Re: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs

["Matthew Murphy" <mattmurphy@xxxxxxxxx>]

> your long post seems like an advanced FUD to me.
>
> according to your reasoning there should be a lot of worms and exploits
for
> apache because of its market share. fact is ii$ is plagued by worms and
> exploits though it has a small market share.

Actually, you're both wrong, in my opinion. :-)

Overall market share has some to do with the success of worm propagation,
but the real problem is market share diversity at all levels.  IIS is
plagued by worms because one piece of code targeting whatever version of IIS
is widely used can typically infect ~ 95% of the vulnerable portion of the
IIS market.  Multi-platform products like Apache, on the other hand, have
the advantage of portability (i.e, variations in the underlying systems
within its market).  A fantastic example of this is Scalper -- it targeted
Apache 1.3 running on BSD/IA32.  A very small portion of the market for
Apache 1.3.

I would bet money on the fact that the number of sites running Apache on any
one given OS version and architecture (for instance, FreeBSD/IA32), is much
smaller than the equivalent comparisons for IIS, where virtually the entire
market runs on IA32s (until recent 64-bit compatibility), and each version
of IIS is limited to one underlying Windows version.

Further, in the case of exploits that target multiple IIS versions (i.e,
Nimda), it could also be argued that Windows should be treated essentially
as one OS, because releases of Windows are deliberately similar to maintain
compatibility, whereas the differences between Apache's many OS
possibilities (for instance, Linux and Solaris), are often very pronounced
in nature.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html