Study: IIS More Likely To Be Compromised

Apache and IIS are equally at fault for pumping malware into the wild, according to a new study.

Apache and Internet Information Services (IIS) Web servers are equally at fault for pumping malware into the wild, according to a new study, but a higher percentage of IIS servers are compromised.

Those results come from a survey by the Google Anti-Malware Team. The results, however, should be taken with a grain of salt, since myriad mitigating factors are at work. Apache is an open-source Web server, while IIS is Microsoft's Web server.

The two servers are by far the most popular on the Internet, handling 89 percent of all traffic. Google examined about 70,000 domains in the last month that have been distributing malware, and determined that both Apache and IIS are responsible for pushing out 49 percent of the viruses and exploits. Since Apache is running on almost three times as many servers -- 66 percent to 23 percent -- as IIS, the percentage of IIS servers that are compromised is much higher. Google states in the study that "Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server."

The study also broke down the Web server distribution by country, and came up with some interesting results. The countries included in the survey included the U.S., China, Russia, Germany and South Korea. Although the distribution of Web servers is fairly even throughout the five nations, a Web server belching out malware in China and South Korea is much more likely to be an IIS server.

Since both China and South Korea are known to have high concentrations of pirated software, much of which is from Microsoft, those numbers make more sense. For instance, Microsoft makes certain patches available only for validated copies of IIS.

Apache may also have fewer compromised Web servers because its admins are more adept. The study's authors hint at this when they state "It is important to note that while many servers serve malware as a result of a server compromise (by remote exploits, password theft via keyloggers, etc.), some servers are configured to serve up exploits by their administrators." Apache is significantly more difficult to configure and administer, so those who manage them may have greater knowledge and experience than their IIS counterparts. This points more to a failing of admins rather than an inherent insecurity in the Web server.

Whatever the ultimate meaning in the study, the summary quote should be taken to heart by every Web server administrator: "Our analysis demonstrates how important it is to keep web servers patched to the latest patch level."

The survey can be found here.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.


  • introimage

    Microsoft Reverses Even More on Windows Recall

    Recall, a new Windows 11 feature designed to "retrace users' steps," won't be seeing the light of day anytime soon.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft To Wind Down Copilot Pro's 'GPT Builder' Feature

    Subscribers of Microsoft's Copilot Pro solution will lose access to a key perk starting next month.

  • Windows Server 2025 GPU Improvements Promise Major AI Support

    Currently in public preview, Windows Server 2025 is shaping up to be a major beneficiary of Microsoft's wide-ranging collaboration with chip giant Nvidia.