LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous (more recent) messageNext (less recent) messagePrevious (more recent) in topicNext (less recent) in topicPrevious (more recent) by same authorNext (less recent) by same authorPrevious page (September 2001, week 3)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Thu, 20 Sep 2001 16:25:30 -0700
Reply-To:     "Karsten M. Self" <kmself@IX.NETCOM.COM>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Karsten M. Self" <kmself@IX.NETCOM.COM>
Subject:      OT:  Gartner recommends IIS users switch servers
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";

In response to the 'nimda' attacks of this week, the Gartner Group is
posting the following advice:


    http://news.cnet.com/news/0-1003-201-7239473-0.html


    With the emergence of the Nimda worm--the latest in a long series to
    attack Microsoft's Internet Information Server (IIS) and other
    software--Gartner believes it's time for businesses with Web
    applications to start investigating less vulnerable Web server
    products.


    ...


    Gartner recommends that businesses hit by both Code Red and Nimda
    immediately investigate alternatives to IIS, including moving Web
    applications to Web server software from other vendors such as
    iPlanet and Apache. Although those Web servers have required some
    security patches, they have much better security records than IIS
    and are not under active attack by the vast number of virus and worm
    writers.


    Gartner remains concerned that viruses and worms will continue to
    attack IIS until Microsoft has released a completely rewritten
    release of ISS that is thoroughly and publicly tested. Sufficient
    operational testing should follow to ensure that the initial wave of
    security vulnerabilities every software product experiences has been
    uncovered and fixed. This move should include any Microsoft .Net Web
    service that requires the use of IIS. Gartner believes that this
    rewriting will probably not occur before the end of 2002.


Note also that ground-up rewrites of code typically require a long shake
out period.  I'd expect at least as long a shakeout as a development
cycle.  Your earliest reliable IIS replacement isn't likely to appear
before 2003/2004.


Peace.


-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand?              Home of the brave
http://gestalt-system.sourceforge.net/                    Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA!  http://www.freesklyarov.org
Geek for Hire                      http://kmself.home.netcom.com/resume.html



[application/pgp-signature]
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu