Google Security Survey Finds Microsoft Web Servers Vulnerable
Microsoft IIS Web servers were found to be twice as likely to distribute malware as open source Apache Web servers.
Microsoft IIS Web servers are twice as likely to serve malware as open source Apache Web servers, according to a Google security survey.
In a blog post, Nagendra Modadugu from Google's anti-malware team reports that Google conducted a survey over the past month of about 70,000 domains that have been distributing malware. It also surveyed Web server software across 80 million Internet domains.
Overall, Apache accounted for 66% of the Web server software in use and Microsoft IIS accounted for 23%. But among the 70,000 domains associated with malware, Apache and Microsoft IIS were represented equally (49%).
"Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server," Modadugu said.
Google's survey finds that in China and South Korea, malicious servers are more likely to be running IIS than Apache.
Modadugu attributes this in part to software piracy. "We suspect that the causes for IIS featuring more prominently in these countries could be due to a combination of factors: First, automatic updates have not been enabled due to software piracy, ... and second, some security patches are not available for pirated copies of Microsoft operating systems," he said. "For instance the patch for a commonly seen ADODB.Stream exploit is not available to pirated copies of Windows operating systems."
This suggests that Microsoft's efforts to protect its intellectual property have the unintended consequence of making physical property, specifically servers, less secure.
In Germany, the situation is reversed, where "Apache is more likely to be serving malware than Microsoft IIS, compared to the overall distributions of these servers."
In the United States, the situation is the same, though Apache's share of Web servers overall and its share among servers distributing malware is less disproportionate here.
"Based on the data provided, it is difficult to draw any viable conclusions about the security of the web servers mentioned or what the intended use of a given web server was in this particular investigation," a Microsoft spokesperson said in an e-mailed statement. "As the blog points out, the administrator's intended use could be to intentionally distribute malware.
"In addition, the margin of error is extremely large due to that fact that a single web server can host thousands of sites. As always, Microsoft strongly encourages customer to keep all of their products, including IIS, up to date, and to use best practices when configuring their systems. This ensures that they have the latest security updates and their systems maintain the highest level of security possible."
This story was edited on June 6 to add a comment from Microsoft.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.