IIS and ASP: Microsoft's Server
Despite Microsoft's dominance of everything to do with
computers, their web server software sits on a relatively low
20% market share, thanks to the popularity of Apache. However,
20% of millions of servers is still a pretty substantial number
of servers, and so IIS (Internet Information Server) can't be
written off that quickly.
IIS and Security
Among technical people, though, IIS is mainly known for its
terrible security record, most famously when a security hole
allowed the Code Red worm (a kind of virus) to spread between
IIS servers back in 2001 . Microsoft was forced to issue press
releases asking people to secure their servers, which meant that
millions of webmasters had to go to Microsoft's website and
download a patch to fix the problem. This prompted many people
to go and download Apache instead, so the same thing wouldn't
happen again. Most of IIS' security holes were caused by
services that most people don't use, simply because they were
left on by default. Once an attacker was in, the damage they
could do was greatly increased by the fact that IIS ran with all
the security privileges available on the system - essentially,
once someone got past IIS' lacking security, they could do
anything to the system.
For the latest version, Microsoft finally turned off unnecessary
services and made the server run with fewer privileges, creating
a much more secure web server. However, most of the IIS servers
on the Internet today are not running the latest version, as the
only way to get it is to upgrade to the Windows Server 2003
operating system - there are plenty of people still running IIS
5 on Windows 2000.
IIS and Stability
Another prominent criticism of IIS is that it has a tendency to
fail under heavy loads, as it can't handle very many connections
at once. If you've ever seen an error that says something like
'Website Too Busy', the chances are that IIS was responsible for
it.
So Why Would Anyone Use IIS?
The primary reason anyone uses IIS is that they created their
website using Microsoft's software. This usually means that
their database is Microsoft SQL, and their pages are written
using ASP (Active Server Pages), the latest version being
ASP.Net. ASP is easy to use, as most scripts are written in a
Visual Basic-like language named VBScript, and comes with a
slick environment that makes it easy to rapidly develop dynamic
websites.
In the latest .Net version, servers can actually run whole
programs using the Visual Basic .Net and C# programming
languages. This is a powerful feature, allowing full-fledged
programming languages to be used to generate HTML pages, and
Microsoft counts on it to differentiate ASP from other solutions.
As recently as 2001, ASP was the leading solution for dynamic
web pages (it was beaten by PHP the next year), and it still ha
a lot of momentum. Open source languages can seem unreliable to
managers, and they were often unwilling to make the change from
technology that had the backing of a big company like Microsoft.
Companies are now starting to make the change, although quite a
few are c to Java instead of PHP.
IIS Alternatives
Since so many people want to switch away from IIS, a market has
opened up in helping them to do so while letting them keep their
ASP code - after all, it wouldn't be any good if they had to
start over in PHP, would it? The best solution is made by Sun,
and you can see it at www.sun.com/software/chilisoft.
Unfortunately, that software costs $500, so it's only really
worth it if you have a lot of code tied up in an ASP language.
Really, the best thing to do is to stay away from IIS to begin
with - yes, it's easy to write web pages in VBScript, and, yes,
IIS does come for free with Windows, but in the long run it
really isn't worth the hassle.