Thanks JimF for this bit of news.
A Microsoft security expert claims system administrators do not do enough to shore up IIS web servers from security threats, with the result that the software looks more vulnerable than it actually is.
Ian Hellen, principal security consultant at Microsoft UK, said that a large percentage of system administrators' approach to updating patches on server software is too laidback, with the result that the company's reputation for server security has been distorted.
Analyst house Gartner issued a controversial warning two weeks ago to companies using Microsoft's web server software, recommending them to seek alternatives to Internet Information Server (IIS) because of the serious security risks.
However, Microsoft has defended its corner and said its software is as secure as its competitors, if not more so.
Hellen said the vulnerabilities of IIS are distorted because of a large user base, and because the easy installation option does not invoke the highest security settings available in the software.
He said: "When IIS gets hit by viruses the figures look a lot worse than they are because 50 per cent of the world's servers have IIS... Also there is always a risk of human error as lot of people just get the software up and running quickly and then just forget all about it."
Hellen added: "There is a certain sys admin culture which might make the patches issued ignored."
News source: IT-Director