In the server-software competition

Jul 25, 2007 09:39 GMT  ·  By

Security company Sophos published an interesting report concerning the software solutions used for webservers, revealing that Microsoft's IIS is securer when it comes to the battle with the famous Apache. At this time, Apache is surely the most popular server software application on the Internet with an impressive number of users turning to this program. However, a huge popularity also means that it is one of the most attacked web server solutions, security company Sophos wrote in the research. No more than 51% of the Apache servers were attacked by at least one dangerous threat in the six months of 2007 while IIS 6 recorded only a small 34 percentage.

The third position was won by IIS 5 with 9 percent, while the last places bring nginx with 3 percent and other server solutions with the same 3 percent. "With a whopping 80 percent of all infected webpages found on legitimate sites, it begs the question as to why web hosts are not taking the necessary steps to properly secure their servers," said Graham Cluley, senior technology consultant at Sophos.

It was well known that Apache servers are the most affected web server solutions because most of the attackers looking to exploit an Internet server were facing the technology provided by this type of application. However, Microsoft is the big winner of this analysis because it reveals that its IIS solution is securer and more users might adopt this web server product.

"Simple measures such as keeping up to date with security patches will go a long way towards thwarting this problem - the fewer holes in server setups, the lower the risk of infection. Web hosts that are currently not behaving responsibly must bite the bullet and take better care of their sites. Just using Apache on your web server doesn't mean you are now bullet-proof from hackers trying to plant malicious code on your site. It will be a wake-up call for some to see that malware is not just a Microsoft problem," the Sophos representative added in the research.