Fog Creek Software
Discussion Board




New Halloween Memo

http://www.opensource.org/halloween/halloween11.php

Here are some sound bites for open-source advocates to use in response to the Get The Facts campaign:

    *Migration only costs money once; higher Windows TCO is forever.
    *Shared source is a poison pill.
    *Only the Windows boxes get the worms.

Lynx
Wednesday, June 23, 2004


Gawd, does anyone else wish this would all just go away? I sometimes find myself wishing open source advocates would all just dissappear in a puff of smoke so I didn't have to hear about this anymore. Ditto Microsoft.

A pox on both your houses.

If I ever get to the point where this crusade actually matters to me, I'll fling myself off a cliff.

anon
Wednesday, June 23, 2004

Sigh - I hate been draw into the Win vs. What ever other OS, but I can't resist.

The reason why Windows gets all the worms and virus is not because it is bad code. It is because most of the desktops out there are windows machines. It dose not matter wether you are a worm/virus devloper or a usefull application devloper, you are going to write for windows, because you will have a large target addence.

When Linex gets a 50% desktop market share, they will be affected by worms/virus's

Gary van der Merwe
Wednesday, June 23, 2004

From the article:

"Can you explain why Windows IIS websites are cracked or defaced more often than Apache ones, despite the fact that IIS runs less than a third the number of sites Apache does?"

Oren Miller
Wednesday, June 23, 2004


Maybe IIS attacks are a marketing blitz by open source weenies. It's a conspiracy.

anon
Wednesday, June 23, 2004

Are the sites run on Apache ones you'd care to crack or deface in the first place?

Yo
Wednesday, June 23, 2004

"Can you explain why Windows IIS websites are cracked or defaced more often than Apache ones, despite the fact that IIS runs less than a third the number of sites Apache does?"

To answer this question, you would need to have hard statistics from the hackers attempting to attack servers, which is information that cannot be reliably obtained.

Therefore, the question cannot be answered.  Therefore, it is pointless to ask.

Caffeinated
Wednesday, June 23, 2004

Jesus, just concede defeat in some areas people. Apache has been a far more robust platform than IIS historically, _despite_ hosting significantly more sites (and a large number of high value sites). Just accept that and reply with a classic Microsoft sales technique "Yeah, well all that old stuff is crap, but IIS 6 will fix what ails ya" (this is actually true, but cynicism towards this endless "our old stuff is crap, but if you just upgrade..." makes it hit deaf ears).

Dennis Forbes
Wednesday, June 23, 2004


Jesus, you don't get it, do you?

No one cares!

Use Apache. Knock yourself out. Don't use IIS. Wonderful. It's all good.

anon
Wednesday, June 23, 2004

Thank you for your reply. May I subscribe to your newsletter?

So let me get this straight - if you use IIS, .NET, Sharepoint, or any other Microsoft technology, it is required that you subscribe to a revisionist perspective of the past, accept whatever FUD/nonsense/sales blather that some low level moron at Microsoft squeezes out, and bleet the opinion that everything Microsoft is great. Otherwise "go use XXX!". Thanks, but I'll save that extremist world for you.

My preferred platform is IIS with .NET, along with SQL Server. Hard to believe, eh?

Dennis Forbes
Wednesday, June 23, 2004

""Can you explain why Windows IIS websites are cracked or defaced more often than Apache ones, despite the fact that IIS runs less than a third the number of sites Apache does?"

To answer this question, you would need to have hard statistics from the hackers attempting to attack servers, which is information that cannot be reliably obtained.

Therefore, the question cannot be answered.  Therefore, it is pointless to ask."

It can be answered.  Did you know that IIS 6.0 is installed with most features turned off. IIS servers before were 6.0 installed with vunerable features turned on.  As for apache the standard install of apache has most features turned off and installed on numerous types of servers that worked a little different so the task of cracking the apache is a little different from server to server if it has vurnelabilities.

MyNameIsSecret();
Wednesday, June 23, 2004

So, to extend your argument to completion:
Since IIS has more *opportunities* (per server) to be cracked or defaced, hackers chose to attack it more often.

I can't disagree with your supposition, because I don't know any hacker to ask.  However, this *is* a supposition.  Don't you agree?

Caffeinated
Wednesday, June 23, 2004

Salad Cream!

Hitler
Wednesday, June 23, 2004

When one asks a question that cannot be answered, the Questioner is seeking to learn more about the Answerer than the answer.

anon
Wednesday, June 23, 2004

"Can you explain why Windows IIS websites are cracked or defaced more often than Apache ones, despite the fact that IIS runs less than a third the number of sites Apache does?"

Yes.  Would you rather steal candy from a baby or a biker?  I would say the easy one gets defaced.

Lynx
Wednesday, June 23, 2004

Actually I think the big benefit to all this is that it makes Microsoft reduce prices.  That benefits almost all of us.  The more effective the OSS argument becomes, the better or cheaper MS software has to become.  So go ESR go!

Software Assurance
Wednesday, June 23, 2004

The Linux zealots tend to piss me off a lot, too. I have to work with them all the time and the constant childish Microsoft bashing *really* annoys me.

But the thing is, if you seriously believe IIS is even remotely comparable to Apache, then you're in just as much denial as they are.

IIS is garbage--it's been garbage for years and it's probably always going to be garbage. IIS is the sendmail of the web; it's gotten to a point where people are actually migrating to Apache *just because* of IIS's many security problems, despite the fact that Apache runs on far, far more servers than IIS does, including big, prominent ones like amazon.com.

Having worked with both, I honestly believe that Apache knocks the socks off of IIS in almost every single way.

Sorry, but it's true. I know you don't want to believe that some orphaned experiment from the NCSA taken in by a few scattered C hackers around the world could turn out to be vastly superior to a product produced by the world's biggest and most powerful software company, but it is. Deal with it.

William G. Davis
Wednesday, June 23, 2004

Isn't IIS also "some orphaned experiment from the NCSA taken in by a few scattered C hackers", by the way?

I wonder why "around the world" versus "in Redmond" happened to matter.  (Taking for granted that it did.)

Bob
Wednesday, June 23, 2004

I'm from New Zealand.  I imagine that some USA-ians could be uncomefortable if something they thought was important was happening in some place they didn't accept existed.

anon2
Wednesday, June 23, 2004

Oh, come on. Your comments may be applicable towards certain rural and/or provincial elements here in the US, but, frankly, they have nothing whatsoever to do with any of the many, many IT people, developers, etc. I've been in contact with here in the US.

I'll be the first to say (as an American) that the US has been displaying some extremely poor attitudes and decisions recently in its foreign policy (and this is just my OPINION, let's not make it political), but assuming that we're so nuts here as to decide that "we don't like software here because it comes from New Zealand" is just ridiculous. I don't think anybody cares where things come from; they're way too busy trying to get the job done.

Besides, the Lord of the Rings movies just put New Zealand squarely on the map for the *maybe* 10% of American geeks who didn't know where it was already. ;-)


Re: the original posting...I agree that religious wars are silly. However, I have to agree that Apache kicks the crap out of IIS in many ways, of which security isn't remotely the least. Just as saying "Microsoft is always evil" is just nutty, so is not taking a step back and looking at the actual two products in comparison objectively.

anon4231908414231
Wednesday, June 23, 2004

> the question cannot be answered.  Therefore, it is pointless to ask.

If everyone thought that way we would still be libing in caves rubbing sticks together.


Thursday, June 24, 2004

Don't get me wrong.  I ask lots of "unanswerable" questions.

In this case, however, the point of asking the question is to enhance the marketing position of Product A over Product B.  It is not designed to get an answer.  It's really just manipulation.

Now, I have to go back to rubbing my sticks together.  This java code isn't going to write itself.

Caffeinated
Thursday, June 24, 2004

If it makes you feel any better, the "few scattered C hackers", are actually corporation, composed of members from companies like IBM, Redhat, Apple, Google, and Sun.  These guys are often (usually?) paid by their company to hack Apache.

So it's not so much "scattered C hackers" as it is "some of the best guys available, who happen to work for a couple dozen companies".

lvalue
Saturday, June 26, 2004

*  Recent Topics

*  Fog Creek Home