[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: "SHTTPD": Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc)



Hi, that's why I specifically said "if you are already running Windows
server..."

I would not recommend using IIS 5 on XP in its default configuration.

Nb - when Vista comes along in about 6 months we will have a desktop
version of IIS that has been through the latest MS code auditing tools,
and now runs under a minimal rights user account. Then I expect it will
be closer to a one size fits all and reasonably secure option for those
wanting to run a web server on a Microsoft OS.



-----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx]
On Behalf Of Steve Crook
Sent: 08 June 2006 16:54
To: or-talk@xxxxxxxxxxxxx
Subject: Re: "SHTTPD": Windows web-server, light-weight, stand-alone and
multi-platform (Unix, etc)

On Wed, Jun 07, 2006 at 09:33:24PM +0100, Tony wrote:
> 
> Hi, If you are not trying to run this on a desktop then Windows Server
> 2003 already comes with IIS6 - which is it might surprise you to know
is
> one of the most secure web servers around as regards known
> vulnerabilities. One minor denial of service issue in 2004 is the only
> issue with IIS6 since release. See
> http://www.microsoft.com/technet/security/current.aspx

Hi Tony,

The big problem with IIS6 as I see it is that it's not a generic
one-size-fits-all solution for the Windows platform.  Sure it's an
option for those running Windows Server 2003, but that would still leave
a massive gap for all the Windows users who have XP (or older).  I doubt
MS will ever backport it as their philosophy is to make users upgrade to
server products if they want to deliver server functionality.

As there's an identified solution that will run on all Windows
platforms, whilst at the same time being Open Source and free, I think
it should take precedence, assuming of course that it actually does the
job well.

Also, to my knowledge nobody has any way of really knowing what
information MS extracts from its users.  There seems to be a new version
of Windows Update virtually every time I try and run it.  It doesn't
work at all unless I click a "Trust Microsoft" box.  I fail to see the
"Genuine Advantage" that MS assure me I'm getting.  :-)