[Knitebane]

If I were writing destructive software, I would target the largest number of platforms with the smallest amount of effort.

And you wouldn't get very far.

If you write destructive software, you target the software with the most, and most serious, security vulnerabilities.

That's why Microsoft software is the most targeted, not because it is popular, but because it's buggy.

The obvious example is IIS vs. Apache. Apache is much more popular, yet IIS is more attacked. IIS is terrible code and has lots of bugs. It's a cracker's playground.

[Bush2000]

That's why Microsoft software is the most targeted, not because it is popular, but because it's buggy. The obvious example is IIS vs. Apache. Apache is much more popular, yet IIS is more attacked. IIS is terrible code and has lots of bugs. It's a cracker's playground.

Except your anti-Microsoft bigotry doesn't reflect reality. Here's proof.

Comparing IIS 6.0 to Apache, we see the following statistics:

IIS 6.0 has had 3 vulnerabilities over 2003 and 2004. All 3 of which are classifed as moderately or less critical.

Apache 2.0 has had 23 vulnerabilities -- of which 5% are rated as highly critical -- and 5% remain unpatched.

So keep trying to sell your open-source-is-safer snake oil. The facts show that you are wrong.

[Paridel]

Something to keep in mind is that it isn't always server at fault, it is also the administrators of the server.

Especially any server side code that works on user input. Even when a language has a feature like 'taint' in Perl most people don't bother using it.

-paridel