Archive for the ‘Apache’ Category

Google Says Microsoft Web Servers Are Used To Distribute Malware

June 9, 2007

Microsoft’s Internet Information Services (IIS) Web servers are more than twice as likely to deliver malware to unsuspecting users than the open source Apache Web server, according to a recent security survey performed by Internet search giant Google. That’s quite an allegation, coming as it does from one of Microsoft’s chief competitors.

Google made the revelation from its Online Security Blog. “We investigate[d] the distribution of Web server software to provide insight into how server software is correlated to servers hosting malware binaries or engaging in drive-by-downloads,” wrote Nagendra Modadugu, a member of Google’s anti-malware team. “We examined about 70,000 domains that over the past month have been either distributing malware or have been responsible for hosting browser exploits leading to drive-by-downloads.”

According to the survey, Microsoft IIS pops up twice as often–49 percent vs. 23 percent–as a malware distributing server than does Apache. This comes despite the fact that Apache appears to be in use on far more servers worldwide than does IIS. The majority of that malware appears to originate from China and South Korea, according to Google. (Curiously, most malware coming out of Germany is actually sent via Apache, not IIS.)

Google reports that IIS is likely used to distribute malware more often than Apache because many IIS installs are on pirated Windows versions which aren’t configured to automatically download patches. (Even pirated Windows versions can automatically received security fixes, however.) “Our analysis demonstrates how important it is to keep web servers patched to the latest patch level,” Google notes.”


Apache or IIS – which is more confusing?

February 2, 2007

 “Windows is inherently harder to secure than Linux. There I said it. The simple truth.”  (not my quote)

A couple of images displaying the system calls required to display a webpage in both Apache and IIS.  The images are interesting to say the least.  Here’s a Link to the article.

I’ve mirrored the images in case they take them down.

Apache  IIS