget all about it."
Hellen added: "There is a certain sys admin culture which might make the patches issued ignored."
Gartner recommended that users consider products from vendors such as iPlanet, and the open source Apache server software instead.
However, Hellen insisted that competing products are no better than IIS. "There were more patches issued for Apache servers last year than for IIS," he claimed.
Gartner asserted that one reason the security risks in using IIS are so high is because Microsoft doesn't react fast enough to vulnerabilities and supply security patches in time.
Microsoft has responded by changing the default security settings on the latest versions of IIS, and by making it easier for sys admins to find patches on its website.
Leading London based IT Consultancy is looking for Windows System Administrators to join their support team. Successful candidates must have strong ...
Responsible for maintaining and improving all the IT systems; managing the system administrators in the UK and remote offices; and proposing and ...
Serve as an advocate on behalf of customers for issues requiring code fixes, patches or feature requests.Follow all documented processes to ensure ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy