Netcraft Survey Updated 208
The latest survey is out and ready for reading from Netcraft. There's some interesting commentary in regards to Code Red, and its effects on web usage. One of the things that I found most interesting was the data showing that while the number of sites hosted by Apache continues to grow, the number of physical webservers running some variety of Windows is about half of the total. Worth checking out.
Gartner Group Effect will be interesting (Score:1, Interesting)
Re:The real reason 80,000 IIS Servers disappeared (Score:5, Interesting)
Amazing how many of the code red servers were displaying the sample page.
Code Red / Nimda (Score:5, Interesting)
We live in a block of office units with shared network access. Our landlord is about as non tech as they come, the whole company, and outsource the LAN provision.
The phones and LAN went down twice due to Nimda, although our machines were unaffected - being patched!
The operator has given our landlord the following advice "Cut them off unless they have Norton". So we get a visit from a suit asking if we have Norton on our computers. We don't we have McAfee. His response?
"Get Norton by Friday or your being disconnected"
People just don't understand this stuff. We have fully patched machines, which run good virus software, but our PHB landlord denies us access to the network that WE PAY FOR beause we chose a different software solution.
Not surprising (Score:4, Interesting)
This is slightly flawed (Score:5, Interesting)
This DOES NOT account for the number of Web servers running a particular package to do something, it accounts for the number of servers _installed_ whether intentionally or not.
Further, it doesn't account for website overloading whereby a number of sites reside on the same IP address. Does Geocities count as one site, as it [may] only be registered to one IP?
Hmmm, could be a bunch of folks realized that IIS server on their SQL server was unnecessary. Again, they may have 'disappeared', but it doesn't mean they were used in the first place.
I mention the above as it's how were functioning in OUR case. (3 or 4 machines that never used IIS have it turned off now, and we've got several large sites all sharing the same IP and servers)
Re:Interesting also is that i86 is WAY ahead... (Score:3, Interesting)
Writing a worm in x86 assembly does not mean that you have an OS-independent worm.
Every worm needs a method to infect other hosts, and the only way is to exploit known vulnerabilities in legit services - ie, you are using applications' (IIS, Apache, bind, sendmail) and operating system's (Windows, Linux, Solaris) services to infect the host. The reason is that, on a network, you are not talking directly to the processor like you do with a local process. You are talking with software layers that manage your connection.
After you have unscrewed the software protections, you make your payload execute on the target host, using a nifty x86 assembly snipped designed to gain privileges. But this is still dependent on the OS.
In fact, many old-fashioned viruses (infected disks,
Number of IIS exploitable servers going back UP? (Score:5, Interesting)
What's with that? The end of month figures for vulnerable IIS systems show an increase in cross site scripting, accessible admin pages and viewable script source. Any guesses?
Is it just that they're more visible? Or is it a whole bunch of sysadmins formatting, re-installing, then selectively patching for the last three exploits that they can remember? Wierd.
Switching takes time (Score:5, Interesting)
Usually it is quite simple to migrate between Unices and Linux, but its quite a challenge to switch from a Microsoft platform to some *nix/Apache platform, if the server serves more than simple static pages.
I believe, the process to migrate from WinXXXX/IIS to *nix/Apache will take a few months, not weeks, for management decision (big corporations are not able to produce decisions in a few hours, but will take weeks - till the next "meeting" or so), reprogramming, data-migration, testing etc.
That's the reason, why Netcraft itself stated:
So give us time, and lets analyse the stats again in a few months.ms ms
Port Scans Aren't Bad (Score:1, Interesting)
David
Re:The correct interpretation... (Score:2, Interesting)
Methodologies are important (Score:5, Interesting)
For starters, maybe research should be done to determine which servers and platforms serve the most actual pages on the web. It is very reasonable to state the very same hardware will serve twice the volume with Apache Unix than IIS-win. The type of Unix may matter too. Large sites tend to use Linux, very large sites tend to use BSD. Moderate sites use Solaris (and only the smallest use IIS) in general. If security is of any concern, Windoze is a joke. Apache makes a Windoze version, but warns it should never be used in a production setting - just for a quick prototype. (to show management)
More interesting is which system serves the most data overall? The people that work on the 'big iron' say it is Linux by far, then a toss-up between Solaris and BSD. With a paltry 5%, comes the combined power of all Microsoft PC's.
The point is clear and we have all heard it: "You can prove or dis-prove anything by how you manipulate statistics". So M$ is the best from their prospective, and so is Linux from theirs and the same for Sun, BSD and all the others. BSD does make a good point that they can serve 100x the data for the same cost as Microsoft, and that assumes you *pirated the Microsoft software* and does not include 'down time' so many Microsoft users can relate to, nevermind all the email worms and Trojans either!
Per Host is more accurate than Per Computer (Score:3, Interesting)
Annecdotally, I can say that about a dozen machine linux servers I know are each running 3 or more separate hosts.
Re:The real reason 80,000 IIS Servers disappeared (Score:1, Interesting)
We did not switch to Apache or anything else, though, just clean it up patch and back to operation.
S'right (Score:3, Interesting)
And if you do, even MS use the x86 protection mechanism and run most code in ring 3. Since the account Apache runs in would not have the priviledge to install & run arbitrary ring 0 code (as would be the case with IIS [running as Local System] installing device drivers) there are limits on what can be done.
Maybe there's an argument for an OS which has two modes which are mutually exclusive. You can use the machine (run applications etc.) or you can administer the machine (install drivers etc.). You cannot do both from the same account. Many Windows users run their day to day work under accounts with admin priviledges - or worse still, domain admin privildges. Why? Do people really need to switch from document writing to driver installation so quickly that they need be done without an additional login? Does anyone really need god-like priviledges from a regular account?
Of course, I may be talking rubbish.
Re:Methodologies are important (Score:3, Interesting)
--Bob
Re:MS Trickery (Score:3, Interesting)
I have been consistently impressed by how much raw abuse a UNIX server can take. A while ago, I wrote a test program that consumed all virtual memory and CPU and kept asking for more, and the machine got slow but kept on trucking. Where I work, the admin runs multiple web services on a single-CPU UltraSPARC box, and it never complains--not even a "hiccup."
The truth is that it takes one UNIX machine to replace N Windows machines, where N is a large positive integer. Do you want quality or quantity?
Right on point (Score:3, Interesting)
That's how you win market share...
Re:How will Netcraft handle Mac OS X? (Score:2, Interesting)