But software giant says IIS is safer than the rest...
By Pia Heikkila
Published: 12 October 2001 07:45 GMT
A Microsoft security expert claims system administrators do not do enough to shore up IIS web servers from security threats, with the result that the software looks more vulnerable than it actually is.
Ian Hellen, principal security consultant at Microsoft UK, said that a large percentage of system administrators' approach to updating patches on server software is too laidback, with the result that the company's reputation for server security has been distorted.
Analyst house Gartner issued a controversial warning two weeks ago to companies using Microsoft's web server software, recommending them to seek alternatives to Internet Information Server (IIS) because of the serious security risks.
However, Microsoft has defended its corner and said its software is as secure as its competitors, if not more so.
Hellen said the vulnerabilities of IIS are distorted because of a large user base, and because the easy installation option does not invoke the highest security settings available in the software.
He said: "When IIS gets hit by viruses the figures look a lot worse than they are because 50 per cent of the world's servers have IIS... Also there is always a risk of human error as lot of people just get the software up and running quickly and then just forget all about it."
Hellen added: "There is a certain sys admin culture which might make the patches issued ignored."
Gartner recommended that users consider products from vendors such as iPlanet, and the open source Apache server software instead.
However, Hellen insisted that competing products are no better than IIS. "There were more patches issued for Apache servers last year than for IIS," he claimed.
Gartner asserted that one reason the security risks in using IIS are so high is because Microsoft doesn't react fast enough to vulnerabilities and supply security patches in time.
Microsoft has responded by changing the default security settings on the latest versions of IIS, and by making it easier for sys admins to find patches on its website.
Ensure that security patches are tested and applied to the services. Considerable experience in the following applications - Apache/Tomcat, jboss, ...
You will have had experience with web application technologies such as Apache, Tomcat, IIS etc and experience with MySQL, Oracle, SQL or Apache Derby ...
Preferably the candidate would have some knowledge of major web server software (IIS, Apache, Websphere, Tomcat, WebLogic), UNIX/Windows web ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business