[ale] OT: Gartner: drop IIS

Transam transam at cavu.com
Wed Oct 3 15:40:00 EDT 2001


This is from today's SANS mailing list ...

 --24, 25 & 26 September 2001  Gartner Analyst Advises Users to Drop IIS

In the wake of Code Red and the Nimda worm, John Pescatore, research
director for the Gartner group, recommends that people switch from
Microsoft Internet Information Server (IIS) server software to a more
secure platform.  Gartner does not believe Microsoft will provide a
fully rewritten IIS until the end of 2002.

Full report: http://www3.gartner.com/DisplayDocument?doc_cd=101034
http://www.usatoday.com/life/cyber/tech/2001/09/25/microsoft-servers-vulnerable.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2814546,00.html
http://dailynews.yahoo.com/h/nf/20010924/tc/13700_1.html
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO64226,00.html

[Editors' Notes: (Schultz) Despite its grossly inaccurate predictions
about security-related losses expected as the result of the W2K
rollover, the Gartner Group is really on to something here.  The IIS
Web server, even with all the bells, whistles, and band aids that
are available, is simply not capable of withstanding the level of
security- related threat that the Internet poses.  Microsoft needs
to go back to the proverbial drawing boards concerning the design
and out-of-the-box configuration of this Web server.

Bob Toxen
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
http://www.cavu.com
http://www.realworldlinuxsecurity.com/ [My book:"Real World Linux Security"]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21





More information about the Ale mailing list