Quantcast

IIS and ASP: Microsoft’s Server

Get the WebProNews Newsletter:
[ Business]

Despite Microsoft’s dominance of everything to do with computers, their web server software sits on a relatively low 20% market share, thanks to the popularity of Apache.

However, 20% of millions of servers is still a pretty substantial number of servers, and so IIS (Internet Information Server) can’t be written off that quickly.

IIS and Security

Among technical people, though, IIS is mainly known for its terrible security record, most famously when a security hole allowed the Code Red worm (a kind of virus) to spread between IIS servers back in 2001 . Microsoft was forced to issue press releases asking people to secure their servers, which meant that millions of webmasters had to go to Microsoft’s website and download a patch to fix the problem. This prompted many people to go and download Apache instead, so the same thing wouldn’t happen again. Most of IIS’ security holes were caused by services that most people don’t use, simply because they were left on by default. Once an attacker was in, the damage they could do was greatly increased by the fact that IIS ran with all the security privileges available on the system – essentially, once someone got past IIS’ lacking security, they could do anything to the system.

For the latest version, Microsoft finally turned off unnecessary services and made the server run with fewer privileges, creating a much more secure web server. However, most of the IIS servers on the Internet today are not running the latest version, as the only way to get it is to upgrade to the Windows Server 2003 operating system – there are plenty of people still running IIS 5 on Windows 2000.

IIS and Stability
Another prominent criticism of IIS is that it has a tendency to fail under heavy loads, as it can’t handle very many connections at once. If you’ve ever seen an error that says something like ‘Website Too Busy’, the chances are that IIS was responsible for it.

So Why Would Anyone Use IIS?

The primary reason anyone uses IIS is that they created their website using Microsoft’s software. This usually means that their database is Microsoft SQL, and their pages are written using ASP (Active Server Pages), the latest version being ASP.Net. ASP is easy to use, as most scripts are written in a Visual Basic-like language named VBScript, and comes with a slick environment that makes it easy to rapidly develop dynamic websites.

In the latest .Net version, servers can actually run whole programs using the Visual Basic .Net and C# programming languages. This is a powerful feature, allowing full-fledged programming languages to be used to generate HTML pages, and Microsoft counts on it to differentiate ASP from other solutions.

As recently as 2001, ASP was the leading solution for dynamic web pages (it was beaten by PHP the next year), and it still ha a lot of momentum. Open source languages can seem unreliable to managers, and they were often unwilling to make the change from technology that had the backing of a big company like Microsoft. Companies are now starting to make the change, although quite a few are c to Java instead of PHP.

IIS Alternatives

Since so many people want to switch away from IIS, a market has opened up in helping them to do so while letting them keep their ASP code – after all, it wouldn’t be any good if they had to start over in PHP, would it? The best solution is made by Sun, and you can see it at www.sun.com/software/chilisoft. Unfortunately, that software costs $500, so it’s only really worth it if you have a lot of code tied up in an ASP language.

Really, the best thing to do is to stay away from IIS to begin with – yes, it’s easy to write web pages in VBScript, and, yes, IIS does come for free with Windows, but in the long run it really isn’t worth the hassle.

Information supplied and written by Lee Asher of Eclipse Domain Services

Domain Names, Hosting, Traffic and Email Solutions.

IIS and ASP: Microsoft’s Server
Comments Off
Top Rated White Papers and Resources

Comments are closed.