No, I think you missed the point of the reply.

This article IS pushing on Microsoft quite a bit. While I have read about insurance companies charging higher premiums for using IIS vs. Apache the author points out quite a few Microsoft flaws but leaves out other companies that are just a guilty. Besides that, many vunverabilities whether Microsoft or othervwise are old vunerabilities or variants that were not patched when originally identified.

We all know Microsoft is not the greatest at publishing bug free software but other high profile companies are just a guily, you just don't hear about it as much, if at all.

I have seen Apache installations that are just as vulnerable as IIS installations, whether running on Linux or Windows. It is up to the security professionals tasked with protecting their organizations environment to properly secure these systems.

Next we will see article proclaiming that companies should start to go after their security professionals with legal action whenever their systems are compromised?

If you are that unhappy with Microsoft's software, don't buy it. Convince your organizations leadership to use other tools but it is still your responsibility to secure that application. But bare in mind, since Microsoft is getting all of the press you may not hear about the vunerability your new software package has... :-)

Good luck out there...


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/47/9581#9581