Gartner's Recommendation To Dump IIS: Why?
Let me be honest. I don't use IIS. I don't like IIS. I don't suggest others should use IIS. But that's my personal opinion.
I am also honest enough to know that IIS happens to be a fairly good webserver for Windows machines when the proper precautions are taken, and if you want something easy and cheap.
That being said, I am totally against the statement made by the Gartner Group against IIS. Rather than point their finger at the true problem, they have come out to demonize a product.
Now don't get me wrong: IIS is quite far from perfect. It has a huge number of security holes, a number of internal problems, and if it crashes, it can take down an entire machine. But -- and this is a big but here -- Microsoft has put out a lot of patches to fix most of these problems. Anyone running a machine with these patches would not only be immune to the NIMDA attack, but to many others, as well. The thing that Gartner does not recognize is that this latest virus attack that was able to get into all these machines used the exact same exploits as the last big virus, and the big virus before that, and the big virus before that. If somebody's machine was successfully attacked by the NIMDA virus, then they were vulnerable to all the others, may have gotten all the others, may still have all the others, and it is their responsibility to fix it. It is the responsibility of a driver to patch a broken light on their car before driving in the dark. It is the responsibility of an administrator to patch their servers when a new security patch comes out, especially when that patch has been announced on radio and tv, as well as by emails all over the place.
Is it the fault of Microsoft for making a product that has all these security holes? Yes.
Is it the fault of hackers for taking advantage of these security holes? Yes.
Is it the fault of administrators for not putting these patches on their machines? Yes.
Is it the fault of Gartner for sowing division in the ranks and fear of a viable technology? Yes.
I think they should spend as much time commenting on administrators and hackers as they do on IIS. To claim that IIS should be dropped is the height of irresponsibility.
On a side note, this article is being read by you using the Website webserver by Bob Denny. I have been using it since he created it, and I have been using all of his upgrades. Now that he is redoing it himself rather than with O'Reilly, I plan to be behind it even more than before. On the whole, no security problems.
Below you'll find a list of Microsoft security fixes. If you are running a Microsoft system and have not installed these patches, you should do so immediately:
Latest ColdFusion Talk (CF-Talk)
- Very basic/simple forum
- Best Practice: Looping over a query in cfscript?
- IDE announced: IDE/Compiler Business Model
- Error invoking CFC
- Official ColdFusion IDE announced
- URL to open in maximized window state within current window
- Ant build
- Cfdiv not changing when cfselect changes
- client variables log database is huge
- JRun Connector Error
Latest ColdFusion Jobs (CF-Jobs)
- Drupal CMS + ColdFusion MX 7 contract - 3 months
- Junior to Mid Level Web Developer (Washington, DC)
- QuillDesign - Looking for Telecommute Part-Time
- ColdFusion Developer in North Jersey Area
- Analysis Service Developer Position OPEN NOW!!
- Business Analyst - Internet / Coldfusion based in London UK
- ColdFusion Developer - Milton Keynes UK (United Kingdom)
- ColdFusion/ActionScript Position (RI) ASAP! 3-4 month contract
- Web Infrastructure and Developer w/ Coldfusion- Columbia, SC
- Coldfusion Developer available
