Google Security Survey Finds Microsoft IIS Web Servers More Vulnerable Than Apache

last updated June 7, 2007 in Beyond nixCraft, Linux, Security, UNIX, Windows server

Microsoft IIS Web servers are twice as likely to serve malware as open source Apache Web servers, according to a Google security survey.

In this post, Google investigate the distribution of web server software to provide insight into how server software is correlated to servers hosting malware binaries or engaging in drive-by-downloads.

Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server. Amongst Microsoft IIS servers, the share of IIS 6.0 and IIS 5.0 remained the same at 80% and 20% respectively.

Google’s survey finds that in China and South Korea, malicious servers are more likely to be running IIS than Apache.

Web server software across servers distributing malware:

However there might be some errors in final result as a single IP hosts more website using virtual hosting. Nevertheless it is a good reading.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

2 comment

Anjanesh says:
June 7, 2007 at 11:15 pm
Well….so far so true, but now many make think differently after the release of IIS7- IIS vs. Apache.
survey software says:
April 21, 2009 at 4:01 pm
Awesome! thanks for adding this

Have a question? Post it on our forum!