On Thursday, Oct. 4, Microsoft announced measures its customers can take to protect their Microsoft Web servers from the damaging W32/Nimda worm.
On Monday, Oct. 8, archrival Sun Microsystems will offer Microsoft customers who are nervous about security a chance to migrate their Web servers to a new platform.
Its all part of a war of nerves being played out over Web server security, a frequent topic in the news as the Code Red and Nimda worms have invaded – then reinvaded – many sites. Sun officials think some Microsoft customers are ready to bolt.
“The Nimda worm was the last straw,” said Wes Wasson, vice president of product marketing for Suns iPlanet software. “Seven companies in the Fortune 500 came to us within a day of the first Nimda attacks to ask how they could migrate off their IIS [Internet Information Server] servers,” he said. IIS is Microsofts Web server.
Sun has tried to come up with an answer. On Monday, it will offer a migration path to the iPlanet Web server, complete with free Chili!Soft software that lets Microsoft IIS users run their Windows-oriented Web applications on a Sun Solaris server under iPlanet.
Sun has tried migration strategies in the past and failed, most notably when it sought converts to its Unix operating system (OS) through its Solaris for Intel initiative. But this time is different, Wasson said.
IT shops around the country are facing a heightened awareness of security after the events of Sept. 11, and wondering where a business-disrupting event might occur in their operations. Locking down their Web servers is an obvious move of self-protection, Wasson said.
The iPlanet Web server is designed with a portability runtime layer, or intervening layer of software abstraction, that makes it possible to isolate invasions of the server software from the server OS, Wasson said. Its a protection similar to the sandbox principle used in Java that isolates where a downloaded application may run and what operations it may perform on its new host.
The Sun move also comes on the heels of a commentary by Gartner analyst John Pescatore that it would be 2002 or later before Microsoft could rewrite IIS sufficiently to close its potential holes. “Nimda has again shown the high risk of using IIS ,and the effort involved in keeping up with Microsofts frequent security patches,” Pescatore wrote in an assessment. He recommended users consider migrating if they couldnt wait that long.
Microsoft officials said that IIS is a widely used server and is frequently targeted by worm and virus writers, unlike competitors products. Yesterday, the company gave system administrators a detailed “Actions you should take” list that included, “Protect against the Code Red II worm, which leaves a back door that Nimda exploits,” and steps to protect Microsoft Explorer Web browsers and unprotected workstations and servers that can spread the worm.
Starting Monday, Sun will post an offer of iPlanet Web Server Enterprise Edition 6.0 for $942, vs. the usual price of $1,495, to any customer migrating from another brand name. Information on the offer will be posted at www.iplanet.com/products/iplanet_web_enterprise/migrate.html.