Microsoft Attempts to Secure IIS

billmaly writes: "Yahoo has this article about trying to make IIS more secure. Among steps is to have it install in its most secure state, putting the onus on sysadmins to remove it from that state. It looks like Microsoft may be trying to do the right thing from a security standpoint, at least on paper."

Hmm...

[Wakko Warner]

Apparently every copy of Windows XP/2000 is now shipping with a pair of scissors, to be used to "secure" the ethernet connection of IIS servers.

- A.P.

I hope they succeed

[drodver]

because 78,417 Nimda hits are more than enough for me!

Microsoft's new strategy

[Anonymous Coward]

Download source code for Apache. Tweak the headers to say "IIS" instead of "Apache". Brag about their speedy team of coders.

A paper on handling IIS in a secure manner:

[Nindalf]

The paper is here. [auckland.ac.nz]

It's more involved than you might think. If you are a sysadmin, this might be important for your job security.

Secure IIS already out in Beta

[Grim Grepper]

Microsoft has released a secure version of IIS to its beta testers. I cannot give you any details, except that it has codename "Apache".

Warning! May cause severe regret!

[Nindalf]

This just reminded me of a particular Daily Victim [gamespy.com].

"In a fit of rage I went over the deep end and cut our apartment's DSL connection!"

actually Microsoft offers a choice

[Anonymous Coward]

If you don't feel like hurting good quality cables, alternatively you can use the scissors to cut out every instance of the word "secure" from the IIS documentation, and run the software.

New

[mlknowle]

In other news, Microsoft's hardware division announced a plan to make water flow uphill.

Wondering what the new settings will be...

[blogan]

A paperclip comes up and asks you, "Would you like to have the server start? Would you like to allow connections from outside 127.0.0.1? Would you like to run scripts? Would you like to be able to access files not residing on the read only floppy? Would you like to have all comments automatically read by Outlook?"

Re:Like they had any choice ?

[Anonymous Coward]

With the Gartner group sending letters to all their customers RECOMMENDING they remove IIS as "an unacceptable security risk" based on the TCO of IIS rapidly exceeding the cost of the hardware, the OS and THE SUPPORT STAFF. When a nationally recognized consulting firm that supports 400 of the top 500 firms , and one that HAS BEEN PRO M$ up to this point, or at least VERY neutral, suddenly starts advocating ABANDONING your investment you know you have BIG PROBLEMS. I personally think this is TOO LITTLE TOO LATE. Why was the product not shipped like this in the first place ???
"Do androids dream of electric sheep ?" - Phillip K. Dick

sarcasm?

[Anonymous Coward]

"It looks like Microsoft may be trying to do the right thing from a security standpoint, at least on paper."

Thank God. Since MS usually tries to do the wrong thing, on purpose. Now they are doing the right thing on paper.

Dear Microsoft

[ReelOddeeo]

Dear Microsoft,

Thank you for your recent ammouncement that (someday) you will secure IIS.

Enclosed please find a blank, signed check.

When a more secure IIS is ready, please fill in the amount on the check, deposit it, and then ship me the new IIS. I'm patient. I'll wait until it's ready.

I know you're working very hard and that the benefit of end users is the number one concern of Microsoft.

Your loyal lackey,

MCSE guy.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Wow!

[crisco]

All that fits on one CD?

:)

Re:fun quotes

[Black Parrot]

> "it's incumbent on Microsoft, being in the leadership position we're in"

Funny, but I've never heard the concept of loss leader applied to security before.

Re:Uneducated Opinion :-)

[styrotech]

Geez I'd be pissed if I couldn't play basketball with the others because some smartass set up a non MS web server.

If there's one thing MS has done well - it's looking after developers! While all the non MS developers are inside getting OOS, sore eyes and fat butts, the MS developers get regular exercise breaks in the sunshine.

Re:this is a good first step, but..

[Phroggy]

Yes. That's why sendmail and bind are the paragons of security they are today. From-scratch attempts to replace them are riddled with holes that make IIS look like a pinprick.

Oh come on. We're talking apples and oranges here. Postfix, qmail and djbdns were written by UNIX guys who knew what they were doing. IIS would be rewritten by Microsoft. Completely different story.

Bill's Prayer

[Graspee_Leemoor]

Our father which art in Redmond, Bill be thy name.
Thy .NET come. Thy will be done, in earth, as it is in Redmond.
Give us this day our daily executable.
And forgive us our syntax errors, as we forgive thy crashes
And lead us not into subscription-based services, but deliver us from blue-screens: For thine is the marketplace, and the patents, and the shares, for ever, Amen.