SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : Intel Corporation (INTC) -- Ignore unavailable to you. Want to Upgrade?

To: The Duke of URLĀ© who wrote (164367)4/21/2002 10:46:23 AM
From: Dan3  Respond to of 186894
 
Re: , as an "open" system is pretty much wide open to hacking?

Only if Intel CPUs are used....

:-)

Seriously, how in the world do you you come to that conclusion from the information that Apache can be programmed to respond to queries for server-type with a hacker confusing response? Basic HTTP services are pretty safe whether it's Apache, IIS, or something else. Where the vulnerabilities usually are found are in associated modules like ASP, PHP, Perl, etc. Since the exploits are usually system specific, a hacker that has been misled about the type of system he faces will be much less likely to come up with a successful attack, and more likely to be found by monitoring software.

I have no recent statistics available, but, while the majority of the systems on the web are running Apache, the majority of the successful exploits I've seen recently have been of IIS systems - Apache, and its collection of supporting modules, appears to be an order of magnitude more secure than the IIS equivalent.

One thing that may help IIS going forward is the new baseline security analyzer that Microsoft just released. It makes tracking the myriad patches and updates required by IIS almost possible.

One of the problems with the various Microsoft patches is that some fixes undo other fixes, so that even having applied all the fixes isn't enough - depending on the order they were applied, the system may still be vulnerable. But MBSA makes it a little easier, and at least indicates what may be the right order of application.

If you're running windows, you should download it and make sure your system isn't missing anything critical:
microsoft.com


HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News