Question about Apache Server?

[netsysadmin]

Ok...I have a question...what makes Apache server so much less hackable or problematic than IIS??...Im not asking this to start an argument...I just want some solid info...I am going to have to setup a website for my job and I need some good info that I can present to my supervisors on which product is better...I have looked around at different sites but only have come up with people saying to use Apache...but not info on why...oh and if we do go the Apache route it will be on a win2k server...thanks for any info

 

[FUBAR]

For my .02, as it applies to you, it's mainly history and that it's not as tied into the OS. Since I've been watching, I've seen only a couple of the changelogs for apache have major holes, that I can remember. IIS has had a major hole fixed every month.

The part that doesn't apply to you is the host OS. Since the base of *NIX in general has been around for 30 years, it is much more mature, and was hacked to pieces and patched before windows even came around. That and the fact that MS is the most targeted vendor out there in general makes it a bad bet in my eyes.

But in the end it all boils down to the admin. A vigilant admin can probably keep windows safe, as he could on *NIX, but AFAIK, it's a smaller task on *NIX.

 

[Nothinman]

Ok...I have a question...what makes Apache server so much less hackable or problematic than IIS??

Look around some security sites (like securityfocus.com) and count the number of exploits for each in say, the last year, and decide for yourself. Out of the box Apache you pretty much have no worries, out of the box IIS I would give you an hour max before you're compromised.

Also, with Apache you get the added benefit of the source code with rights to actually use it, IIS can't even come close to that.

 

[n0cmonkey]

Apache has been working on its security for a while. That is one of the biggest goals of the project. Microsoft only learned that security was important in Feb

Wait will Microsoft Apach- I mean IIS 6.0 comes out. It will be fun stuff

 

[manly]

Apache is known more for its reliability than its security.

However, in comparison to IIS, it's a very secure system.

The essential reason is that Microsoft doesn't design security into much of their software products early on. As any serious software/security architects can tell you, it's much more difficult to bolt-strap security onto a system, than to design security as an essential part of the system from the get-go.

On top of that, M$ is well-reknowned for ignoring security problems it knows about, unless they are exposed as serious and widespread.