Monday, December 19, 2005

Why run IIS on Windows XP?

http://ingehenriksen.blogspot.com discovered a Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit on Friday the 16th.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.

No comments: