From: Mustafa Akgul (akgul@Bilkent.EDU.TR)
Date: Fri 26 Jul 2002 - 13:55:23 EEST
The July 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer June 2002 Percent July 2002 Percent Change
Apache 23154909 59.67 21453498 57.62 -2.05
Microsoft 11239613 28.96 11866718 31.87 2.91
Zeus 799173 2.06 787071 2.11 0.05
iPlanet 687004 1.77 494567 1.33 -0.44
Active Sites
Developer June 2002 Percent July 2002 Percent Change
Apache 10964734 64.42 10811987 65.21 0.79
Microsoft 4243719 24.93 4176048 25.19 0.26
iPlanet 281681 1.66 214063 1.29 -0.37
Zeus 227857 1.34 183921 1.11 -0.23
Around the Net
register.com causes top line fluctuations
Microsoft gains around 3% in the top line numbers this month,
primarily through register.com putting a Windows based front end back
in place on their domain parking system. register.com has alternated
[1]several times over recent months between using a Windows or Linux
front end, and this causes a fluctuation of around 3% in the top line
figures when it changes. As domains are either allowed to expire or
put into active use, the influence of the domain parking systems on
the survey numbers is abating, and the number of parked sites at
Verisign and register.com has declined slowly but steadily during the
course of this year.
Apache/2.0 take-up tiny so far
Apache/2.0, officially [2]released at the start of April, has largely
been ignored to date, with fewer than 50,000 sites switching to the
Apache/2.0 series. For comparison, well over 10 million sites are now
running Apache/1.3.26, [3]released a month ago in response to the
chunked encoding [4]remote vulnerability. One reason for the limited
deployment of Apache/2.0 may be the lack of support for some of the
more popular modules when the server was first released, together with
the absence of any compulsive new features that people immediately
want.
Secure Sites are anything but ...
A recent [5]dialogue between the two leading certificate authorities
[6]Verisign & [7]Geotrust has highlighted that the secure site
seals handed out to sites by certificate authorities and lock icons
shown by browsers can often mislead consumers into believing that a
site is more secure than it actually is. Although the site seal and
browser lock may look reassuring, there is no assurance at all that
the site is not vulnerable to some well known exploit, and typically
many are. The discovery of remote vulnerabilities in [8]Microsoft
Commerce Server and [9]Microsoft-IIS published last month, has left
many commerce and financial sites open to attack, and there is often
no clear cut way in which a site's prospective customers can legally
determine whether their transactions and data are likely to be safe or
not. Credit card companies ultimately have the opportunity to look
after themselves through withdrawing a site's merchant status, but
finance industry regulators may need to take a much more active
interest in the security of banking sites before the situation
improves.
Web Payment likely to become more concentrated
The above widespread insecurity of merchant sites has caused credit
card companies problems over a long period of [10]time, and it is
likely that payment over the internet may become increasingly more
centralised. Payment mechanisms in which details are not taken
directly by the merchant site, but stored in a more trusted third
party system, are likely to become more and more common.
Proponents of these systems argue that they will have much greater
resources available for securing their infrastructure than run of the
mill merchant sites, although a counter-argument is that heavily
centralised systems are more attractive to [11]attack, and that the
consequences of a successful attack are much more severe. However,
given the present circumstances where more than half of the SSL sites
on the internet are likely to be vulnerable to remote attack the
weight of the argument is currently in favour of the centralised
approach.
Visa's [12]Verified by Visa service will soon be integrated with
Microsoft Passport. [13]Arcot Systems, suppliers of the systems behind
Verified by Visa, have [14]announced an agreement with Microsoft to
integrate the Microsoft .NET Passport with the Arcot TransFort
payment authentication platform. This will allow users to give their
Passport credentials to authenticate themselves to Verified by Visa,
and also a similar service under development by Mastercard, while the
[15]EBay/Paypal axis may well evolve into a competitor in this field.
Covalent announce Apache support for ASP.Net on Windows
Covalent today [16]announced support for ASP.Net through Apache/2.0
running on Windows. Presently, the number of deployed sites running
Apache on Windows is very small, and one would expect that most people
wanting to write .Net applications will use Microsoft-IIS as a web
server, but Covalent may be hoping that the [17]long running security
concerns about Microsoft-IIS may stimulate demand. However, replacing
Microsoft-IIS is something that people have tended to talk about in
the wake of remote exploits and worms, rather than actually implement,
and Microsoft-IIS share has been able to withstand competitor offers
and recommendations from the likes of Gartner quite robustly.
Fewer than half the internet's sites in .com
The percentage of the internet's sites that are registered in .com has
fallen below 50% for the first time. Over the last six years, the
proportion of the survey based under .com has fallen slowly, but
reasonably steadily from around two-thirds in 1996 to less than half
now, as registration in ccTLDs has become more straightforward, and
the speculative registration of .com domains has unwound.
References
1. http://www.netcraft.com/whats?site=209.67.50.203
2. %3cPine.LNX.4.21.0204060205490.15807-100000@shell.ntrnet.net%3e">http://www.apachelabs.org/asf-announce/200204.mbox/%3cPine.LNX.4.21.0204060205490.15807-100000@shell.ntrnet.net%3e
3. %3cPine.LNX.4.44.0206182228550.18552-100000@deepthought.cs.virginia.edu%3e">http://www.apachelabs.org/asf-announce/200206.mbox/%3cPine.LNX.4.44.0206182228550.18552-100000@deepthought.cs.virginia.edu%3e
4. http://httpd.apache.org/info/security_bulletin_20020620.txt
5. http://www.theregister.co.uk/content/6/26344.html
6. http://www.verisign.com/
7. http://www.geotrust.com/
8. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-033.asp
9. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp
10. http://news.bbc.co.uk/1/hi/business/your_money/526709.stm
11. http://alive.znep.com/~marcs/passport/
12. http://usa.visa.com/microsites/verified/how_it_works.html
13. http://www.arcot.com/
14. http://www.arcot.com/pr_020709.html
15. http://news.com.com/2100-1017-941964.html
16. http://www.covalent.net/company/pressrelease.php?press_id=47
17. http://news.com.com/2100-1001-273461.html
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
To resubscribe send the message
subscribe webserver-survey
Mike
-- Mike Prettejohn mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600 Netcraft Rockfield House Granville Road Bath BA1 9BQ England----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.
Listeden çıkmak için: 'linux-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------