I just have to ask, what prompts people to put up Windows servers running IIS, when there are security bulletins and serious holes announced in the server and OS nearly every week?

What's the attraction?

-t

Errr...how about when you're trapped in legacy systems/apps cycle - management is only prepared to invest in new features and not porting the existing stuff over to a new platform ?

Or how about the practical reasons that a whole organisation is centred around IIS platforms and cannot spend time retraining to move onto say Unix ?

Granted that IIS attracts a hell of a lot of attention but also, other platforms are not totally security flaw free are they - look at bugtraq! Plenty of unix related flaws. If everyone dropped IIS and ran Unix based systems, we'd have pretty much the same problem again

For some reason, there are a hell of a lot of unmaintained IIS servers out with hackers using exploits that are almost years old. I think that a lot of these machines are owned by home based users on DSL connections and not properly maintained corporate systems. This is what allows things like code red to spread as much as it did.

Still, I can't defend MS too much, I'm trying to put a case together for dumping Microsoft - simply because of price if anything.

I think the reason, that windows servers get hacked the most, is the consistency in software setup.... I mean once, you cracked one based on a flaw you can break into a hell of a lot more....