[oclug] Re: LAMP vs MS Solutions for Small Business

[Rod Giffin]

I'll deal with the "security" issue after this.

On Fri, February 18, 2005 1:39, A Blair said:
> Because security trumps cost for us (as in most businesses) according
> to this analysis the Board would probably go with the Microsoft
> solution.  Whoa, can I be reading this right - a discussion on the
> relative merits on the *Linux* users group mailing list results in the
> adoption of the Microsoft solution?

Well, no actually.  Because the conversation is fixed on your end.  All we
know about the requirement is that you say you want to build a POS system
from the ground up.  Your programmer friend on the other hand, knows your
business probably pretty intimately by now.

You mentioned a weblog, which happens to compare IIS6 with Apache 2.0.X
security incidents.
http://weblogs.asp.net/michael_howard/archive/2004/10/15/242966.aspx

That weblog turns out to belong to a Microsoft employee, who is comparing
a single released product with an entire product line, including every
beta and release candidate that was ever produced.  He is also using
statistics in a peculiar way because Apache 2.0.X covers a lot of
territory, including beta and release candidate software.  IIS6 is a
single released product.

Nonetheless, he says he is quoting from Securina.com, which is actually a
reputable company.  SO let's see what Securina.com ACTUALLY says
(references are cited).

"Microsoft Internet Information Services (IIS) 6 with all vendor patches
installed and all vendor workarounds applied, is currently affected by one
or more Secunia advisories rated Moderately critical " --
http://secunia.com/product/1438/

"Apache 2.0.x with all vendor patches installed and all vendor workarounds
applied, is currently affected by one or more Secunia advisories rated
Less critical"  -- http://secunia.com/product/73/

So while IIS 6 is rated as moderatly critical, Apache is rated LESS
critical.  That would actually tip the scales in favour of LAMP, don't you
think?

Rod.