May
8th,
2005
Richard Monson-Haefel: Is Microsoft IIS 6.0 more secure than Apache HTTP Server 2.0?
Interesting posting on the relative security of IIS 6 and Apache 2.0. I'd agree that IIS 6 seems to have a MUCH better record than previous versions in terms both of vulnerability counts and initial configuration.
The only caveat I've got on it is my usual one about MS security, which is that with their products you have to look at the vulnerability of the whole stack as installed because it's so darn difficult to separate out the bits you don't want, unlike the situation with Apache running on something like Linux or BSD...
but I've done that rant before so I shan't do it again...