"Andrew Gideon" wrote in message
online.com...
Dylan Smith wrote:
As for security cultu consider this. Although Apache by far and large
is the most common web server, all the serious exploits so far has been
for the minority web server - IIS [...]

MSFT fanatics ignore data like this.

They (and thinking people who aren't fanatics) ignore it because it's
misleading and inaccurate. Such as the statement that "all the serious
exploits so far..." for example. There has only been the one IIS exploit in
the wild (the variants of Code Red don't count as new "serious exploits"),
and the use of the word "all" is just so much propaganda to attempt to
influence the reader to think there's a huge problem.

Beyond that, Code Red came out AFTER the vulnerability had been fixed and
WIDELY PUBLICIZED. Duh. When the press spends all of its time talking
about the security vulnerabilities in Windows, it greatly increases the odds
of someone taking that information and creating an exploit from one.

Mac and Linux vulnerabilities just don't make for news that sells papers,
mostly because they are such niches. When vulnerabilities in Apache are
found, they sometimes make the trade papers, but you'll never see WSJ,
MSNBC, or USA Today wasting time reporting them.

You need to look at the big picture. Computer security is as much about
human nature as it is about security holes and installed base.

Pete