From: Matthew French (mfrench42 at domain yahoo.co.uk)
Date: Thu 16 Aug 2001 - 16:46:33 IST
On Thu, Aug 16, 2001 at 04:10:32PM +0100, Wynne, Conor wrote:
> Is Apache on Windozs also vulnerable to worms?
Yes and no.
Apache, like any server software, can have unexploited or undiscovered
security holes which a worm needs to propogate. IIRC the Lion and
Ramen worms were Apache specific.
Apache on Windows is most probably going to be as secure as Apache on
Linux, maybe even more secure if the writer of the worm uses Unix
functionality which is not available with the stunted Windows
environment.
Is Apache more secure than IIS? Almost certainly, going by history
alone. But the reasons are obvious enough:
1) Open source: makes peer review possible, so security holes are
discovered and closed earlier.
2) Cross platform: makes exploiting holes a lot more difficult - a
binary compiled for Solaris will have different behaviour than a
binary compiled for BSD.
3) Not seriously bloated: Most IIS exploits don't use holes in the
core IIS software, but in one of the gazillion add-on DLL's that are
installed by default.
To protect yourself from worms, you can use at least basic security
procedures: run the Apache service as a user that only has read
access to the web directories and very little access to anything
else. Use a firewall. Be paranoid about others hacking into the
box.
Also remember that worm's don't need to exploit HTTP, they can also
use holes in Bind, Sendmail, WS-FTP, Exchange, Active Directory or any other
network daemon. Currently most LDAP servers have huge holes in them,
so if you have a publicly accesible LDAP server than it might be time
to rethink that strategy. (IMHO public LDAP, except as a community service,
is a bad idea anyway.)
Hope this answers the question you had in mind?
- Matthew
_________________________________________________________
Do You Yahoo!?
Get your free at domain yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:42 GMT