Updated: July 9, 2020 (November 5, 2001)
SidebarAbandon IIS?
Following the serious strikes by the Code Red and Nimda worms, John Pescatore, an information security strategies analyst at research and consulting firm Gartner Inc., issued a note stating, “Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache. Although these Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers.”
There is no question that Windows and IIS have come under considerable attack, and Microsoft has been embarrassed by the sloppy programming practices evident in IIS code. Nonetheless, changing OSs and Web servers is not a trivial task and could involve substantial costs. More to the point, merely changing platforms does not guarantee increased security.
This is not to say that organizations should not evaluate alternatives when warranted, for security and business reasons. But before panicking over security issues and changing platforms, organizations using Windows and IIS should take the following steps:
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now
Not a member but want to see the full content? Contact us.