Full Disclosure mailing list archives
Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Thu, 1 Jul 2004 14:23:44 -0500
your long post seems like an advanced FUD to me. according to your reasoning there should be a lot of worms and exploits
for
apache because of its market share. fact is ii$ is plagued by worms and exploits though it has a small market share.
Actually, you're both wrong, in my opinion. :-) Overall market share has some to do with the success of worm propagation, but the real problem is market share diversity at all levels. IIS is plagued by worms because one piece of code targeting whatever version of IIS is widely used can typically infect ~ 95% of the vulnerable portion of the IIS market. Multi-platform products like Apache, on the other hand, have the advantage of portability (i.e, variations in the underlying systems within its market). A fantastic example of this is Scalper -- it targeted Apache 1.3 running on BSD/IA32. A very small portion of the market for Apache 1.3. I would bet money on the fact that the number of sites running Apache on any one given OS version and architecture (for instance, FreeBSD/IA32), is much smaller than the equivalent comparisons for IIS, where virtually the entire market runs on IA32s (until recent 64-bit compatibility), and each version of IIS is limited to one underlying Windows version. Further, in the case of exploits that target multiple IIS versions (i.e, Nimda), it could also be argued that Windows should be treated essentially as one OS, because releases of Windows are deliberately similar to maintain compatibility, whereas the differences between Apache's many OS possibilities (for instance, Linux and Solaris), are often very pronounced in nature. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Drew Copley (Jun 30)
- <Possible follow-ups>
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Georgi Guninski (Jul 01)
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Matthew Murphy (Jul 01)
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Barry Fitzgerald (Jul 01)
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Matthew Murphy (Jul 01)
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Ron DuFresne (Jul 02)
- Critical update for IE disables the ADODB.Stream object insecure (Jul 02)
- Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs Matthew Murphy (Jul 01)