Ditch Microsoft IIS now, says Gartner
And put .NET plans on ice until rewrite
We don't know if it's virus fatigue that caused us to overlook this, along with world+dog, last week.
But the Gartner Group has issued a remarkable advisory recommending - in the strongest terms - that enterprises abandon their investments in Microsoft's web server IIS (Internet Information Server). In the usually cautious, diplomatic language of analyst reports, weighted as they are with percentage probabilities, this is a blunt as they come: a kind of "flee now - and don't wait around to collect your possessions" warning.
"Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache," explains Gartner's John Pescatore.
The alternatives "have much better security records than IIS and are not under active attack by the vast number of virus and worm writers."
The key point of the advisory is that Gartner has lost faith in Microsoft's ability to patch and fix the IIS.
It recommends holding off from .NET products too, or at least those that are based on Microsoft's IIS until the latter is "completely rewritten".
We haven't heard that Microsoft has any plans to rewrite IIS, but if it does, we'll let you know. Ripping up such a fundamental piece of infrastructure would also entail changes to the security models in .NET. Gartner seems to think this likely now, after that havoc caused by Code Red (which was less of an Internet hype, but a huge internal problem for organisations which suddenly 'discovered' how many NT servers they had), and now Nimda.
BOFHs have been complaining to their management for years about the inadequacies of the Microsoft server model, and while we're hesitant about ascribing special import to any single analyst's report, Gartner and friends do have enormous clout at board level when it comes to making strategic decisions. This could be the straw that breaks the Beast's back. ®
Sponsored: Becoming a Pragmatic Security Leader