Microsoft IIS 6 tied with Apache at 49% for compromised servers, even though Apache has a 40% lead in deployments. Apache makes up at least 50% of the malware servers in every country, save for Asia (China and S. Korea). The reason? Google says it's because of the high rate of piracy in Asia, and Microsoft's policy of not patching pirated systems.
Distribution of web server software by country.
Web server distribution by country Malicious web server distribution by country
The figure on the left shows the distribution of all Apache, IIS, and nginx webservers by country. Apache has the largest share, even though there is noticeable variation between countries. The figure on the right shows the distribution, by country, of webserver software of servers either distributing malware or hosting browser exploits. It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running IIS than Apache.
We suspect that the causes for IIS featuring more prominently in these countries could be due to a combination of factors: first, automatic updates have not been enabled due to software piracy (piracy statistics from NationMaster, and BSA), and second, some security patches are not available for pirated copies of Microsoft operating systems. For instance the patch for a commonly seen ADODB.Stream exploit is not available to pirated copies of Windows operating systems.
Is it time for a change? Based on this information, I agree with Google. I think the evidence is pretty clear here that Microsoft's patching policy hurts legitimate customers much more than it does pirates.Continue At Source