This blog post is circulating the net claiming Apache is superior to IIS in terms of security. This claim is based on the number of system calls IIS makes versus Apache. The author goes on to show a diagram of those system calls (see below, click the picture for a larger version of the image), claiming this is the reason IIS is less secure.
Apache system calls:
IIS system calls:
I’ve been in web development for years… and yes, Microsoft has had issues in the past in regard to security. However, this claim is totally bogus. If you look at the past years security advisory notices and open issues for Apache versus IIS you’ll see a completely different picture.
Apache v2.0.x – http://secunia.com/product/73/ 33 advisories, 3 unpatched
IIS 6 – http://secunia.com/product/1438/ 3 advisories, 0 unpatched
Nuff said.
