According to an article over at Windows IT Pro, Web servers running Microsoft’s Internet Information Services (IIS) are more than twice as likely to infect vulnerable users with malware than those running the open source Apache server. The survey has of course been questioned as it was performed by one of Microsoft’s most competent rivals, Google.
Nagendra Modadugu, a member of Google’s anti-malware team explained that in a survey of around 70,000 domains known to be distributing malware; 49% were hosted by IIS servers compared to 23% being hosted by Apache. This is despite Apache having a 20% market lead over Microsoft with 53% of market share compared to 31% held by Microsoft (it’s interesting to note that between March-Sept 2006 Apache lost a large amount of this market share to Microsoft).
So why are so many Windows servers distributing malware? Google reports that many IIS installs are on un-licenced/pirated copies of Windows Server, which are unlikely to be kept up to date with the latest security patches; “Our analysis demonstrates how important it is to keep Web servers patched to the latest patch level." Many are sceptical as to whether or not Google's survey projects a true representation of the facts. Paul Thurrott notes: "I find it interesting that Google used this survey to promote Apache over an Internet product made by its chief competitor."
A Microsoft spokesperson said, "It is difficult to draw any viable conclusions about the security of the Web servers mentioned or what the intended use of a given Web server was in this particular investigation… the administrator's intended use could be to intentionally distribute malware."