Hmm, I think it's funny that you bash MY post as being FUD. The FUD is all the claims that popularity automatically means an increase in vulnerabilities and viruses. And yeah, your google links make me laugh. They compare number of patches for IIS vs Apache, so I guess if it doesn't get fixed then it doesn't count :laugh:Originally posted by: Smilin
Originally posted by: Brazen
Originally posted by: Uber
1) There are a lot more Windows computers to infect
2) Beacuse of number 1, many viruses are written specifically to infect Windows
People keep saying this, but then, if Apache has like 70% of the webserver share, how come IIS is the one that keeps getting more viruses and exploits found?
FUD Alert!
Why is it that people bashing MS on secuity get a free pass and are never required to back it up? All you have to do is say "ABC from so and so is more secure than XYZ for Microsoft", provide no facts and it's automatically true. Try the opposite and everyone wants proof.
It takes all of 5 seconds to disprove that whole IIS vs Apache statement. Here's a pre-canned google search to get you started:
http://www.google.com/search?hl=en&q=iis+versus+apache+exploits
Whereas the latest IIS exploit (from the article) allowed a hacker "to gain complete control over an Army web server."That?s a total of 25 security vulnerabilities in 5 years for a program that is, at this very moment, serving 11 million active sites. Many of the vulnerabilities were platform-specific, and some were no more serious than exposing the full pathname of a script under certain non-remotely-controllable conditions. There are no outstanding unfixed vulnerabilities
The FUD is all the claims that popularity automatically means an increase in vulnerabilities and viruses.
I am hereby issuing yet another FUD alert! The article you just linked to:Originally posted by: Brazen
Hmm, I think it's funny that you bash MY post as being FUD. The FUD is all the claims that popularity automatically means an increase in vulnerabilities and viruses. And yeah, your google links make me laugh. They compare number of patches for IIS vs Apache, so I guess if it doesn't get fixed then it doesn't count :laugh:Originally posted by: Smilin
Originally posted by: Brazen
Originally posted by: Uber
1) There are a lot more Windows computers to infect
2) Beacuse of number 1, many viruses are written specifically to infect Windows
People keep saying this, but then, if Apache has like 70% of the webserver share, how come IIS is the one that keeps getting more viruses and exploits found?
FUD Alert!
Why is it that people bashing MS on secuity get a free pass and are never required to back it up? All you have to do is say "ABC from so and so is more secure than XYZ for Microsoft", provide no facts and it's automatically true. Try the opposite and everyone wants proof.
It takes all of 5 seconds to disprove that whole IIS vs Apache statement. Here's a pre-canned google search to get you started:
http://www.google.com/search?hl=en&q=iis+versus+apache+exploits
Here is an excerpt that sums it up pretty good:Whereas the latest IIS exploit (from the article) allowed a hacker "to gain complete control over an Army web server."That?s a total of 25 security vulnerabilities in 5 years for a program that is, at this very moment, serving 11 million active sites. Many of the vulnerabilities were platform-specific, and some were no more serious than exposing the full pathname of a script under certain non-remotely-controllable conditions. There are no outstanding unfixed vulnerabilities
...and maybe people don't ask for "proof" on Microsoft's awful security track record because it's well documented and many have seen if for themselves. It's like asking for proof that the sky is blue!
Originally posted by: lxskllr
Apple doesn't get as many virus' because nobody cares enough to write any for it. Linux doesn't get virus' because you can't get your wifi card working, so you never actually get on the net to catch any
Originally posted by: sm8000
Originally posted by: n0cmonkey
Originally posted by: spikespiegal
Personal Computer is code for Windows on x86 hardware?
So when one of our divisions runs Windows Virtual machines inside their IBM AS400 with a x386 card, then that half million dollar server is a PC?
What's the "code" then for running Linux on athlon64? 'Girlfriend?"
Freak.
<- Mac user, Linux user, OpenBSD user, Windows user
<- PPC user, Sparc user, Sparc64 user, AMD64 user, i386 user
Wow! You just need to be an Alpha user and your collection will be complete.
Originally posted by: kamper
You have a zaurus too don't you?Originally posted by: n0cmonkey
<- Mac user, Linux user, OpenBSD user, Windows user
<- PPC user, Sparc user, Sparc64 user, AMD64 user, i386 user
Originally posted by: Smilin
I am hereby issuing yet another FUD alert! The article you just linked to:Originally posted by: Brazen
Hmm, I think it's funny that you bash MY post as being FUD. The FUD is all the claims that popularity automatically means an increase in vulnerabilities and viruses. And yeah, your google links make me laugh. They compare number of patches for IIS vs Apache, so I guess if it doesn't get fixed then it doesn't count :laugh:Originally posted by: Smilin
Originally posted by: Brazen
Originally posted by: Uber
1) There are a lot more Windows computers to infect
2) Beacuse of number 1, many viruses are written specifically to infect Windows
People keep saying this, but then, if Apache has like 70% of the webserver share, how come IIS is the one that keeps getting more viruses and exploits found?
FUD Alert!
Why is it that people bashing MS on secuity get a free pass and are never required to back it up? All you have to do is say "ABC from so and so is more secure than XYZ for Microsoft", provide no facts and it's automatically true. Try the opposite and everyone wants proof.
It takes all of 5 seconds to disprove that whole IIS vs Apache statement. Here's a pre-canned google search to get you started:
http://www.google.com/search?hl=en&q=iis+versus+apache+exploits
Here is an excerpt that sums it up pretty good:Whereas the latest IIS exploit (from the article) allowed a hacker "to gain complete control over an Army web server."That?s a total of 25 security vulnerabilities in 5 years for a program that is, at this very moment, serving 11 million active sites. Many of the vulnerabilities were platform-specific, and some were no more serious than exposing the full pathname of a script under certain non-remotely-controllable conditions. There are no outstanding unfixed vulnerabilities
1. Gathers it?s Apache data from Apacheweek.com
2. Is years out of date.
3. Does not list all vulnerabilities
4. Falsely says that all vulnerabilities have been patched.
5. Says an actual IIS exploit allows complete control of a machine when no such exploit exists and then as proof provides a dead hyperlink.
?More on this in a minute?
...and maybe people don't ask for "proof" on Microsoft's awful security track record because it's well documented and many have seen if for themselves. It's like asking for proof that the sky is blue!
See that?s EXACTLY what I?m talking about when I say ?people bashing MS on security get a free pass and are never required to back it up.?. Thanks for completely proving my point.
Let?s shove the FUD to the side and get to some facts:
We?ll take a look at the latest and greatest from Apache and MS and instead of quoting your article which gets its information from Apacheweek.com let?s use some REAL information from Secunia.
IIS 6.0 came out three years ago. In all those years IIS 6.0 has had three total security advisories. None allow a full system compromise (as your article said), none are rated beyond moderate. None remain unpatched today!
Source: http://secunia.com/product/1438/?task=advisories
By contrast Apache 2.0.x has had 33 security advisories. Including several rated highly critical. Of these 33, three remain unpatched today!
Source: http://secunia.com/product/73/?task=advisories
I?m not going to sit here and say IIS, Windows, or any other MS product is the holy grail of security. I?m also not going to say Apache sucks. But it?s an absolute crock that people use some 1995 mentality to go busting on MS about security today when the facts just don?t support it. People will just say, ?MS isn?t secure? and everyone will nod their head like a bunch of brainwashed zombies. The topic of this thread is another example.
Originally posted by: Smilin
See that?s EXACTLY what I?m talking about when I say ?people bashing MS on security get a free pass and are never required to back it up.?. Thanks for completely proving my point.
Let?s shove the FUD to the side and get to some facts:
We?ll take a look at the latest and greatest from Apache and MS and instead of quoting your article which gets its information from Apacheweek.com let?s use some REAL information from Secunia.
IIS 6.0 came out three years ago. In all those years IIS 6.0 has had three total security advisories. None allow a full system compromise (as your article said), none are rated beyond moderate. None remain unpatched today!
Source: http://secunia.com/product/1438/?task=advisories
By contrast Apache 2.0.x has had 33 security advisories. Including several rated highly critical. Of these 33, three remain unpatched today!
Source: http://secunia.com/product/73/?task=advisories
I?m not going to sit here and say IIS, Windows, or any other MS product is the holy grail of security. I?m also not going to say Apache sucks. But it?s an absolute crock that people use some 1995 mentality to go busting on MS about security today when the facts just don?t support it. People will just say, ?MS isn?t secure? and everyone will nod their head like a bunch of brainwashed zombies. The topic of this thread is another example.
Originally posted by: gwag
Cause this will never happen on a mac, unless of course its a new mac running windows or a mac running virtual PC or maybe a mac running parallels desktop and some form of windows.
Originally posted by: gwag
Cause this will never happen on a mac, unless of course its a new mac running windows or a mac running virtual PC or maybe a mac running parallels desktop and some form of windows.
Originally posted by: Robor
And it wouldn't happen on my Windows box either because it's properly patched and protected.
And there's plenty of things I can do on my Windows boxes that I can't (or at least don't know how to) do on a Mac. Can you do this on a Mac...???
1. Use Yahoo Messenger with voice chat
2. Use Skype with voice/video without restarting in between sessions to fix 30 second voice delays on the Mac side
3. Use a quality Usenet news browser (like Newsbin)
4. Use a program like Dameware to remote into other (Windows) systems
5. Use a program like 'Float's Remote Agent' to manage your cell phone
Originally posted by: Smilin
nweaver:
Yes, honestly Apache 1.3 (or any version) has been great.
stash:
Yes, for being 3 years old, IIS 6.0 has a stunning track record.
n0cmonkey:
Yeah, I looked at 2.2 as a possible comparison to the 'latest from ms' but it's been out for such a short period it's track record ends up looking poor when perhaps it should not. Yes it's only got 1 unpatched, but that's a 33% unpatched rate!. It just hasn't been out long enough to get a fair shake (IMHO) and it wasn't my intention to bash Apache at all.
My real point in all this wasn't to bash Apache, or even compare Apache and IIS. It was this: People who say "MS is insecure" are never challenged and never have to provide facts. They get to spread FUD without providing any proof whatsoever. When you take a hard look at MS *today* the "MS is insecure" nonsense just doesn't fly. The Mac commercials in the OP are a perfect example.
I would agree that high marketshare doesn't necessarily equal less secure, but it definitely == more targeted. Apache is the most targeted web server, simply because of the number of extremely high value targets. There are hundreds of Apache sites out there that, if brought down, would cost their owners millions.high marketshare != less secure/more targeted
And it wouldn't happen on my Windows box either because it's properly patched and protected.
Fix all of the broken Windows machines out there.
And there's plenty of things I can do on my Windows boxes that I can't (or at least don't know how to) do on a Mac. Can you do this on a Mac...???
1. Use Yahoo Messenger with voice chat
Who cares? It's junk.
2. Use Skype with voice/video without restarting in between sessions to fix 30 second voice delays on the Mac side
Skype is teh evil.
3. Use a quality Usenet news browser (like Newsbin)
Does one exist for any platform?
4. Use a program like Dameware to remote into other (Windows) systems
Why not use Remote Admin or whatever Microsoft calls it? Or how about VNC? Or SSH (with or without X)?
5. Use a program like 'Float's Remote Agent' to manage your cell phone
I have never used iSync. Will it manage a 'non-smart' phone? Can it be used to export SMS messages? I use Float's Mobile Agent to export my SMS messages to an html file for my records.Manage it how? Like how iSync does?
Originally posted by: Robor
I'm not worried about all of the Windows boxes - I'm just worried about mine.
Forte Agent is good - NewsBin is great.
Dameware doesn't require terminal services or a client installed on the remote system.
I have never used iSync. Will it manage a 'non-smart' phone? Can it be used to export SMS messages? I use Float's Mobile Agent to export my SMS messages to an html file for my records.
Originally posted by: n0cmonkey
Originally posted by: Robor
I'm not worried about all of the Windows boxes - I'm just worried about mine.
A lot of those windows machines are what cause a lot of the worry.
Forte Agent is good - NewsBin is great.
Forte is fine for downloading binaries, except those binaries posted by idiots that use yenc.
Dameware doesn't require terminal services or a client installed on the remote system.
Doesn't XP come with Remote Desktop now?
How does dameware connect to a machine if it doesn't have an agent installed on it?
I have never used iSync. Will it manage a 'non-smart' phone? Can it be used to export SMS messages? I use Float's Mobile Agent to export my SMS messages to an html file for my records.
I don't think it backs up SMS, but can't you just get those through the bluetooth connection?
I've used it with my sony ericsson phones (until I got a new one which isn't supported... yet).
You're a special case, I'm guessing most of us trash SMS messages.
Dameware 'pushes installs' a service on the remote system.
Originally posted by: Nothinman
Dameware 'pushes installs' a service on the remote system.
And you can do the same thing with VNC or just remotely start the Remote Desktop service if it's XP or higher.