Not logged in » Login
Aug 17 2015

Netcraft Warning: 175 Million Websites Run on Windows Server 2003 Machines

UK-based Internet services company Netcraft, renowned for its studies of web server and web hosting market shares, found that last month over 20% of all websites were delivered by servers still running Microsoft's axed server OS.

Netcraft's Web Server Survey takes place once per month and lists the grand totals of websites that respond to queries and the operating systems of the servers they're hosted on. The July edition found roughly 850 million sites residing on just under 5.4 million computers. Digging a little deeper, the researchers noticed that 175 million (20.6%) of these sites still ran on hosts using Windows Server 2003 – despite the fact that Microsoft had long announced it would end support for the veteran OS halfway through the month. Moreover, the bulk of these sites – 73% or 128 million – were delivered through servers employing IIS 6.0, a version of Microsoft's web server that was replaced by a completely redesigned IIS 7.0 in Windows Server 2008. The problem is especially pressing because end of support is to be taken literally: Redmond no longer offers any security patches or other assistance unless you're willing to pay unethical amounts of money – and unpatched systems may not only serve as backdoors into company networks, but also as malware hubs that infect visitors' PCs.

The condemnable sites used 1.6 million distinct IP addresses; however, since their host servers can have multiple IP addresses, this is not a meaningful metric to determine how many outdated systems might be facing the web. Instead, Netcraft applied what it calls "analysis of low-level TCP/IP characteristics" and found an installed base of 609,000 machines (11.3%) still relying on the 12-year-old software. Netcraft also tried to find out where these hosts reside – and discovered that 55% of the obsolete machinery were used by Chinese and U.S. companies (169,000 and 166,000 respectively). Further according to the July survey, the single biggest sinner is China's e-commerce giant Alibaba Group, which employed around 24,000 systems running Windows Server 2003, one third thereof to deliver cloud services. However, they're not the only culprit by far – even financial services such as NatWest (the UK's largest retail bank) and tech companies like Panda Security, a maker of antivirus end endpoint protection software, still exposed their customers to the particularly critical combo of WinServer 03 and IIS 6. Whether or not this strengthens customer confidence remains to be seen; Netcraft's blunt advice is to migrate immediately, especially to companies that are obliged to comply with PCI DSS.

As bad as these figures may seem, Netcraft's July survey actually has a more positive spin. The research team also noted that the number of web-facing computers was down 13,000 from the previous month, resulting in a loss of 29 million hostnames. This loss, they write, "was predominantly seen for servers running Microsoft IIS 6.0, 7.0 and 7.5. These versions of IIS are used by Windows Server 2003, which is no longer supported, and Windows Server 2008 (including 2008 R2), whose mainstream support ended in January." On the other hand, IIS 8.5 – which was rolled out as part of Windows Server 2012 R2 – is continually on the rise, indicating that users are finally ready to migrate to a fresher and safer server OS.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now