Ok, I'm gonna be a unix/linux/apache bigot real quick...
<BIGOT MODE>
IIS has got to be the worst "server" package I've ever seen in my life. There's a new bug every week that allows for remote/local "root" access with CodeRed and various others. It's easy to configure no doubt because hey, point and click is all NT admins know (for the most part) but security-wise, that's a joke.
Add in the over 5000 attempts to install/abuse the CR exploit on my own personal linux box on my RoadRunner account and you have a whole slew of internet traffic being held up because of all this extra garbage. Not to mention it slows me down too, as well as others.
Apache, while not very easy to configure, has been modified as of 1.3.19 so that everything is in one file, httpd.conf. It's got an internal documentation that's installed off the main index.html page that's phenomenal in getting you going and pointing you in the direction of online help.
You want a good package that'll do what you want and you can configure it anytime with a restart of the httpd daemon without rebooting the box and has very good security right out of the box? Go with apache. You want to join the misguided masses that think MS is the best? Go with IIS 5. You'll be one of the infected hosts no doubt trying to break my box, hehe. But that's ok because ipchains will deny your address.
</BIGOT MODE>
