IT workers of the world unite...
Published: 12 October 2001 12:25 GMT
In a silicon.com exclusive, a senior security chief at Microsoft claimed that the company's much-maligned IIS web server software is not as unreliable as many claim. Instead he insisted that if system administrators took more care to update patches, there would be far fewer security problems.
Click here for the whole story: http://www.silicon.com/a48169
The assertion has incensed silicon.com readers. Here's just some of the feedback we've received since we published the story.
Good Choice
From Graham Rowe
Hmmm, of all the people involved in the food chain - blame the people who are responsible for making your software run securely in the business. Smacks of shooting self in foot
Blaming the sys admins
No name supplied
Without wishing to get into an argument of which OS is best, I can't help but think that a lot of the problems is caused by:
1. The belief that because Windows NT/2000 looks like a desktop OS, it must be easy to manage, so skill levels aren't as high as they could be (this is unrelated to the certification level, which I believe is quite high).
2. High workloads for sys admins, so many of them are in a position that they don't have the opportunity to be proactive in keeping patched (whatever the OS). In a production web server environment with availability KPIs, patching can be a major logistical challenge.
From my perspective, these are real reasons for companies to consider outsourcing web facilities, and allowing hosting companies to start getting some economies of scale in server management.
Hellen is right
From: Andrew North
And that's precisely the culture that Microsoft cashed in on - all in one - cheap and cheerful. Now MS wants to be a grown-up.
How much for a Sun or IBM server? Big difference. But that's the cost of reliability and security (with patches on a CD that are issued rather often more than once a year).
We're learning. We'll get there in the end - and pay a lot more.
Why MS is far more insecure than Apache
From Adam L. Gibson
I hate to burst his bubble, but Apache itself has not had a root compromise vulnerability in years. If someone manually installs some insecure CGI and causes Apache to get hacked, that is much different that how vulnerable IIS is with its built in vulnerable components. IIS should not install anything but static html ability by default,
That is where MS is failing...
Let us know what you think. Are system administrators failing to perform essential upgrades to web server software or is Microsoft just offloading the blame?
Add a reader comment by clicking on the button below.
Previous desirable experience ~ Minimum of three years relevant technical experience in an IT or Internet operations/customer support environment ...
Have working in ASP.NET, or Linux or Apache Environment, experience of Security IIS Handlers ot Apache Handlers, you will have experience of ...
You will also be expected to have experience with protocols, LAN configuration, as well as knowledge of major web server software (IIS, Apache, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Seb Janacek Magic Mouse - Apple's best ever? Minority Report: After years of disappointment, one Mac lover has hope
Bethan Jones Can I use a netbook as my everyday work machine? Why silicon.com's sub editor is ditching her laptop for a sprightly mini-laptop