Survey: Inertia keeps Microsoft IIS sites running

The number of Websites using Microsoft Corp.’s Internet Information Services (IIS) software continued to climb in September, despite the effects of Code Red, the closure of a major Web hosting company using IIS, and an analyst’s warning that IIS users should look for more secure alternatives, according to a report from Netcraft Ltd. released Monday.

The number of active Web sites surveyed by Netcraft using Microsoft Web server software rose to 3,905,978 in September, from 3,356,363 in August. The number of sites using the open-source Apache Web server rose from 7,156,849 to 7,924,169.

The closure of Webjump, a mass hosting company that used Microsoft IIS for static content alongside the Apache Web server and Perl programming language for dynamic content, cut into the total number of sites using Microsoft software. Webjump closed in August and its 280,000 hosted sites disappeared soon afterwards, said Netcraft, which conducts regular automated polls of Web sites to identify what software they are using.

Also in September, IT analyst John Pescatore of Gartner Inc. warned businesses to “immediately investigate alternatives to IIS” which have better security records.

Around 150,000 Microsoft IIS sites on 80,000 IP (Internet Protocol) addresses have been taken down since Code Red II was released, said Netcraft.

While the absence of so many sites using Microsoft IIS could be seen as management taking necessary steps to get rid of the software, only 2,000 of these IP addresses have been re-established on a competing Web server, Netcraft said.

This could be due to their being replaced on another IP address, but it is more likely that the sites have been taken down, said the survey, or port filtered as part of a general tightening of security, rather than the Windows disks being formatted and replaced with Linux/Apache.

The reluctance to switch is probably due to psychology rather than technology, said Netcraft. Historically, Web site managers have been complacent about security, it said, and the switch to a Unix platform would involve a significant amount of effort for any site with dynamic content.

Netcraft, in Bath, England, can be contacted at