Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
The Internet

Netcraft Survey Updated 208

Posted by Hemos
from the looking-at-the-web dept.
The latest survey is out and ready for reading from Netcraft. There's some interesting commentary in regards to Code Red, and its effects on web usage. One of the things that I found most interesting was the data showing that while the number of sites hosted by Apache continues to grow, the number of physical webservers running some variety of Windows is about half of the total. Worth checking out.
This discussion has been archived. No new comments can be posted.

Netcraft Survey Updated

Comments Filter:
  • It will be very interesting to see the subsequent reports and see what effect if any the Gartner Group's report has on the number of IIS servers.
    • by IncarnationTwo (457191) on Monday October 01, 2001 @06:26AM (#2372984)
      As the article itself said, even when many IIS sites have gone down, since Gartner's report. It is hard to tell wether they just chaged ip, as the systems were reinstalled etc.

      On the other hand, I would see it positive, if it would change some IIS servers to linux. For the growth of linux on the pie has been taken from the other *nixes.

      Are there any good ways do advocate such behaviour?
  • Well Netcrafts servers seem to handle the slashdot efect pretty well.

    Wonder how long they'd have stayed up if they used IIS.

    P.S Is it one of those urban myths or does IIS really stand for Internet Infection System ?
    • How much slashdot effect is there really going to be at 7am? Most good little nerds are still in bed or are at work (i.e. working, not going in to work early to read slashdot)
      • 7 am? I guess it really depends where you are. A significant portion of slashdot's readers are in other timezones as well (and for example, in europe it's afternoon now).
      • Also, don't forget that most Slashdotters who actually care about the Netcraft survey already subscribe to it, and have received the email already. ;-)
      • Im at work right now......does that make me a bad little nerd ? :-)
      • USA WORLD (Score:2, Informative)

        by GC (19160)
        yet another narrow minded person from america... sheez...

        considering even the usa has at least 3 time zones (I'm sure Hawaii probably counts for a 4th) I'm nearly at the point to call you plain stupid.

        No wonder your foreign policy is up the creek.
        • HeHe. Hit the nail right on the head.
          Note to USA: there are other lands, out over the sea...
        • Cut him a little slack. I don't know the numbers but I'm willing to assume that most of slashdot's users are american, and though there are 4 timezones (in the 48 states), they are earlier, so his point about people being asleep is valid.

          Yes Hawaii and Alaska have their own timezones. Actually I think Alaska has 4 natural timezones, but they only use 2.
    • Does OS X fall into the Other non-Unix label or Other Unix label? Looking at the pie chart, I see that Mac OS is handled under the Other non-Unix label. I really don't think you should use Mac OS 9.x or earlier as a web server. With OS X, it might a little bit more sense to use as a web server. What do people think?
      • A couple years ago, my school [k12.pa.us] switched from the Linux webserver that I had been administrating to a Mac server. Our site is now running on an iMac, I believe, using AppleShareIP. Naturally I did not support this change, as they've jumped years backwards in technology (and made a new site that's horrible to boot). However, I suppose one advantage of this is a little bit of security for obscurity. Because nobody's stupid enough to run a website off of an iMac, nobody wastes his time trying to find exploits for such a small target audience.
  • The weird thing is they're reporting a decline in the number of infected servers ... I don't know about you, but I've found there's actually an *increase* in the number of infected servers that try to get at my computer during the past week or so.
    BTW, did you notice the rather large proportion of Linux pc's (not servers) hooked up to the web? Sure, it's not as much as Windows, but still quite a lot ... what's up with that?
    • where did you see that? all I saw was a pie chart showing the OSs that ran Web servers. I did think it was impresive that Linux ran on 30% of the web servers, but web servers != internet conected PCs........unless you are running Windows 2000 :-)
  • Lets hope that this is an indicator that Code Red isn't going to happen again.

    Or maybe not, holes are bound to be found in Apache, and the same Admins who didn't install the IIS fix and have since moved to Linux will probably fail to install the update for Apache.

    Lets hope that apt-get becomes standard on more distros.
    • Or maybe not, holes are bound to be found in Apache, and the same Admins who didn't install the IIS fix and have since moved to Linux will probably fail to install the update for Apache.

      But then, look at the number of IIS exploits and the ones on Apache, even though Apache has more then double the market share of IIS.

      Add to that, that most exploits on Apache where due to vulnerable CGI scripts.

      Apache actually has quite a good track record, regarding security and admins installing Apache are more likely that they know what they do

      Now, what bugs me about Microsofts WDI (worms deployment engine) is that a lot of NT/W2K user don't even know that they have a web server running. It installed by default, with all its glorious vulnerabilities...

  • MOST webservers are on i86.

    Wich also brings an interesting point...

    What if next time the virus is a nifty I86 Assembly worm ?

    Wouldn't it be event more deadly than a simple IIS targeted one ?
    • they are nifty i86-worms since the shellcode they run is i86 :)

      buffer overflows only works on the platform they are written for..
    • What if next time the virus is a nifty I86 Assembly worm ?

      Writing a worm in x86 assembly does not mean that you have an OS-independent worm.

      Every worm needs a method to infect other hosts, and the only way is to exploit known vulnerabilities in legit services - ie, you are using applications' (IIS, Apache, bind, sendmail) and operating system's (Windows, Linux, Solaris) services to infect the host. The reason is that, on a network, you are not talking directly to the processor like you do with a local process. You are talking with software layers that manage your connection.
      After you have unscrewed the software protections, you make your payload execute on the target host, using a nifty x86 assembly snipped designed to gain privileges. But this is still dependent on the OS.

      In fact, many old-fashioned viruses (infected disks, .EXEs etc.) are written in pure x86 assembly. But they still are OS-specific.
    • Wouldn't it be event more deadly than a simple IIS targeted one ?

      No, because you can't arbitrarily execute x86 machine code on my x86-based server. You have to exploit a hole first, then get your code to execute. Since I run Apache instead of IIS, it's much harder for you to get into my system, and since I run Linux (properly configured) instead of Windows (misconfigured by a PHB who thinks the pretty dialog boxes make him a sysadmin), it's harder for you to do significant damage if you do get your code to run (because Apache setuids itself to a non-root user).
      • S'right (Score:3, Interesting)

        by King Of Chat (469438)
        You have to get in there first.

        And if you do, even MS use the x86 protection mechanism and run most code in ring 3. Since the account Apache runs in would not have the priviledge to install & run arbitrary ring 0 code (as would be the case with IIS [running as Local System] installing device drivers) there are limits on what can be done.

        Maybe there's an argument for an OS which has two modes which are mutually exclusive. You can use the machine (run applications etc.) or you can administer the machine (install drivers etc.). You cannot do both from the same account. Many Windows users run their day to day work under accounts with admin priviledges - or worse still, domain admin privildges. Why? Do people really need to switch from document writing to driver installation so quickly that they need be done without an additional login? Does anyone really need god-like priviledges from a regular account?

        Of course, I may be talking rubbish.
        • by Arker (91948)

          There actually is a "good" reason that even people that know better often do this on NT(aka 2k). If you're sitting there word processing, logged in as a non-admin, and someone calls you and needs, let's say, a new account made for the new hire - you must close out of your program, log out of windows, log back in, then make the account. It's a pain. Whereas on a *nix box it's as it should be, you just open an xterm, su, and make the account. It's very handy to be able to change the user in a controlled way like that in an existing session, without affecting the other stuff you are doing.


          Another reason that this is done a lot is that there are a lot of NT admins out there that just don't know what they are doing. You tell them you need two accounts and they think you're trying to scam them. These people are just jokes, but if they happen to be over you in the local hierarchy there isn't often a lot you can do about them. So you do it their way, and just hope you don't get hit when it hits the fan.

          • 2 points many people don't know about:

            • NT has a "Run As..." function to allow you to run programs as another user. Heck, it allows you to modify a shortcut to always run a program as another user. You don't need to close all your work and re-log on if you wish to run a single program as another user. You can also create accounts as well via the Computer Management applet in the Administrative Tools control panel applet.
            • Windows XP, the new iteration of NT (XP Pro, at least), has "Fast User Switching" - which allows you to switch the currently logged on user to another user, while leaving all your programs open - you don't have to close all your programs, and all the data will be there when you log back on (more than you can say from KDE saving your session when exiting).

            On the last point, however, if you've been following the Windows PowerToys development at Microsoft (they were the crew that brought you TweakUI and anti-aliased fonts for Windows 95 without the Plus! pack), they're developing a myriad of new utilities for XP, including a virtual desktop manager allowing you to switch the current desktops and all the open programs you have open, just like most *ix WMs. It's pretty slow right now, but it's still in beta.

        • Maybe there's an argument for an OS which has two modes which are mutually exclusive. You can use the machine (run applications etc.) or you can administer the machine (install drivers etc.). You cannot do both from the same account. Many Windows users run their day to day work under accounts with admin privileges - or worse still, domain admin privileges. Why? Do people really need to switch from document writing to driver installation so quickly that they need be done without an additional login? Does anyone really need god-like priviledges from a regular account?

          I have been a MacOS user all the live long day, and I damn well know that I want to be able to install printer drivers without any of this logging in and out authentication nonsense. Of course, if I were running a server, I'd want more stringent security. However, viewed objectively it is nonsense to make a single-user, or even multi-user, system force me to log out just to install drivers. This is poor interface design and nothing else, if you aren't running a server. (hence OS X)

          • by schon (31600)
            However, viewed objectively it is nonsense to make a single-user, or even multi-user, system force me to log out just to install drivers. This is poor interface design and nothing else

            WRONG

            For home use, your assumption is (at best) debatable - separating regular use accounts from system admin accounts is a good way to prevent viruses and trojans, and to make sure that you can't screw up the machine accidentally (rm /* -rf isn't just for Unix.)

            For corporate use, it is a neccessity. Even though our salesmen are still stuck in windows land, I praised the day we switched them from Win98 to NT/2000 - yes, we get calls from them saying that "I can't install this program", but it's a small price to pay to prevent them from installing non-work related software, or trashing the machine.
  • MS Trickery (Score:4, Insightful)

    by Jebediah21 (145272) on Monday October 01, 2001 @06:26AM (#2372981) Homepage Journal
    Maybe I have been taking too much acid in the last couple of days (Wow, look! A rainbow Tux!), but I think this is part of Microsoft's plan.

    If it takes 2 MS machines to replace every Apache machine MS will be sitting pretty. All they need is a few pointy haired bosses who are naive enough to spend more money for more machines. Then they can say they have the most marketshare. Combined with some FUD this makes a great way gain new clients. Eventually Apache will dwindle, and the corporate world will shun you unless you use MS.
    • Re:MS Trickery (Score:3, Flamebait)

      by MrDoh! (71235)
      Unfortunately, this is probably closer to the truth than I can imagine. How many times has the stat's been twisted in MS's favour?
      Jump forward to 6months from now;
      MS "Look how many machines run NT and IIS compared to other systems!"
      SysAdmin "But we can run 20 IIS sites on one Apache ser..."
      MS "SHUT UP, SHUT UP, SHUT UP! LOOK AT THE STATS!"

      One particuler cheery comment;
      "Linux leads Windows in Poland, Hungary, the Czech Republic, Germany, Japan, Austria and Finland - Linus Torvalds' home country"
      7 countries and counting...

    • Re:MS Trickery (Score:5, Insightful)

      by sphealey (2855) on Monday October 01, 2001 @07:54AM (#2373150)
      Maybe I have been taking too much acid in the last couple of days (Wow, look! A rainbow Tux!), but I think this is part of Microsoft's plan. If it takes 2 MS machines to replace every Apache machine MS will be sitting pretty. All they need is a few pointy haired bosses who are naive enough to spend more money for more machines. Then they can say they have the most marketshare

      That's not exactly a new idea for Microsoft: it was one of their key tactics in the battle against Novell. Top brass would be sold on how much less expensive NT was than Netware. When all was said and done, 1 Netware sever with two support techs would be replaced by 15 NT servers and 10 support techs. But it happened over a period of time and no one understood what was really going on.

      Of course, those 10 new techs then became evangalists for pushing more Microsoft stuff, and the rest is history...

      sPh

    • Perhaps a "per host" OS pie chart should sit next to the "per computer" one. The pie chart showing 50% windows machines could be indicative of less efficient servers. If MS servers are less efficient then we'd see that MS has a worse host-to-hardware ratio, which we do see here.

      Annecdotally, I can say that about a dozen machine linux servers I know are each running 3 or more separate hosts.

      • I'm currently running around 250 virtual domains on each of my servers. I prefer FreeBSD, but I do run Apache. These machines, BTW, are all (well all 3...) no greater than pentium 166 w/ 128mb ram. I do have a pentium pro 200 that I run clients stuff on that need PHP and MySQL. Try that with IIS, especially at this hardware level.
    • Re:MS Trickery (Score:3, Interesting)

      by pmz (462998)
      This is very true. Those pointy-haired people don't understand just how much a UNIX/Linux/*BSD server can do before it screeches to a halt (note that I didn't say "crash").

      I have been consistently impressed by how much raw abuse a UNIX server can take. A while ago, I wrote a test program that consumed all virtual memory and CPU and kept asking for more, and the machine got slow but kept on trucking. Where I work, the admin runs multiple web services on a single-CPU UltraSPARC box, and it never complains--not even a "hiccup."

      The truth is that it takes one UNIX machine to replace N Windows machines, where N is a large positive integer. Do you want quality or quantity?

    • Right on point (Score:3, Interesting)

      by athmanb (100367)
      My university switched from Sendmail to Exchange last year. In the process, we went from 1 Solaris machine to 4 Dual-Pentium/II Windows boxes.

      That's how you win market share...

  • would be that your can make more efficient use of hardware with Apache, yes?
    • by danheskett (178529) <danheskett@NoSpAm.gmail.com> on Monday October 01, 2001 @06:47AM (#2373019)
      Its not like that all.

      With most Windows servers I see, and I would say this sticks for the whole gamut of Windows usuage, that server is usesd as a company-wide server doing everything from authentication, to file-serving, to email, and of course, serving up a little static HTML page on the side.

      This is an important distinction, because it makes sense that high-volume sites will use Apache on a dedicated server but that low-volume small-business sites will use what they already have in house.

      I've seen literally dozens of servers running Win2k that have in house files on them, Exchange for email, and IIS for some little 1Mb HTML only brochure-style website. Those servers count as "web-servers" in the NetCraft survey, when in fact, they are more like just plain "servers" to the people who use them. Obviously if compare one of Yahoo's BSD machines vs a typical IIS/Win2k machine in this role, Apache will be doing vast amounts more work and serving vast amounts more sites than IIS.

      Also, one final note, compare all of that to how people use the different servers: Apache is very heavily used by ISPs, IIS is heavily used by do-it-yourself admins who dont know all that much.

      So I think I disagree with your comment about more efficent use of hardware - it may be true, but this survey once again does not show it.
      • I'm just going to be a little bit picky since you started it.

        Apache has nothing to do with the OS. Many W2K machines out there run PHP and Apache to serve up sites, use Exchange for their email and W2K file services for their file sharing.

        Also, Linux/Apache servers are also doubling as mail servers in *most* cases that I know off. The ISP's and hosting companies rarely ever seperate the mail functions from the webserver.
        • That has to be a darn small ISP. My ISP [xs4all.nl] uses at least four incoming MX'es, eight maildrop boxes, four outgoing SMTP's and a couple of loadbalanced pop3 servers. The webservers are loadbalanced too and are running Apache on *BSD. Then again, they must have about 60.000 clients on dialup and DSL.
      • It would be interesting to snoop traffic and extract header information to calculate the percentage of overall web traffic which is being served by each flavor of web server. Take a large enough sample from various points on the internet and you could get reasonable statistics though I'm not sure how the public at large would feel about being snooped.
      • "With most Windows servers I see, and I would say this sticks for the whole gamut of Windows usuage"

        That's an awfully big assumption.

        "Also, one final note, compare all of that to how people use the different servers: Apache is very heavily used by ISPs, IIS is heavily used by do-it-yourself admins who dont know all that much. "

        That's another awfully wrong assumption.

        IIS is much more heavily used by corporations because it is much more efficient to develop dynamic content web sites than is Apache.
    • Not necessarily.

      Last I checked, Apache could run on big Sun, HP and IBM boxes. And last I checked, IIS could run only in x86 and Alpha. Obviously the big boxes can run more sites than the x86 ones.

      Also, Apache is deployed more on mass virtual hosting than IIS, which tends to be used more in corporates and single site setups (like .coms).

      The majority of IIS sites typically run ASP applications, whereas the majority of virtual hosted Apache sites are static.

      Without more data, you cannot possibly say that Apache uses the hardware more efficiently.
  • Code Red / Nimda (Score:5, Interesting)

    by squaretorus (459130) on Monday October 01, 2001 @06:46AM (#2373015) Homepage Journal
    Our experience with our access provider is interesting in relation to the Code Red effects described in this report.
    We live in a block of office units with shared network access. Our landlord is about as non tech as they come, the whole company, and outsource the LAN provision.
    The phones and LAN went down twice due to Nimda, although our machines were unaffected - being patched!
    The operator has given our landlord the following advice "Cut them off unless they have Norton". So we get a visit from a suit asking if we have Norton on our computers. We don't we have McAfee. His response?
    "Get Norton by Friday or your being disconnected"

    People just don't understand this stuff. We have fully patched machines, which run good virus software, but our PHB landlord denies us access to the network that WE PAY FOR beause we chose a different software solution.
  • Not surprising (Score:4, Interesting)

    by gazbo (517111) on Monday October 01, 2001 @06:46AM (#2373016)
    while the number of sites hosted by Apache continues to grow, the number of physical webservers running some variety of Windows is about half of the total
    Not really surprising. Imagine the two scenarios:
    • I am the unqualified systems admin for our company, and I've been asked to set us up a crappy website. I only use windows, so I use IIS
    • I am the systems admin for a hosting company, with several dozen servers, each with many virtual hosts for my clients. Naturally I use Apache on L/Unix, as it's secure and reliable, and I know how to use a CLI.
    Naturally Apache is going to have a greater number of sites per machine, whereas IIS is going to have a large number of physical machines hosting a single crappy home-made site.
    • Well.
      A unqualified admin, has worse work under win2k, since u need to admin it 24*7.
      With *nix and apache, admin is an unknown word, other than to maintenance and set up.
      • First of all, the unqualified admin probably doesn't know that, since the Unix world probably seems too daunting to even step into. Second, having to administer the server 24x7 means you're more valuable to the company ("See, the server is down again, good thing we hired that full-time admin guy").

        With Apache it would be, "That server just sits there and runs by itself. What did we hire that admin guy to do anyway? Sit around and drink coffee?"
    • Two things:
      This logic is actually put forth by netcraft in their survey.

      This logic is probably not the best description for what is happening.

      Everyone, including netcraft seems to either not know or ignore the fact that Apache can run on Windows. I thought at first it was reader misinterpretation, but netcraft themselves states things like:
      "Although Apache runs more sites than Windows.."Which implies a mutual exclusion that is completely inaccurate. For many users who cannot or will not move to a *nix system, Apache is both cheaper than IIS and not as prone to worms as IIS in their current incarnations. Windows users use Apache more than IIS, and that is what causes the results that seem contradictory to people who think "Windows=IIS, *nix=apache"..
      • "Although Apache runs more sites than Windows.."Which implies a mutual exclusion that is completely inaccurate


        That's not entirely true. It is still possible from the statement that there is overlap, but that Apache has a total number more sites than Windows. I agree, though that there is nothing that explicitly talks about apache on windows. After poking around for a bit, I couldn't find a server/by operating system breakdown.

  • by Matey-O (518004) <michaeljohnmiller@mSPAMsSPAMnSPAM.com> on Monday October 01, 2001 @06:51AM (#2373033) Homepage Journal

    "Web Server Survey is a survey of Web Server software usage on Internet connected computers. We collect and collate as many hostnames providing an http service as we can find, and systematically poll each one with an HTTP request for the server name."

    This DOES NOT account for the number of Web servers running a particular package to do something, it accounts for the number of servers _installed_ whether intentionally or not.

    Further, it doesn't account for website overloading whereby a number of sites reside on the same IP address. Does Geocities count as one site, as it [may] only be registered to one IP?

    "The impact of Code Red has resulted in around 150,000 Microsoft-IIS sites on 80,000 ip addresses disappearing from the internet,..."

    Hmmm, could be a bunch of folks realized that IIS server on their SQL server was unnecessary. Again, they may have 'disappeared', but it doesn't mean they were used in the first place.

    I mention the above as it's how were functioning in OUR case. (3 or 4 machines that never used IIS have it turned off now, and we've got several large sites all sharing the same IP and servers)

    • by Anonymous Coward
      This brings up the question:

      What happens if we all get together and politely ask Netcraft to start *checking* to see which sites are in use?

      I'm not sure quite how easy this would be given netcraft's methodology (i thought i once found a page on netcraft's site explaining what their methodology was-- now i can't find it. did i imagine this?) but i would think it would be quite interesting if next time they ran the survey, they would load index.html for every site surveyed, quickly check to see if it matches the default page for any known version of either apache or windows nt, and then give us a little graph showing how many Apache servers are running without the awareness of the admin vs. how many IIS servers are running without the awareness of the admin..

      Would that be feasible? Would they do it if enough of us got together and asked politely? I think that would be fascinating.

      (Of course, i guess you could say some Apache servers are out there where the default / page has not yet been replaced but yet ~user pages exist.. i'd say the number of sites that fit that description would be absolutely negligible, though.)

      - nobody
      What part of the netcraft OS survey does mac os x register in?
    • by mattdm (1931) on Monday October 01, 2001 @08:47AM (#2373311) Homepage
      Netcraft isn't stupid.... see netcraft mechanics [netcraft.com] and how many active sites are there? [netcraft.com].
  • by Rogerborg (306625) on Monday October 01, 2001 @07:09AM (#2373054) Homepage

    What's with that? The end of month figures for vulnerable IIS systems show an increase in cross site scripting, accessible admin pages and viewable script source. Any guesses?

    Is it just that they're more visible? Or is it a whole bunch of sysadmins formatting, re-installing, then selectively patching for the last three exploits that they can remember? Wierd.

    • Most of the vulnerable machines belong to "sysadmins" (quoted as to not offend the real ones) who don't ever patch their boxes, unless they see an article on the front page of the NY Times and get more than 10 irate phone calls a day.
      While they did surf by windowsupdate in the aftermath of the Code Red craze, they probably have now gone back to their old habits, and leave both new installed systems as well as reformatted ones in their unpatched state. Since Windows has to be re-installed about every 6 months, the number of vulnerable machines will quite probably be back to the old numbers by february 2002...
  • Switching takes time (Score:5, Interesting)

    by MS (18681) on Monday October 01, 2001 @07:10AM (#2373055)
    Recently I migrated a mid-sized server from FreeBSD to Linux... it took me about a month: in this process I also changed database software, rewrote many programs (written in C, PHP and Shellscripts) and had to test lots of functions...

    Usually it is quite simple to migrate between Unices and Linux, but its quite a challenge to switch from a Microsoft platform to some *nix/Apache platform, if the server serves more than simple static pages.

    I believe, the process to migrate from WinXXXX/IIS to *nix/Apache will take a few months, not weeks, for management decision (big corporations are not able to produce decisions in a few hours, but will take weeks - till the next "meeting" or so), reprogramming, data-migration, testing etc.

    That's the reason, why Netcraft itself stated:

    Switching from a Microsoft to Unix platform will usually involve some significant effort for a site with any significant investment in dynamic content.
    So give us time, and lets analyse the stats again in a few months.

    ms ms

    • Netcraft noted that almost all of Linux's growth to this point has been like yours (at the expense of other Unixes). We might see some conversion from IIS to Apache, but it's not happening yet to a great degree.

      As you point out, a switch from IIS to Apache is significantly more complex. My feeling is that it will take YEARS and not MONTHS or weeks. Why? Because most of these companies blew their load building these web sites over the last few years, and now for the most part they are _done_. Furthermore, we're in a recession, which means that the IT budget might have a few bucks for a consultant to check the patch status of the NT boxex, but there's certainly not free cash to pull in the sorta talent required to rebuild last decade's projects.

      I suspect we need to wait 3-5 years until the industry is transfixed with the 'paradigm-shifting' hype surrounding some other new technology. Or the existing web apps just get dated and broken. Then a new generation of IT types will go forth and implement that stuff, and it might involve switching the HTTP server around.

      But at this point, the web server market is kinda like -umm- the desktop operating system market. It's mature, everyone's made their decision, and there's no overwhelming reason to switch at this point.
  • Easy: IIS can't do as much work per server.

    And yes, IIS really does mean Internet Infection Service (QED), and Microsoft also got the two syllables of their mailer backwards, and left some of the extra Es out of their web browser's name.

    But there is an answer:
    • Actually, a Windows webserver does not necessarily mean IIS. A lot of the systems surveyed were probably Windows systems running apache. Most sensible people know better than to run IIS. But not all those people are ready to run a Unix or Unix-like system.
      • Windows webserver does not necessarily mean IIS. A lot of the systems surveyed were probably Windows systems running apache.

        The ex-IIS sites I've seen or created have all decided that since they're going to the trouble of dumping IIS, they may as well dump Windows too. Also, many of them dump IIS because they're dumping Windows, at least for that server. This is only my own experience, the global stats may side with your point.

  • by redcliffe (466773)
    This survey is evidence of what good a white-hat port scans could do. You could survery what servers are being used, you could find out how many machine are still using faulty software, and you could find out percentages of different OSes. Everyone runs around with their arms in the air yelling that people who port scan are bad. They aren't all bad. Your security should be good enough to handle it anyway. Who cares if they find what ports are open, if the ones that need to be closed, are closed or stealth, and if you have all your latest security packages you have no problems. Thanks,

    David

  • by billsf (34378) <`billsf' `at' `cuba.calyx.nl'> on Monday October 01, 2001 @07:39AM (#2373110) Homepage Journal
    It seems Netcraft has a very hard job to do. Yes, I eagerly check them every month to see that my favourite web server (Apache ofcourse) is well on top. I'm also glad BSD isn't dying as some troll reported. 6% BSD on the web could mean many more times that in market share. 50% Windoze appears to count for only a tiny proportion of the computing power on the web. A good point was made that in this tabulation, a $1k "el cheapo" counts the same as a $1M top-of-the-line Sun!

    For starters, maybe research should be done to determine which servers and platforms serve the most actual pages on the web. It is very reasonable to state the very same hardware will serve twice the volume with Apache Unix than IIS-win. The type of Unix may matter too. Large sites tend to use Linux, very large sites tend to use BSD. Moderate sites use Solaris (and only the smallest use IIS) in general. If security is of any concern, Windoze is a joke. Apache makes a Windoze version, but warns it should never be used in a production setting - just for a quick prototype. (to show management)

    More interesting is which system serves the most data overall? The people that work on the 'big iron' say it is Linux by far, then a toss-up between Solaris and BSD. With a paltry 5%, comes the combined power of all Microsoft PC's.

    The point is clear and we have all heard it: "You can prove or dis-prove anything by how you manipulate statistics". So M$ is the best from their prospective, and so is Linux from theirs and the same for Sun, BSD and all the others. BSD does make a good point that they can serve 100x the data for the same cost as Microsoft, and that assumes you *pirated the Microsoft software* and does not include 'down time' so many Microsoft users can relate to, nevermind all the email worms and Trojans either!
    • For starters, maybe research should be done to determine which servers and platforms serve the most actual pages on the web.
      Another idea -- they should grab index.html and try to determine if it is an unmodified, vendor-provided homepage. (you know, one that says "put stuff in /home/httpd/htdocs/index.html to make your own homepage") It would be very interesting to see how many of these servers are quiescent and unused. I'd bet about 90% of the windoze ones (and a significant fraction of Linux/BSD) are people on DSL/cable modems that don't even know their computer is running a web server. OTOH, I'd bet that 99.9% of the Solaris machines are serving up useful web pages.

      --Bob

    • I'd really like to see a Netcraft/Google link-up. "Which servers host the most _important_ pages?" That would be exceptionally cool, and the databases are already there, somebody just needs to mine the data.

    • "It is very reasonable to state the very same hardware will serve twice the volume with Apache Unix than IIS-win. "

      No, that's not at all reasonable to assume that. In fact, IIS5 outperforms Apache by quite a bit.

      You may be thinking of Tux, which has outperformed IIS in benchmarks, but isn't in high use.

      As far as the $1k server versus $1M server. The Netcraft survey also doesn't account for machines behind a load balancer, which is the typical configuration of $1k servers running Linux/Apache or Windows/IIS.

  • by empesey (207806) on Monday October 01, 2001 @07:52AM (#2373142) Homepage
    I'm not too sure about this whole NetCraft thing, but if it has Neve Campbell and Robin Tunney, you can count me in.

  • CHOMP! [netcraft.com].

    Does Intel's 90% dominance disturb anyone else? It's a good thing that there is competition within that 90%. Oh well, this user will probably continue to buy cheap AMD mobos.


  • Unfortunately the number of Windows boxen out there is probably higher than the survey would indicate.


    Remember that Netcraft's OS detection only detects the OS of the machine that is directly connected to the Internet. See their own faq
    at http://uptime.netcraft.com/up/accuracy.html


    If you put your company's NT server behind a Unix-based firewall or proxy, it will be detected by Netcraft as Unix. This is probably a pretty common setup at many companies hosting their own web sites.

    • If they have that much NT in their makeup, unless they're using hardware firewalling (Such as a Cisco box) they're going to be using Checkpoint or Guardian on an NT box. That way they don't need that extra Unix expertise.

      If you think I'm kidding or trolling, I'm not- they actually THINK that way in business. And there's little wrong with it, in and of itself. It's just the choice of OS they settled on that's the problem.
  • From the document:
    Of the 80,000 ip addresses no longer running Microsoft-IIS, only around 2,000 are now running a competing web server.

    This kind of implies to me that at least 78,000 of the machines Netcraft have been counting as IIS Web servers were in fact just machines on which IIS had been loaded by default, and were never serving any real content anyway. If that's true of 78,000, how many more is it true of? In other words, are Netcraft systematically overcounting IIS by counting all machines with IIS running whether they are in fact serving any real content or not? Likewise, how many of the 'Apache' servers counted are in fact just 'out of the box' Linux installs with no real content?

    • I think it is clear that Netcraft has a pretty weak methodology. There are some sites that are serving up default apache pages (I typically discover them as they are Redhat x.0 boxes infected with some worm or have been rooted, and some script kiddie is port scanning me), but there are *way* more unattended IIS installs. I want to know if NetCraft scans port 443 - I have two patched iis boxes that only have 443 open on the firewall.

      ostiguy
      • There are some sites that are serving up default apache pages

        My web server has a default apache page, and it's been this way for many years, but it's not because I have an unattended Apache install. I just don't have anything I want to put on a front page. I've had plenty of pages below this root level, including a tomcat server, php pages, some image galleries, online ordering systems, demonstration sites, etc.

        My point: finding a default page isn't necessarily proof that the website isn't being used.

    • If, in fact, these servers tested are those installed by default and not actively being managed or used to serve a useful purpose, then why are they not blocked by a firewall? Are people really that clueless in this day?

      Only the naive would place a server directly on the internet and not be conscious of what services they are providing and what their vulnerabilities are. Hell, services are out there to tell you what your vulnerabilities are (and how to secure them) if you don't know how to do it yourself.

      Placing unprotected Windows boxes on the internet is, as time has proven again and again, a very bad thing. Same thing can be said about any unprotected machine (including Linux)...but Windows seems to be the preferred target at this time.

      Without due diligence and proactive network management, most systems will fall prey at some point.

      RD

    • You don't think people replaced their 40 IIS servers with a single Apache one? Actually, there's probably a large push for people to not run their own webserver, especially if they'd have to keep it up to date. So they might have had real content on a machine, but they were convinced to move it to a common server: ISP blocks port 80 when there's a worm, tells people to put their content on the ISP web server; company tells employees to stop running IIS, and put their content on the company server.
    • This kind of implies to me that at least 78,000 of the machines Netcraft have been counting

      The public numbers that Netcraft reports are basically useless because they count "Sites" and not servers. As far as I can tell, a "site" is a domain name. This obviously doesn't account for virtual hosting at all.

      For example, if PornSpamSquat, Inc. had purchased 10,000 domains and were using a single Pentium-133 web server box to show the "Under Construction", or "Buy this Domain" page, or do redirects to real servers, Netcraft counts that box 10,000 times in their survey. When the box breaks or is attacked by a worm, the admins just turn it off, and 10,000 'sites' disappear from the survey. Which greatly overemphasizes the importance of that little P-133.
  • i was under the impression apache can be run
    under microsoft windows...

    the survey site seems to assume that anything
    windows must not be anything but an MS webserver.

    i'll just sit back and assume the microsoft
    server numbers
    are even lower than presented :)

    woohoo! :)
  • Sun Chairman and CEO Scott McNealy held a press conference today to warn corporate IT executives about the insidious, "Pac-Man-like" nature of the Intel x86 architecture. "Look at this!" he exclaimed, pointing to a chart [netcraft.com]. "The Intel architecture is gobbling up the entire computer market!"

    Intel had no comment at press time.

  • ...that the vast majority of those IIS machines now taken off the web are just offline so they can be de-wormed, patched, and generally brought back into working order - I know, I've watched this happen (nasty Nimda infestation). People are acting like the only reason NT servers ever go down are Apache installs or permanent removals!
  • I would suggest taking the OS reports as only a rough estimate. Their OS detection [netcraft.com] needs a lot of work. My OS/2 server has been seen as Tru64/Digital UNIX since I upgraded the stack two years ago, and they're still "working on it". The stack is an IBM port from code that is similar to, but not derived from, BSD 4.4, so I don't know why they keep making that mistake.
  • Military websites (Score:4, Insightful)

    by tiny69 (34486) on Monday October 01, 2001 @09:10AM (#2373415) Homepage Journal
    The military has already shutdown a large number of their websites. Generally, each unit has their own website/server. Sometimes sections within each unit will also have their own website/server depending on how important they view themselves as being. The information those sites provide is usually basic, very rarely has dynamic content, and can very easily be obtained by other means.

    Those who have had sites that were shutdown now have to get approval (from several echelons up) before that can put their sites back up. I'm not going to say what the new web servers will be running, but it WILL NOT be Miscrosoft's IIS. The websites that are still running IIS are actively scanned for vulnerabilities (by someone other then several thousand script kiddies).

    I will not be surprised if ALL of the webservers run by the military will be moved over to something else.
  • My uneducated opinion tells me that the reason half of the physical servers are running IIS is because small companies get a NT or 2K server for their business, then realize "hey, it's got IIS, we can have a website..." they accept the default. Of course, their server that's got all of their corporate secrets is now open to the internet.

    I'd be willing to guess (but not to wager) that a majority of sites running on IIS are on single-site servers.

    Those in the know know that there are other webservers which are more stable than IIS for multi-site hosting. (OK, there are some that are less stable, believe it or not, but they are few and far between.) Having your webserver running on your corporate server is a Bad Thing (tm). Having Exchange on your corporate server and open to the internet is a Bad Thing (tm). Having postfix running on a firewall, forwarding to Exchange is a Better Thing.

    P.S. -- the OS irrelevant here, well, except that IIS only runs on M$......
  • Netcraft operating system detector

    Is that a euphemism for nmap ive never heard...? ;)

  • No I'm not sure how many IIS servers are running
    their databases on the same machine or how accessable a database would be onced IIS was hacked and admin priv's were gained, but they, the press, never mention how vulnerable the customers data is on a Microsoft system. My CC has already been stolen and I'm darn sure it was because one site used IIS. Actually both mine and my wifes CC numbers were stolen and used for similar purposes.
    Other similarities pointed to a ASP based server we used for a service we bought online.

    The press is still leaving Microsoft alone as far as I'm concerned. They need to be called for what they are.

    Bad for ebusiness, bad for corporate profits, and not to be trusted with customer data.

    FEAR .NYET!

    IMHO.

    LoB
  • A quick glance through Netcraft's Most requested sites over the last 30 days [netcraft.com] shows that part of Microsoft's Zone website stats.zone.com [zone.com] runs on Linux using Apache/1.3.9 (Unix) mod_fastcgi/2.2.2.

    Love it!
  • Netcraft surveys are always interesting to read.

    The thing that interested me about this one was that the focus was clearly on Linux and Microsoft. The tone was that Linux was something that was just an ordinary part of life.

    For example this quote: "One significant site to switch away from Microsoft recently is infoseek, though it is not known whether this is related to security concerns."

    The article didn't say what operating system infoseek had switched to. But everyone reading the article would just assume (correctly) that they had switched to Linux. A year ago, a website this large switching to Linux would have been big news but now it's something that is just taken for granted.

    As always however, it is frightening to see how many people use apache. Apache is a great web server but the worst security problem facing the internet today is not poor software but mono culture.

    Please support alternative open source web servers.

Is your job running? You'd better go catch it!

Working...