A bit of info on the MS on linux claim. Around the time of code erd Microsofts ISP put a stop gap fix in. They frontended MS's web site (running on then vunerable IIS servers) withe some apache servers running modproxy and modrewrite to implament a passthrough proxy. In fact if you talk to a MS consualtent this is still one of the ways they recomend securing OWA. Seems the thinking is anything that exploits apache will be dead in teh water at IIS and anything that exploits IIS will die at the proxy layer. We used this method heavely at one of the compaines I worked for, if you can wrap our brain around regular expressions it works like a charm.