Ambrosian Scripture

How about Microsoft actually fixing IIS 5 for the sake of their customers? Don't blame their problems on the users...

Like any software product, IIS has bugs that require patching. Microsoft's products have an astronomically higher distrubition than other software companies, so their products are targeted for exploits far more than other software companies' products and receive far more publicity when flaws are uncovered.

Despite this, Microsoft is constantly working to improve their products, and in the last couple years especially, security has been at the top of priorities for them. They actively work to prevent security flaws, and they are very good about releasing and distributing patches and procedures to prevent exploits well before an exploit is made.

The lockdown tool, URLScan, and the other procedures referenced above are good examples of their committment to help secure their products. Furthermore, IIS 6, their latest web server product, is significantly more secure and is set up to be locked down by default, so your impression appears to be somewhat askew.

For the general user, there has to be a balance of usability and security, since not ever user can be a computer adept. We could easily find numerous examples of other software products that have made (and are making) compromises in security to make their products more usable.

Take, for example, virtually any wireless router on the market. The default configuration for these (and thus the easiest to set up) is wide open, and the vast majority of users leave it that way because it is too complicated to do otherwise.

The above example only serves to illustrate that we, as an industry, have a long way to make our products as secure as possible while still making them as usable as possible. We, as an industry, need to work together and not against each other to make this goal a reality.

^_^,Pretty Good!