There's life left in IIS

New tools mean reports of Internet Information Server's death have been greatly exaggerated

INTERNET Information Server (IIS) don't get no respect.

Microsoft's Web server software suffered a heavy blow to its reputation when the Code Red and Nimda worms exploited weaknesses in millions of IIS installations in the summer of 2001. Wags said the IIS acronym really stood for "It Isn't Secure." Research group Gartner published a widely reported recommendation in September of that year, saying users should "immediately investigate alternatives to IIS." (See www3.gartner.com/resources/101000/101034/101034.pdf .)

Perhaps as a result, Microsoft's offering has shown a big decline in the closely followed Netcraft survey of Web domains. IIS peaked at a 35 percent market share in March 2002, then declined to under 28 percent by the end of the year. Meanwhile, Apache servers -- which always outnumbered IIS on a per-domain basis -- are running almost 63 percent of the sites in the world and growing (www.netcraft.com/survey ).

The Netcraft snapshot doesn't tell the whole story, however. "It's kind of misleading," says Chris Neppes, director of sales and marketing at Port80 Software, because Apache servers are more likely to host numerous small sites -- each of which counts as one server in the survey.

Port80 has just completed its own study of the Web server software used by large companies in the Fortune 1000. The figures show that, of 970 corporations with identifiable Web sites, 54 percent are using IIS. The number is 21 percent for Netscape Enterprise, 18 percent for Apache, and 7 percent for other or unknown software. (The study should be available by the time you read this at www.port80software.com/servermask/fortune1000webservers .)

Port80 sells add-on software that makes IIS more reliable and therefore more competitive. The most notable is ServerMask, which is based on a principal caller server anonymization. In a nutshell, ServerMask stops IIS from announcing its identity to the majority of malicious hackers or anyone else. This is important because new security weaknesses that become known usually affect specific versions of a piece of software. Hackers who scan the Web to build lists of vulnerable machines are likely to target someone else if your server keeps mum about itself.

The third edition of ServerMask -- a significant upgrade that hasn't been announced yet -- will gear up even more to deal with the latest threats. Script-kiddie tools, for example, can now identify servers by their distinctive Internet Protocol settings, such as TTL (Time to Live).

The new add-on will analyze your traffic and recommend a better range of settings than the defaults, according to Joe Lima, Port80's COO.

ServerMask may double in price in February, Neppes says, but purchasers of the current edition, at $49.95 per server, will get a free upgrade.

Port80's anonymization software may make surveys like Netcraft's less accurate. But that's no reason for your company to become a statistic.