Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Software Apache

Netcraft Claims Apache Now Runs 2/3rds Of The Web 366

Mr Bill writes "According to NetCraft the Apache web server now owns over 2/3rds of the web. The jump of 2.8% since last month is mostly due to a number of large domain parking sites switching back to Apache from IIS. 'During 2001 and the first half of 2002 several companies hosting very large numbers of hostnames including Webjump, Namezero, Homestead, register.com and Network Solutions migrated to Microsoft-IIS. Subsequently these businesses have either failed, significantly changed their business model, or reverted to their previous platform, and Microsoft-IIS share is now in line with its long term pre-summer 2001 level of around 20%.' See the full report here."
This discussion has been archived. No new comments can be posted.

Netcraft Claims Apache Now Runs 2/3rds Of The Web

Comments Filter:
  • good (Score:3, Flamebait)

    by grosa ( 648390 ) on Tuesday November 04, 2003 @05:09AM (#7385039)
    hopefully this will cut down on the number of easily infected web servers. don't want to see another run of iis worms spewing bogus access requests at my apache server.
    • OpenSSL... (Score:5, Informative)

      by admbws ( 600017 ) on Tuesday November 04, 2003 @05:17AM (#7385067) Homepage Journal
      Take a look at the article below [netcraft.com]. It's incredibly worrying how many sites are still using vulnerable versions of OpenSSL [netcraft.com].
      • Re:OpenSSL... (Score:5, Insightful)

        by Przepla ( 637674 ) on Tuesday November 04, 2003 @06:13AM (#7385214)
        Indeed, but:
        However, relying on version numbers to determine the number of vulnerable OpenSSL sites is flawed because vendors backport security patches. So a site using OpenSSL on a Red Hat 9 system will likely report itself as OpenSSL 0.9.7a even though it isn't vulnerable to any of the issues mentioned and the situation is similar for SuSE, Debian, Mandrake, and most of the Linux distributions. Additionally, many of the vendor distributions of Apache have recently started supressing all the extra module information by default, so newer distributions (ones that are not vulnerable) are less likely to be listed.

        I'd just add, that FreeBSD does the same thing.
    • Re:good (Score:2, Interesting)

      by BuckaBooBob ( 635108 )
      Apache doesn't seem to suffer from the Monoculture problems that MS has... But I guess apache hasn't reached a true monoculture yet... But it would seem to \me that IIS could be a dying horse..
      • Re:good (Score:5, Insightful)

        by Bert64 ( 520050 ) <.moc.eeznerif.todhsals. .ta. .treb.> on Tuesday November 04, 2003 @07:21AM (#7385377) Homepage
        Apache is not really a monoculture atall, not compared to IIS... If you encounter a machine running IIS you can pretty much guarantee it`s running on an x86 machine running windows, it might, but this is a 1/1000000 chance or something, be running on windows on an alpha, mips or ppc... but this isnt possible for any version above 5.0
        However, with Apache, it could be running on any one of many OS`s, Linux, FreeBSD, Solaris, HPUX, AIX for instance, and on many different hardware architectures.
        This is a good reason for promoting systems such as FreeBSD, OSX, and the other risc systems... If the entire world standardises on x86/linux for their webservers, especially a single distribution, then it would be no better than a windows monoculture.
    • Re:good (Score:5, Insightful)

      by Anonymous Coward on Tuesday November 04, 2003 @05:46AM (#7385145)
      It might help a bit, but not a lot. Web servers that belong to a domain, say www.slashdot.com, are counted here, but when you have millions of home machines worldwide still running an open web service on windows, that can overwhelm the statistics.

      66% of 'real' websites may be apache driven, but when it comes to viral infection, Joe Normal's home windows box on his cable connection counts just as much an infectable web server as the business down the road that runs a real .com
    • Re:good (Score:5, Insightful)

      by nmg196 ( 184961 ) on Tuesday November 04, 2003 @05:46AM (#7385147)
      But IIS usage is NOT going down though! The netcraft graph is a graph of relative usage of each system and adds up to 100%. If you look at the bottom the linked page at the second graph, you can see that IIS usage hasn't decreased at all - it's just that Apache usage has gone up quite a bit recently (ie, there are more total servers tested by Netcraft).
      • Re:good (Score:5, Interesting)

        by Grizzlysmit ( 580824 ) on Tuesday November 04, 2003 @07:11AM (#7385354)
        Ummm I think you'll find thats wrong, ok the propotunate loss for IIS is worse, but they've had a notaciable numeric loss too.
        • Re:good (Score:4, Insightful)

          by nmg196 ( 184961 ) on Tuesday November 04, 2003 @07:39AM (#7385418)
          OK - I'm slightly wrong.

          MS had 4.92 million sites last month, and it's 4.91 million this month (1.06% down) but my point still stands - it's mainly the fact that Apache has gone up from 13.52 million to 14.37 million active sites ( a gain 846294) that makes the graph show a swing from Apache to Linux. It's not really a change from Apache TO IIS - its mainly just loads more Apache sites. The fall in IIS usage is so insignificant that it doesn't even register on that graph!

          If you read the other /. comments - you'll see that graph is misleading many people on here. Many users seem to think that IIS usage is falling rapidly, when in fact it's nearly the highest it's ever been!

          Looking at the second graph, gives you a much clearer idea of what's going on - an obvous 'spike' in Apache users - while IIS usage doesn't change by a statistically significant amount (just the usual wobble perhaps).

          A few months more data will be needed to draw any conclusions on whether or not IIS usage is actually significantly falling.

          I don't think things like the Blaster worm have help Microsoft's image where security is concerned, but favourable independent reports of the security of the new Windows 2003 platform should balance that out in the long term.
  • by Anonymous Coward on Tuesday November 04, 2003 @05:09AM (#7385041)
    Who would've believed that a non-proprietary and free webserver would be so popular when Microsoft gives you the opportunity to lock yourself into monopoly driven endless licensing upgrade cycle?

    What the hell is this world coming to?

    • Yeah, really. At least none of the Linux vendors are trying that *cough*RedHat*cough*
  • by taliver ( 174409 ) on Tuesday November 04, 2003 @05:10AM (#7385045)
    Numbers that are much harder to get but would be significantly more valuable would be the fraction of web traffic handled by the type of server. Just because I have a hosting company that has 3 sites doesn't mean that I'm getting traffic in the same amount that some other individuals. And MS(make that M$ so I don't get modded down) would tell you that there servers are deployed on the larger installations, the ones that need to higher performance.

    (And, I'd expect that if we looked at a graph of traffic, you'd see the GWS getting a significant share.)
    • More useful measures (Score:2, Interesting)

      by wizrd_nml ( 661928 )
      They could do a lot with the numbers they already have that could be more insightful: - Show statistics by type of domain (.org, .com, .net, etc.) - Show statistics about known companies/orgnisations that would be of interest to users (Forbes 500 companies, IT companies) Maybe some kind of statistical tool can be added to Apache (perhaps as a module) that can be optionally loaded that allows netcraft and similar sites to poll Apache and get interesting information like: hits, max load, throughput, type
    • by tolan's my name ( 234431 ) on Tuesday November 04, 2003 @05:28AM (#7385097) Journal
      Lots of the _really_ big sites don't use Apache or IIS but use things like IBM_HTTP_Server (which, to be fair, IS Apache) with a Websphere backend. Also those really big site are all load balanced, portalled etc, so its hard to determin what is truely doing the serving.
    • by Peer ( 137534 ) on Tuesday November 04, 2003 @05:35AM (#7385119) Homepage
      This argument was already used before. That's why Smutcraft.net [smutcraft.net]
      uses a better method to measure market share.

      They rate Apache even higher.
    • I highly doubt anyone with half a brain would run IIS on anything important. If for no other reason than possible downtime do to bugs/worms whatever, apache is guilty of the same thing.

      you would be surprised how many places run on proprietary/semi-proprietary web servers.

      but thats not really the point, if we were to compare the amount of "real work" done by an OS on the desktop unix/linux and mac would have a much higher share than they currently do. however we dont compare that, we currently compare no
  • NCSA (Score:5, Insightful)

    by chill ( 34294 ) on Tuesday November 04, 2003 @05:10AM (#7385046) Journal
    Netcraft really needs to drop the NCSA line on the charts that don't stretch back before 2000.

    The only thing that straight orange line at 0 does is give the Sun ONE guys something to point and laugh at. And it looks like they need it.
    • Re:NCSA (Score:2, Interesting)

      by madprof ( 4723 )
      What do you then incorporate it into?
      'Other' perhaps?
      Incidentally, it's not 0. Oxford Brookes Univesity in the UK still use it, hilariously.
    • Re:NCSA (Score:2, Funny)

      by Anonymous Coward
      I like it. It helps me find the bottom of the graph.
    • It seems a bit silly to count by the number of domains hosted - this means that domain parking services (as mentioned in the report) inflate the numbers. Would it be possible to have a rough guess at how popular a site is (eg from Google rankings, or from traffic statistics gathered by snooping on traffic crossing some major ISP) and weight the results by that?
  • by Zocalo ( 252965 ) on Tuesday November 04, 2003 @05:11AM (#7385048) Homepage
    ...and great for Apache. The underlying message seems to be that switching from Apache to IIS will either cause your company to fail outright, or at best cost you a huge chunk of resources while you switch to and from. That fact that Network Solutions is on the list is even better, because for many managers and users NetSol is *the* .com company, and if they can't make IIS work...
    • by Anonymous Coward on Tuesday November 04, 2003 @06:01AM (#7385180)
      I would bet that a year ago someone at Microsoft came up with an idea to increase IIS standings at Netcraft: pay a couple of domain parking companies to switch. They probably paid them for a year only, and since the year has finished, the companies in question have decided to switch back, presumably because IIS had more expensive TCO than Apache. Microsoft's original idea would have been to gain momentum for IIS and indicate it was gaining rapidly over Apache, helping it's .Net initiative look like it was going somewhere.
      • Very insightful post.

        A little bit of greasing of palms is a fairly common business practice. MS have probably seen that all that did, rather than
        persuade the rest of the world to move over to IIS, was cost MS
        money. So what comes next? I reckon the future will be MS playing
        dirtier. They'll buy up companies which have trivial web patents,
        and will sue every hosting company under the sun for "serving dynamically created content based on the user's prior browsing history" or something inane like that. (I made t
    • I find the article kind of strange saying that since Netcraft itself claims [netcraft.com] that NetSol's entire netblock is running Solaris...
      • Re:Questionable (Score:3, Informative)

        by daviddennis ( 10926 )
        They switched to Windows with gigantic fanfare about a year or so ago. I was shocked and incomprehending, since it just didn't make any sense to do that given their Unix heritage.

        I guess they're now back to Solaris, which is just where they were before.

        So much for Microsoft's marketing.

        D
  • Apache 2.0 (Score:4, Interesting)

    by g_arumilli ( 324501 ) on Tuesday November 04, 2003 @05:11AM (#7385049)
    Netcraft seems to show every site that I've looked at running Apache 1.3.x, and none of them running Apache 2.0.x. Is this just Netcraft being weird in attempting to determine what version of Apache a server is running (or perhaps an equivalence in transmitted data between 1.3.x and 2.0.x), or a more significant sign of the "stability" that major servers require?
    • Re:Apache 2.0 (Score:5, Informative)

      by Anonymous Coward on Tuesday November 04, 2003 @05:21AM (#7385073)
      The Apache version comes directly from the server signature. This is changed easily enough (we find 3K Apache 7.x sites) but most people don't bother.

      This month, we found

      • 26.3M Apache 1.x hostnames
      • 1M Apache 2.x hostnames
      • 3M Unknown Apache hostnames


      Magnus at netcraft dot com
      • Re:Apache 2.0 (Score:2, Informative)

        by madprof ( 4723 )
        This seems about right. Apache 2.0 is still not as complete as Apache 1.3.x when it comes to support from surrounding software.
        I'm waiting for Apache::Request to be ported properly.
    • Many people haven't switched yet, for a number of reasons. Personally, I'm used to 1.3.x so I'm sticking with it, but the big killer for most sites is the lack of mod_perl and php other than betas.

      FWIW, the server name is transmitted in a standard HTTP/1.1 response so it's trivial to work out what kind of server something is running. As a simple test, run 'telnet [host] 80' and type 'GET / HTTP/1.1' and hit enter a few times. You'll get a response (usually an error saying invalid HTTP/1.1 request) whic

      • Re:Apache 2.0 (Score:3, Informative)

        by Nevyn ( 5505 ) *

        FWIW, the server name is transmitted in a standard HTTP/1.1 response so it's trivial to work out what kind of server something is running. As a simple test, run 'telnet [host] 80' and type 'GET / HTTP/1.1' and hit enter a few times. You'll get a response (usually an error saying invalid HTTP/1.1 request) which includes a server version.

        To be pedantic, that should really be... "A server name is trans ... what kind of server something says it's running."

    • Re:Apache 2.0 (Score:4, Insightful)

      by horza ( 87255 ) on Tuesday November 04, 2003 @07:01AM (#7385330) Homepage
      Until there is an announcement on the PHP homepage stating that PHP is totally stable under Apache 2, and that moving to Apache 2 will offer far greater performance, I don't see the ratio changing in the near future. The last advice I read was "don't use mod_php under Apache 2", and haven't heard anything to the contrary recently.

      Phillip.
      • Re:Apache 2.0 (Score:3, Informative)

        by fferreres ( 525414 )
        PHP is pretty stable on Apache 2, at least for me. I was a bit scared at first, but after running a relatively large and badly written PHP site with not problems at all for about 3 month, I feel confident now. But yes, better wait for PHP to declare it stable.

        Don't know what other people experiences are...

        F
  • by Anonymous Coward on Tuesday November 04, 2003 @05:14AM (#7385057)
    that many large companies started using IIS.
    I got a bit nervous, but looks like using IIS is the best cure.
    It's like pi**ing against electric fences.
    You'll never do it again.
  • by hughk ( 248126 ) on Tuesday November 04, 2003 @05:17AM (#7385065) Journal
    Apache is cool and this is good for open source. However it would be better is there were more variety (perhaps Zope or others). Each approach has its own advantages or disadvantages.

    Luckily many people use different Apache versions or even platforms and certainly different modules, i.e., mod-perl or php so this isn't as bad for a risk factor. I would still like to see more variety and thus hopefully better security.

    • by jalet ( 36114 ) <alet@librelogiciel.com> on Tuesday November 04, 2003 @05:30AM (#7385104) Homepage
      Problem with Zope is that it's often installed behind Apache which serves as proxy/urlrewriter and so Netcraft may only see Apache some times. (it correctly detects Zope for my own website though)
    • On the other hand, multiple variations mean that exploits fixed in one variation aren't neccessarily cascaded through to others. Having just one common version would mean that all security efforts would be focused on this one rather than being diluted.
      • It could be worse, one common version of IIS - one system 0wn3d, all systems 0wn3d!!!

        Seriously, I acknowledge the advantage of open source but have a real gut feeling that if the same system is everywhere then should an exploit happen, it may propagate too fast. It is a key argument against Microsoft's OS Hegemony but, can still apply even if we have the means to fix the bugs.

    • Apache is an open source project. Therefore...
      • It can be compiled for multiple architectures. (Opteron, PPC, MIPS, etc.)
      • It can be compiled with different configuration settings.
      • It can be compiled using different compilers.
      • It can be compiled using different compiler options.
      • It can be compiled on different operating systems. (Solaris, BSD, Linux, OS X, etc.)

      While in some sense Apache may be a monoculture, you can clearly see from what I've just stated that in another sense it is far from a mono

  • by Pond823 ( 643768 ) on Tuesday November 04, 2003 @05:23AM (#7385084)
    It seems odd that the two largest parking hosts switched away from IIS at roughly the same time, when they also changed to IIS around the same time too. Maybe Microsoft made them an IIS offer they couldn't refuse, but have since changed that policy.
  • by Kj0n ( 245572 ) on Tuesday November 04, 2003 @05:24AM (#7385086)
    ... that this article appears directly above the article "Lies, Damned Lies, And [Gaming] Statistics [slashdot.org]"?
  • by goombah99 ( 560566 ) on Tuesday November 04, 2003 @05:27AM (#7385093)
    We often here that mono cropping leaves one open to rapidly spreading global viruses. The poster child for this is the windows operating sytem and its suceptibility to rpc and outlook and active-X infections.

    The yarn goes that MS products are not so badly written, that IS II is no worse that apache, that outlook is no worse than XXXX, its just that windows runs on 95% of the worlds computers so its a target and when its infected it gets noticed.

    this apache story sort of gives a lie to this. if it runs 80% of the web servers it is the largest target by definition. Of course it does get attacked but you dont hear about this being a viral thing, spreading throught the mono crop.

    I guess one can counter this argument by saying that bussinesses that run web servers maintain their patches better thsn the devil spawned endusers. But this doesn't really wash. If bussinesses had to patch as often as Windows users did they would be screaming bloody murder since while it only costs the end user free time, it cost the bussinesses actual operating expesnes.

    • Apache isn't quite as much of a monocrop as it might seem at first. While a newly discovered security hole is likely to affect a large proportion of the world's web servers, differences in how Apache is linked and loaded will mean that any exploit is going to be specific to one operating system. For example, there was an Apache/FreeBSD worm some time back; the security hole existed in all (unpatched) Apache installations, but the worm was only able to exploit it on FreeBSD.
    • In addition to the points that other posters have made, you're forgetting one thing - commercial webservers are admined by professionals, while Windows machines at home are most certainly not.

      I run Windows XP Pro at home, and despite using P2P, my machine is virus and trojan free. How? I know what I'm doing, and take sensible precautions, including running a software firewall and regularly-updated AV software, and I keep my system patched.

      Similarly, commercial webservers are behind firewalls, unnecessary

    • If bussinesses had to patch as often as Windows users did they would be screaming bloody murder

      They are.

      Migrating to something different is a huge barrier to many of these people. Even so, MS has made public statements indicating that they've heard these screams.

  • by illuminata ( 668963 ) on Tuesday November 04, 2003 @05:30AM (#7385103) Journal
    With Apaches controlling this much of the internet and damn near all of the U.S. casinos, what the hell are they still bitching about?

    Who cares if you don't have the land anymore, you're filthy fucking rich!
  • by leoaugust ( 665240 ) <leoaugust AT gmail DOT com> on Tuesday November 04, 2003 @05:44AM (#7385138) Journal
    When I hosted some of my earlier sites, web hosting resellers were advocating Windows hosting. They charged more for it, and also most of the technical help they had was for Windows and IIS ...

    After the worm season of Microsoft, I actually had the same resellers begging me not to buy Windows hosting but go for Linux, even though it was cheaper (and hence their margins lower). Most of them were putting forward the reasoning that it was cheaper (but that was never a selling point earlier) and they said that there are so many free goodies available with it ... Finally one of the ladies confided ... "My techies are going nuts just keeping up with the patches after patches .. so please, go for Linux .... please .."

    It's anecdotal ... .but I think very widespread ..
    • go for Linux, even though it was cheaper (and hence their margins lower)

      Why would their margins be lower because Linux is cheaper for the customer? The margin is the difference between what the customer pays and what it costs them to provide it. If Linux is cheaper for them, their margins can very well be higher for Linux, even though it is cheaper for the customer.

      This way, everybody benefits (except for Microsoft [microsoft.com]).

  • by winkydink ( 650484 ) * <sv.dude@gmail.com> on Tuesday November 04, 2003 @05:46AM (#7385146) Homepage Journal
    I offer that 2/3rds of all web servers and 2/3rds of the Web are far from the same thing. While I have no firm idea how to accurately measure the Web, I'd offer that either total content or total content that is actually viewed would make for a far more intersting statistic.

    Whether this makes Apache's percentage larger or smaller, I have no idea there either. I think that the claim as written is inaccurate.

  • Intriguing... (Score:2, Insightful)

    by larien ( 5608 ) *
    Subsequently these businesses have either failed
    Would it be overly obvious to say that there's a link between using IIS and failing? ;)
  • by jlemmerer ( 242376 ) <xcom123@yCOFFEEahoo.com minus caffeine> on Tuesday November 04, 2003 @05:54AM (#7385160) Homepage
    ...apache will spread even farther. i do a lot of web service programming myself, and i have to say that the axis project maintained by a fraction of the apache group made my life a whole lot easier. i don't think that a similar framework exists in the microsoft world (yeah, i know there is .NET, but i mean in the "real" java web service world that is truly portable cross platform)
  • since they are measuring websites including the ones that are just parked or inactive, is there any figures that relate to an active site?

    the parked domains just distorts the results to a certain degree.

    maybe a good monthly metric would be a web server survey of actual web sites. this will allow us to learn trends that companies use.

    one thing for sure, it just measures the sites to the server. is there a metric to measure hits per server type?
  • This popularity is the ONLY reason for the TERRIBLE security track record of Apache compared to, say, IIS.

    Oh, wait..
  • I bet you anything that what happened was those companies bought the XP hype about how the new Windows would never crash again and now that we're well into the XP life cycle they've woken up to the fact that it was just more hype. Gave IIS a nice a little bump for a bit though.
    I've seen a lot of the same thing at the consumer level where people who used to ask me for help all the time went ahead and bought XP despite my forewarnings and ended up getting bit as soon as the RPC bugs started flying. It tur
  • httpd versus Tomcat? (Score:2, Informative)

    by ewg ( 158266 )
    According to their platform groupings [netcraft.com], they lump Apache Coyote together with Apache httpd.

    Since Coyote is the Connector component [apache.org] that allows Tomcat to function as a standalone webserver, I wonder how many of "Apache" sites are running Tomcat versus httpd.
  • can we get a measurement of distinct ip's running servers vs hostnames running servers?

    Domain name registrars just fuck it up for everyone when they switch back and forth with their hosting solutions. It's not as if there was choice on by the user to what hosting service they were using for their parked page. It is an important when choosing a final hosting service, apache or IIS...
  • by Anonymous Coward on Tuesday November 04, 2003 @07:41AM (#7385424)
    This valuable informative post got modded down to -1 even though it is nothing but 100% informative, and I rarely ever post it. Therefore I will post it three times in case the apache-fanboy mods it down to -1 again

    I in 400 SECURE servers is still a classic Mac Os host even cccording to netcraft !

    Because no mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.

    Why?

    Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 tolwers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 7 years, even when paired up with its preferred web server app.

    The Army (www.army.mil) has used Webstar for years on macs for security.

    In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.

    For years, except, for a couple months ago, the army has always used MacOS and has never had a break-in on a Mac. Unlike their other MS defacements.

    http://uptime.netcraft.com/up/graph?site=www.arm y. mil

    That is why the US Army gave up on MS IIS and got a Mac for a web server, sometimes it is a honeypot for OSX testing, and US ARmy use regular Mac OS on other internal servers

    I am not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

    Why is is hack proof? These reasons :

    1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

    2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

    3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

    4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

    5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs t
    • webstar. (Score:4, Informative)

      by leuk_he ( 194174 ) on Tuesday November 04, 2003 @10:19AM (#7386434) Homepage Journal
      sorry, I would call this that flaimbait. But since it is well argumented i will reply...
      1> No command shell.
      Absence of features is not always a good thing. now you will have to add scripting in the webserver.

      2> No Root user
      Like windows 95?.. see 1.

      3> pascal strings
      but you can have buffer overflows with pascal strings if you fail to allocate enough memory for the string.

      4>..only run CGI placed in correct directory location..
      And if you get a script in there you have the same problem. And it is not easy to remotely administer....

      5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing!
      You mean like the unix "x" attribute that was in the very first unix? This is a thing that windows has badly affected. But is this a thing that affects web servers or clients......

      4> Stack return address positioned in safer location than some intel OSes
      There are 3 kind of people.. that that can count and those who cannot 8-).
      But a better solution would be not to have the stack in memory that can be executed.

      7> There are less macs, though there are huge cash prizes for cracking into a
      The fact that there are huge cash prices would

      not be a ood advertisement for safety. And generally they are set on well protected servers that are doing nothing.
      8> MacOS source not available traditionally,
      same argument goes for ISS

      no mac web server has ever been rooted,defaced,owned,scanned,exploited, etc.
      I am 100% sure that they get scanned all the time. which makes me doubt all the other points. But then you can always blaim the user.

  • OK, and? (Score:3, Insightful)

    by cardpuncher ( 713057 ) on Tuesday November 04, 2003 @07:44AM (#7385430)
    I guess the numbers have some interest, but I'd be far more interested in what they're doing with their web servers. On the assumption that serving flat HTML is a minority interest, what, more significantly, are they using for their application development? Perl? PHP? Java? C?

    One of the main problems with IIS is that its single-process, multi-threaded operation makes it very vulnerable to threadlocks and memory leakage by various ancillary software components (database drivers, Active X stuff, etc). Debugging these problems is next-to-impossible, particularly for someone who's chosen to use IIS largely because of a familiarity with Visual Basic.

    I would not *a priori* expect threading in Apache 2.0 to work any better than IIS if it's working with, say, PHP into which you can build a myriad of library functions many of which have a single-threaded heritage.

    So, if users are moving to Apache in droves because they've found a reliable rapid development environment for multi-threaded web applications, then I'd be interested to know what (apart from Apache) was involved.

    After all, Apache (like IIS) is fundamentally no more than a dispatcher for HTTP requests. It's producing the responses that causes the trouble!
  • by Technician ( 215283 ) on Tuesday November 04, 2003 @07:50AM (#7385452)
    The MS graph looked steady until May of 2002 them something drastic happened. MS took a sharp drop. Apachie at the same time to a jump up. What time did the rash of worms start again?
  • New servers? (Score:2, Insightful)

    by Anonymous Coward
    I think that it's more significant to note that even though it already has the majority share, Apache use is growing faster than any other server. This means that when somebody decides on a new server, more often than not, it's Apache that is chosen. Microsoft seems to be fighting a losing battle here. It's also interesting to note that they group a number of different Microsoft web servers together, whilst they separate the Apache users into different groups.
  • by Tim Colgate ( 519024 ) on Tuesday November 04, 2003 @08:32AM (#7385597) Homepage
    There is another survey at Security Space [securityspace.com].

    What's interesting about this one is that results can be viewed by domain. The highest proportion, and highest growth, of IIS seemed to be in the gov domain [securityspace.com], where Apache is actually decreasing. IIS usage in education was also pretty high [securityspace.com].

    Use of Apache was particularly high in Germany [securityspace.com] .

  • by Pac ( 9516 )
    I have been here from singularity to boom to burst to today's lukewarm recovery, and Apache has been running 2/3 of the Web since there is a Web. Year after year /. publishes this same Netcraft announcement, give or take a percent point.

    Apache is like Gillete: you know there are other brands, you even know a few people use those other brands but when push comes to shove and you girlfriend order you shopping for shaving tools, Gillete is always the way...
  • by carlmenezes ( 204187 ) on Tuesday November 04, 2003 @09:46AM (#7386152) Homepage
    Wouldn't a breakup by a measure of the size in bytes of content served by the various web servers make a much more realistic figure?

    I mean, if the traffic logs and stats are not available for all the sites around, surely, a measure of the size of the content would give one a fair idea of where the heavy weights really lie?
  • by WoTG ( 610710 ) on Tuesday November 04, 2003 @12:38PM (#7387772) Homepage Journal
    I wonder if the upcoming (or is it recently passed by now?) end of support for NT 4.0 is a factor. I would guess that some of the parked domains could be running on NT. With the end of support, these registrars would face either a paid upgrade to W2K/2003 or a free upgrade to Apache on Linux (or whatever) - or I guess they could stay with NT, and live without new security patches...

Avoid strange women and temporary variables.

Working...