'Critical' MS server flaw may affect few sites
A recently-revealed security flaw in Microsoft's Internet Information Server may have been over-hyped, according to testing figures from a UK-based Internet research firm. Netcraft's figures also showed that the large Web-hosting businesses that gained prominence in the 1990s are continuing to lose out to smaller, customer-supported firms.
According to figures from Netcraft, not many IIS servers are likely to be open to an attack that exploits a flaw in Microsoft's Data Access Components (MDAC), despite the flaw receiving a "critical" rating by Microsoft last week.
Security company Foundstone, which discovered the MDAC flaw, said at the time that it could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread. More than 4 million sites are hosted on Microsoft's Internet Information Service (IIS) software, according to Netcraft. Foundstone and Microsoft said that the flaw was likely to affect the majority of these. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug, according to Microsoft and Foundstone.
Netcraft disputed this however, noting that tests of hundreds of servers conducted by the company's security business over the last two years have shown few sites with the affected MDAC component turned on.
In 2001, about 8 percent of IIS sites being tested for the first time had the affected component, called Remote Data Services (RDS), open to the public. In 2002 this had fallen to 5 percent, partly because of customers switching to IIS version 5.0, which does not have RDS enabled by default.
The testing sample is small, but Netcraft believes it is representative. "We think that only a fairly small section of the Microsoft-IIS community is likely to use RDS, and that it is rarely enabled on public sites," the company said in a statement.
Netcraft said that the number of Web sites in its survey grew by about half a million in November over October, despite the decline in the US Web hosting industry, as non-US Web hosting businesses pick up steam.
Over the course of this year, the proportion of US-based sites in the survey has fallen from 56 percent to 45 percent, Netcraft said. "There has... been a net repatriation of existing active sites out of America as hosting services in the rest of the world have become more comparable with those in US," the company stated.
The decline of advertising-support mass Web hosting and the reduction of sites parked at domain name registration companies has also played a part in the shift, according to Netcraft.
The survey found that big Web hosting businesses are continuing to lose business, while smaller hosting firms are sometimes seeing dramatic growth.
Genuity went into administration this week and Cable & Wireless recently announced it will close more than half of its 42 data centres, some of which were acquired from bankrupt Exodus.
Netcraft found that the number of Web sites hosted in domains such as cw.net (Cable & Wireless), exodus.net, gblx.net (Global Crossing) and above.net declined between 20 and 30 percent. The worst hit, such as digex.com and psi.net, lost more than 75 percent of their hosted sites.
In the mean time, smaller companies such as Dialtone Interland Managed Hosting (dialtoneinternet.net) and Ratiokontakt (ratiokontakt.de) increased their tally of sites by more than 30 percent. The number of sites hosted by Rackshack grew by more than 161 percent, according to Netcraft, and now hosts more than 13,000 sites.
In November, the number of active sites hosted on the open-source Apache server was 10.7 million, or 64 percent of the total, up from 10.4 million, Netcraft said. The number hosted on IIS was 4.2 million, up from about 4 million. The other two companies on the survey, Zeus and iPlanet, each commanded less than 2 percent of the market.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.