Open Source IIS

Shame on Microsoft!

Today, it was announced that the Red­mond com­pany had send out ver­sion of its IIS 4.0 server with a backdoor.

At the height of its war with Netscape, Microsoft engi­neers included a secret back­door pass­word using the phrase

Netscape engi­neers are weenies!

into ver­sion of IIS. As a result, Any­one writ­ing a script that would access the dvwssr.dll file, which is used for Win­dows 98 exten­sions, in IIS could open access to Web site man­age­ment files and pos­si­bly credit card infor­ma­tion and user passwords.

This is high irre­spon­si­bil­ity on the part of Microsoft engi­neers and should be con­demned, espe­cially since Microsoft is try­ing to push its IIS plat­form as the way to serve pages on the Inter­net. Thou­sands of com­pa­nies have bought into the Microsoft line and are using the server both for intranets and Inter­net sites and one can fore­see a poten­tial class action law­suit against the com­pany fol­low­ing this incident.

While Microsoft announced that it would find the guilty par­ties and fire them, it tried to down­play the poten­tial effects of that secu­rity hole. Inter­est­ingly, how­ever, most of the web host­ing providers have turned on the Front­Page 98 exten­sions that are at fault. In other words, Microsoft either doesn’t know what it’s talk­ing about or is lying about the threat. Either way, it doesn’t look good for the company.

This could also add oil to the fire that is the DOJ antitrust law suit.

The words about Netscape are going to hurt it more. It may have been seen as a funny prank at the time but has the poten­tial of being a big­ger prob­lem for the company.

One can expect Microsoft to use this as a way to push upgrades to Win­dows 2000 but Microsoft’s change of license on Win­dows 2000 make this an unlikely route for some of the smaller play­ers. (Win­dows 2000 requires to buy an extra $2000 license for serv­ing web pages, on top of pay­ing the pre­mium that was already cus­tom­ary for the server.)

Either way it tries to play this, Microsoft looks like it’s going to loose more cus­tomers to Linux, which is not only free but also appears to be more secure.

Inter­est­ingly enough, this event could also be another argu­ment in favor of open source soft­ware. In the open source soft­ware envi­ron­ment, a trick like that would have been quickly eliminated.

Will Microsoft open-source Win­dows NT? Highly unlikely but when it comes to some­thing like IIS, it could be a way for them to reign in their own devel­op­ers and increase mar­ket­shares in the web server busi­ness. As Microsoft is in the busi­ness of sell­ing Oper­at­ing Sys­tems, it might want to con­sider this course of action. The open sourc­ing of IIS would not affect its profit line (IIS is given away for free by the com­pany already) and might insure Microsoft cre­ates a stronger prod­uct that could bet­ter com­pete with Apache, cur­rently the mar­ket leader and an open sourced pack­age itself.

How would this work? Look at Mozilla as a poten­tial exam­ple of how Microsoft could go about it.

First, make the source code avail­able to any­one. Then take in com­ments and changes and include them into a pack­age. Cre­ate a sup­ported ver­sion (ie. The offi­cial IIS ver­sion) and allow other devel­op­ers to cre­ate vari­ance on it.

The bot­tom line: in this sce­nario, Microsoft would retain and prob­a­bly increase its mar­ket share in a mar­ket it cov­ets: mid to high range web servers. Fur­ther­more, it would do so by open­ing up a dia­logue with the Inter­net devel­op­ment com­mu­nity, there­fore restor­ing some of its lost luster.

Related Terms

More in Analysis,Business,Media,Technology (7 of 7 articles)