Order Now!
Windows 7 for XP ProfessionalsUpdating Support Skills from XP to Windows 7by Bink.nu's Raymond Comvalius
There are 42 guest(s) online.
There are 0 member(s) online.
Microsoft IIS 6 tied with Apache at 49% for compromised servers, even though Apache has a 40% lead in deployments. Apache makes up at least 50% of the malware servers in every country, save for Asia (China and S. Korea). The reason? Google says it's because of the high rate of piracy in Asia, and Microsoft's policy of not patching pirated systems.
Distribution of web server software by country.Web server distribution by countryMalicious web server distribution by country The figure on the left shows the distribution of all Apache, IIS, and nginx webservers by country. Apache has the largest share, even though there is noticeable variation between countries. The figure on the right shows the distribution, by country, of webserver software of servers either distributing malware or hosting browser exploits. It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running IIS than Apache. We suspect that the causes for IIS featuring more prominently in these countries could be due to a combination of factors: first, automatic updates have not been enabled due to software piracy (piracy statistics from NationMaster, and BSA), and second, some security patches are not available for pirated copies of Microsoft operating systems. For instance the patch for a commonly seen ADODB.Stream exploit is not available to pirated copies of Windows operating systems.
Distribution of web server software by country.
The figure on the left shows the distribution of all Apache, IIS, and nginx webservers by country. Apache has the largest share, even though there is noticeable variation between countries. The figure on the right shows the distribution, by country, of webserver software of servers either distributing malware or hosting browser exploits. It is very interesting to see that in China and South Korea, a malicious server is much more likely to be running IIS than Apache.
We suspect that the causes for IIS featuring more prominently in these countries could be due to a combination of factors: first, automatic updates have not been enabled due to software piracy (piracy statistics from NationMaster, and BSA), and second, some security patches are not available for pirated copies of Microsoft operating systems. For instance the patch for a commonly seen ADODB.Stream exploit is not available to pirated copies of Windows operating systems.
Is it time for a change? Based on this information, I agree with Google. I think the evidence is pretty clear here that Microsoft's patching policy hurts legitimate customers much more than it does pirates.
What?? MSs policy doesn't block security updates for pirated copies of windows etc. Only optional downloads are checked by WGA and either blocked or not. This is pretty baseless. And another thing, last I read, IIS6 has only had 2, maybe 3 patches since 2003 for security flaws. The fact IIS6 systems are compromised could be bad admin setup, or some other hole which isn't related to IIS6 but is used to get into the server.
IIS6 is a very good and secure web server, and IIS7 is even better from the looks of it.
What this shows is that Microsoft should not allow IIS to run on pirate copies. To even suggest that it hurts legitimate customers more is wishful thinking.
lsproc, that goes against what system admins and big business want. The reason MS switched to a scheduled patch system was so IT/business could be ready in time to deploy the new patches as they come out. Now they only have 1 day of downtime to update insted of a sporatic number of who knows how many in a month.
So, if anything, MS did what it's customers wanted.
I agree with Sparticus701, Microsoft should disable services (not just IIS) on pirated servers.
From GP007, Microsoft knew that if it stopped anyone from getting security updates, there would be a lot more botnet infected systems and other infections. What the administrators of these servers are probably doing is not even enabling automatic updates. if they are, then Google's report is full of crap. Do they know that these server are in fact unprotected?
Last night I created a new virtual machine and installed Windows Server 2003 RTM (from my Visual Studio .NET 2003 Enterprise Architect servers discs), but did not activate it. I then enabled Automatic Updates to automatically download and install, then forced it to check for updates by running wuauclt /detectnow.
Windows Update fetched Windows Installer 3.1 and requested a reboot. After doing this and running the command again, it then fetched everything up to and including the April 2007 updates, installed them, and rebooted on the schedule. It then downloaded SP1 - I'm waiting to see if this gets automatically installed. No WGA components were downloaded.
April was the last month that 2003 RTM was supported. The May updates, including the critical MS07-029, require at minimum SP1.
All too often I see servers at customer sites that have no update maintenance schedule - the yellow 'updates pending' icon is an all too frequent sight. Here, all the workstations and member servers are set to update automatically - I have no resources to update all the servers manually or to test patches before deployment. The domain controllers are too business-critical so they are updated manually.