Internet research firm NetCraft reports Microsoft’s IIS web server is now gaining ground on its open-source rival Apache. Out of close to 128 million web sites surveyed this month, 34.2% use IIS – an increase of 1.4%. Apache’s marketshare slipped by 1.7%, to 48.4%. More in NetCraft’s August 2007 Web Server Survey.
Eric Lai reports on Computerworld.com: “Survey: Apache could lose Web server market lead to Microsoft by 2008“.
Lai quotes open source proponent Bruce Perens: “But businesses that use IIS are bringing trouble upon themselves, he argues. “My own Web server running Linux does not have a firewall, it’s been on the Net for 10 years and has never needed one. Try running any MS operating system naked on the Net that way.”
First thing, hats off for running the same server for 10 years! (I’m interested in finding out who the vendor is, since my own boxes don’t live nearly as long…)
For an open source proponent, Peren’s view is hardly surprising. I’ve hosted an IIS server on the web (the one on which this blog was previously published) for 3+ years – with (gulp!) no firewall! Windows is an easily securable platform than many open source proponents realize. The built-in IPSec support provides adequate protection, imo. (Check out Steve Riley’s 2-part article on TechNet about IPSec and usage scenarios: Using IPsec for Network Protection). Coupled with some basic server hardening steps and implementing the security policies available in Group Policy/Local Policy, you can run a Windows+IIS server on the internet and not lose sleep over it. (No, I’m not recommending you try this at work). :)