Originally posted here by knightmb


You can really get ROOT of IIS in under 5 minutes? If I e-mail you my server address would you feel free to root it for me, I will at least have piece of mind because rooting my own machine just doesn't satisfy me about the security setup I have.
Well, in my opinion, just having to keep up with the patches on IIS far outweighs its usefulness. That is, I don't like to have to patch a box every week for fear of getting the site defaced either through a worm or someone's "lack of something better to do." Running Apache, on the other hand, I'm usually happy to be able to read the CHANGES file at my relative leisure, then make a calculated decision if I need to recompile the thing or not... I'm happy to say that, mostly, there's not a usually huge rush to replace an Apache install for fear of it getting whacked - for the last few IIS vulnerabilities I've seen, usually the server's 0wn3d before you can get it replaced (ok, maybe not always that bad, but the urgency is usually severely heightened).