Gartner advises companies to scrap Microsoft IIS

Wendy McAuliffe ZDNet.co.uk

Published: 25 Sep 2001 12:30 BST

Research group Gartner is warning enterprises to "immediately" replace their Microsoft Internet Information Server (IIS) server software with a more secure server application, following attacks on IIS by the worms Code Red and Nimda.

Last week, mass-mailing computer worm Nimda was released into the wild. It combined elements of the Web-based Code Red virus and attacked the same buffer-overflow vulnerability in Microsoft's IIS software. The trend confirms that IIS has become a popular target for hackers, and Gartner is recommending that companies affected by both worms should look at moving their Web applications to a more secure platform.

"Using Internet-exposed IIS Web servers securely has a high cost of ownership," states the Gartner report. "Nimda has again shown the high risk of using IIS and the effort involved in keeping up with Microsoft's frequent security patches."

Some antivirus experts are dismissing the Gartner warnings as "knee-jerk" and "unnecessary". Graham Cluley, senior technology consultant at security firm Sophos, is concerned that a mass move to alternative Web server software would cause more disruption than sticking with Microsoft IIS and patching it. "Code Red was less about the vulnerability of IIS, as all software has bugs, but more about system administrators ignoring the warnings that came well in advance of Code Red," said Cluley.

According to Gartner, iPlanet and Apache offer advisable alternatives to Microsoft's server software. "Although these Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers," the report says.

The analysts predict that it might be late next year before the server software is safer for corporations. "Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS."

The attempt to rank vendors according to their security success rate is a risky business. The aim of most virus writers is usually for their worm to achieve its biggest impact, and so will target platforms that are widely used. "Microsoft is targetted as it is so popular, rather than the system being the least secure," said Cluley.

"There are few viruses for the Macintosh in comparison to the PC, as the hacker will be going for the most popular platform," he pointed out.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.