The 4 year security push is paying off
An interesting report today by Port80 says that for the first time, Internet Information Server 6 (IIS) has surpassed the market share of Apache, based on research for the top fortune 1000 companies’ use of web servers for Internet hosting. This is pretty cool news and shows were we are heading. Thats the great news, the bad news I guess is still the massive number of IIS5 installations out there. While most of them are locked down in the F1000, there is still some that I would guess could be compromised.
This shift has been made by the hardnosed focus on security that was placed into Windows Server 2003 and in particular the re-architecture of IIS6 to make sure that it is seriously locked down by default and that it has the capabilities such as application recycling, kernel cache and much more which should have been obvious from the start. Finally there have been no security issues (in this case no news is good news ) which have halted the shift.
Moving forward, II7 is going to be yet another major shift forward, with a completely modular architecture, so that you can remove any HTTP processing you do not require, such as forms auth, folder browsing which improves the scalability and reduces the attack surface and provide a great new model for partners and customers to build custom modules EASILY......
There is still an amazing amount of work to do here, but things like this make Brett's evangelism work start to pay off within the team.
Do we still have a lot of work to do? We have to make IIS even more easier to deploy and manage....we are getting there.