With the recent attacks by major viruses, Research group Gartner is recommending that enterprises running IIS switch to another, more secure Web server solution.
In the past few weeks you may have heard about a couple new viruses sweeping the Internet: Nimda and CodeRed. These viruses are unique in that they can spread via Web pages that run the Microsoft IIS Web server.
According to the Gartner report: "enterprises [should] immediately investigate alternatives to IIS..." The GartnerGroup recommends switching to other Web server clients such as iPlanet and Apache. While these other Web servers do require security patches, they are not under "active attack by the vast number of virus and worm writers."
Patches Aren't the Solution
Unfortunately, it seems that most patches appear after a large number of enterprises have been affected, and that is simply not a good way to do business. In fact, analysts believe it won't be until late 2002, before the IIS software is safe for corporations. And only after the software is completely rewritten and thoroughly and publicly tested.
If you use software such as Symantec Web Security you may be protected, but it's a similar problem as with patches. If your definitions are not up-to-date, your server may get infected regardless.