Netcraft Says IIS Gaining on Apache

benjymouse quotes this month's netcraft survey "In the August 2007 survey we received responses from 127,961,479 sites, an increase of 2.3 million sites from last month. Microsoft continues to increase its web server market share, adding 2.6 million sites this month as Apache loses 991K hostnames. As a result, Windows improves its market share by 1.4% to 34.2%, while Apache slips by 1.7% to 48.4%. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position."

Google Web Server

[Major Blud]

The article refers to Google as being one of the web server providers. Is Netcraft referring to the Google Web Toolkit, or is there actually a Google web server that I don't know about?

GoDaddy and the like?

[dsginter]

Is this the possible result of Microsoft converting Godaddy's parked domains [microsoft.com] to Windows servers?

My server

[Anonymous Coward]

My apache server response is Microsoft IIS 7.0. So what?

// Artem S. Tashkinov

From the person above

[JeremyGNJ]

The person above asked if there's any compelling reason not to use apache.

I think the question to ask is if there's any compelling reason not to use IIS. I'm sure people will spew "because it's Microsoft and you dont want your website hacked", but that's not what I'm talking about. IIS has had some problems in the past, but these days it's pretty good.

The question is when an organization already has an investment in Windows, and local domains, management tools etc....is there any reason not to use IIS? Does apache provide anything above and beyond what IIS provides when it comes to general website hosting?

Not a surprise

[El Lobo]

Actually this is not a surprise seeing the stability, security and performance of the last versions of IIS. I am one of them who has migrated from Apache to IIS7 and I'm not looking back.

Re:What?!

[realmolo]

There is, in fact, a reason not to use Apache.

The configuration/managment tools suck. In fact, they're mostly non-existent. To get the most out of Apache, you are going to be editing configuration files by hand.

Now, don't get me wrong, Apache is great, and dealing with the configuration issues is not THAT difficult, and the benefits are worth the effort. But MAN. IIS is *so* much easier to deal with when it comes to 99% of the configuration duties that you need to do on a web server. The defaults are sane, almost everything just takes a few clicks to set up.

Now, if you want to AUTOMATE configuration of your webserver, obviously IIS royally sucks compared to Apache. But for clarity and simplicity of configuration, IIS wins by a mile. It's not even close.

Re:From the person above

[mwilliamson]

Running PHP/MySQL/PERL/PostgreSQL on windows is a pain in the butt. There is no automatic update mechanism like you get with almost any linux distribution, integration is poor, and support is almost entirely for running PHP/MySQL/PERL/PostgreSQL is for Linux.

Home computers.

[moshennik]

I am sure the growth of IIS is due to people running IIS on their home computers. They come with Windows/IIS and most of them don't even know that apache is a choice. I can't really understand the reason behind the Apache decline.

Re:From the person above

[shinma]

There is no integrated mod_rewrite solution on IIS.

That's enough of a dealbreaker for me.

Re:GoDaddy and the like?

[the_mighty_$]

I don't think parked domains are considered "active servers." The Netcraft stats show that IIS is gaining ground against Apache even faster among active servers than nonactive servers (see this graph [netcraft.com]). Godaddy switching to IIS would not explain that.

Or am I misunderstanding what "active servers" are?

IIS Already Leads Where Microsoft Cares

[ThinkFr33ly]

IIS already has a pretty dramatic marketshare lead [port80software.com] when it comes to the Fortune 1000.

Re:What?!

[Zeinfeld]

Is there any compelling reason _not_ to use apache?! o.O

If you are using Visual Studio dotNet as your development environment you are not going to find Apache works too well.

The netcraft survey is bunk because it measures a quantity that has always been irrelevant. In the past the market share of Apache was artificially inflated because most parked domains would sit on Apache boxes. Now Microsoft has identified that as an issue they are starting to get the advantage.

The quantity of interest is not who supplies the Web server but what the development platform is. As a practical matter any code of interest can run on ISS but rather less can run on Apache and less again on LAMP.

And there is no guarantee that the code engine will be visible in any case. You could easily have an IIS back end written in dotNET being served up through a squid front end.

And the rate of use says nothing as to whether the software is any damn good. There are still plenty of FORTRAN and COBOL coders even though the languages are abysmal.

Re:What?!

[Conor Turton]

So if the Apache team makes a GUI option for configurations then it would probably start gaining the lost market share back?

Only as long as they don't get the same GUI team that The GIMP project uses. People wouldn't just be crawling away from Apache, they'd be running.

Seriously, some FOSS projects need to get more serious about the front ends. Editing config files by hand is so 1990's. Maybe that's why FOSS doesn't get taken as seriously as it should, because it looks like it harps back to DOS days.

The ASP Effect?

[INeededALogin]

In the last 5 years... I went to 2 Universities. One of them was a crappy, private University whose entire program focused on Microsoft. It was one of those afterwork, pay us a lot of money for a degree thing. I left that place and went to a State University(soon to be the largest in the state). I was shocked to find out from the CS majors that they had a large Microsoft Curriculum as well. Apparently, Microsoft gives a lot of money to the Universities to ensure that they are a central part the curriculum. Since a lot of students are learning about ASP, Visual Basic and .NET... is it any surprise that these same students are going into the workplace and using these tools instead of a perl, php, ruby, python inside of Apache.

Sites vs IP numbers

[SgtChaireBourne]

If that's the methodology, then the more obvious solution is to base any statistics on IP address, and not on sites. Honestly, I can't imagine why anyone would use a "site" as the primary means of doing web server counts.

One IP number can represent dozens of name virtual hosts. So if you count IP numbers you get stats favoring IIS, which has closer to a 1:1 ratio (or worse) of machine to web presence. If you count hostnames, you get stats favoring all other HTTP servers.

And if you limit your survey to HTTP compliance then you eliminate all IIS sites. Add in TCP/IP compliance and you eliminate anything hosted on MS Windows [neohapsis.com], accidentally, out of ignorance or otherwise not just IIS but also Lighttpd and Apache.

Lower Quality Admins

[pembo13]

I think the main reason for this is that the quality of admins is dropping. I say this not because they are using a Microsoft product, but because more and more my interactions with supposed sysadmins are quite depressing.

Re:GoDaddy and the like?

[MightyMartian]

Good point. Perhaps there is simply no way of legitimately determining what the underlying platforms are. There are so many webservers out there that maybe the whole notion is bogus.

Personally, I've worked with IIS and Apache. I find IIS a real pain to administer, and often difficult to diagnose problems. Apache is a bit more difficult to get up and running, but having easily accessible configs makes it a lot easier to maintain.

Re:GoDaddy and the like?

[jafiwam]

And, by what magic of the new HTTP 2.0 protocol are you running two different server software types on the same IP and on the same port?

Counting by IP address is by far, more accurate than comparing hostnames and sites. So counting by IP is MORE VALID than the method they used. Despite your ignorant little point.

If you want to count individual BOXES, then IP is as close as you are going to get without doing a survey or special fingerprinting of the data to find differences in machines. (It will still be too big, I run 122 IPs with about 350 sites on them. The ratio changes all the time due to customers coming/going and reconfigurations...)

I am going to guess, that the fact that millions of "parking" domains are run for the most part on Apache causes the popularity of that particular activity of lowlife scum to weigh heavily in the Netcraft numbers.

MIcrosoft Learns

[parvenu74]

In case you haven't noticed, the brain-trust at Microsoft doesn't sit still, and they have the financial and monopolistic resources to try and try again until they get it right. Moreover, as C# and .NET have shown, when you get the right people involved (Anders Hejlsberg) on making an in-house version of a very compelling technology (Java), Microsoft is more than capable at delivering a winner.

In the case of IIS 7, they have finally decided to create a Windows webserver in the modular blueprint of Apache. The betas of IIS 7 show that performance and security are better than anything that's come before it -- not just any IIS, but any webserver. Hell, the guys at Zend are saying that Zend on IIS 7 will be the most robust way to deploy PHP! And this is all built on the evolved form of Windows 2003 server, which has been the most secure O/S ever released by MS, something that a even a n00b with one weekend of training can lock down as tight as your favorite flavor or Linux.

Rather than stand around and argue about it, y'all need to get to work on Apache 3... and get ready to play catchup to MS again. The insecure days of IIS 5 are long gone; you've got your work cut out for you.

Re:What?!

[Sycraft-fu]

"There are still plenty of FORTRAN and COBOL coders even though the languages are abysmal."

That's a pretty ignorant statement. I know very little about COBOL, but Fortran is a very useful language. It is extremely well suited to numerical and scientific computation. That's a small market, to be sure, but an important one. There's a reason why the most recent standard came out in 2003 and another is in the works (tentively Fortran 2008). There's a reason why Intel sells high performance compilers for two languages: C/C++ and Fortran, which they actively update.

There is no such thing as a "best" programming language. They are tools and you should use the right tool for the job. You can accomplish a given job with essentially any tool (by necessity, any Turing complete language can do anything any other can, including implement the other language) but that doesn't mean they are all created equal. Just because you don't like Fortran doesn't mean it doesn't have uses.

Re:The ASP Effect?

[Anonymous Coward]

Indeed. And that buyout isn't exclusive to CS courses. I'm studying to become a civil engineer and in the university I go to, somehow MS got a hold in the curriculum and now civil and mechanical engineer students started being taught C# in the intro to programming course. I do not know who thought that the idea of doing numerical analysis in C# was a good one.

Re:What?!

[the_womble]

The defect rates of our new C# code compared to our old C++ code are microscopic.

Well, that is a surprise! Why not drop the apples to oranges comparison and compare c# to Java?

Re:GoDaddy and the like?

[rubycodez]

well, hello Bill Gate's fluffer. The costs of the major worms and malware have been documented, if you'd take the time to research before spewing useless nonsense.

At the risk of being flamed...

[Toreo asesino]

I personally think IIS is a superior webserver to Apache. I speak as someone who's had to administer both systems, and like anything each has thier own quirks + benefits etc, but crucially...

Apache is not as modular as IIS (v7 that is). IIS7 you can literally strip it so bare, all it can do is send empty HTTP 200 responses - an absolute shell of a webserver. Not even file html/file-system support. Want disk-access? Turn on disk-access module. Want asp.net? Turn on the asp.net module. Absolutely everything (and really, everything) is a module that can be ripped out.

IIS6+ deals with HTTP requests at a kernel level. That is core functionality such as responses, caching, etc are all dealt with at ring0. Performance is unbeatable.

Oh and security? IIS6 has never been rooted, ever. Add-ons have been (asp.net for instance), but IIS6 has never been.

Oh, and it's locked down by default. And easy to administer.

In my opinion Linux is probably the better OS to host a webserver on, but IIS does spank Apache all over I'm afraid - mainly for the stated reasons above.

MIcrosoft Charges Too

[mpapet]

I admin both win2003 and Debian boxes. What you say may be true, but you don't address the COST of windows-server-2007.

In my particular environment (high-availability, low-cpu count) microsoft license costs are extremely high compared to the same feature set in Linux. If you move into high-availability high-cpu count the costs are astronomical.

I have a sneaking suspicion that either:

A. Microsoft is gaming the system explicitly. (ex. Netcraft adjusts their collection methods)
B. Microsoft is gaming the system implicitly. (ex. the Office back end crack pipe.)

The idea that even an idiot parking domains would **pay** for something they previously got free is implausible.

OT Comment
I suspect some of the .net fanboys in this post are shills, because I just don't find it *that* much better than a Free stack.

Apache on Windows

[athloi]

Apache on windows is not a difficult install. I've done it many times, for multi-homed domains, and it works quite well.

People install IIS so they can use Microsoft's varied and highly efficient enterprise application development tools. The tools are superior for business needs, and so with them come the operating system and web server.

I continue to prefer Apache on FreeBSD (not Linux) as my primary platform if I want stuff to work right from the beginning, but on Windows 2003 or greater or Linux from the same vintage, practical performance (real-world factors that users and business cohorts will notice) is very, very close.

The operating system has grown up and so has the web server. The vast gulfs in performance are no longer so vast. I'm not sure how I feel about this either. Part of me will forever be nostalgic for the computer gang warfare days of the 1980s, when Apple II users snubbed PC owners, Commodore 64/128 users were lawbreaking maniacs, the weird kids used Ataris to make techno and the Amiga people were as annoying as the Macintosh people are today.

Interestingly, from the days of the 286 onward, finding home UNIXen was not as difficult as one might think. First AT&T, then Minix, then a number of ports of Berkeley and AT&T UNIXes came down the path. True, it required top-notch hardware, but that was an artifact of the time when most machines were 1-8 MHz boxes.

Ah, nostalgia!

Re:GoDaddy and the like?

[dindi]

Agreed, I NEVER had to restart an apache because it was hung, only for scheduled maintenance. I worked in a 1000+ server infrastructure till now, and the only pain came from IIS and JAVA servers. Note: yes I know they are apache tomcats at the end (Jboss, WL, WS), but it is a completely different story.

taking a go-kart to Daytona?

[xeno]

Even accounting for the GoDaddy domain-parking nonsense, there's not much to these numbers. An IIS server is not equal to an Apache server in any way, shape or form. It would be like saying there are more IIS bicycles on the road than Apache locomotives, so therefore IIS is more important to the transport of people or goods. It's demonstrably bunk. While quantitative evidence is out there regarding applications and numbers of users per server, I think the following anecdotal bit sums it up nicely.

In a very large quasi-governmental organization, we have a major application that runs on a handful of Oracle systems and serves double-digit thousands of people with acceptable performance over the last half dozen years. There is an ill-thought-out project underway (a year into development) to replace this with a steaming pile of .NET. And it's a BIG pile.

How big? Follow me on this one: First they modeled the .NET application on the old client-server app, but the network chatter was 20x the capacity of the network because the MS-trained app architects could not wrap their heads around the idea of a constrained WAN. What used to be a small record lookup and update of about 300k over the wire turned into more than 6MB of inter-domain line noise.

Then they decided that WAN applications must mean that we wanted a web application (how silly of us), and they re-wrote it as a web app. Not understanding that a significant amount of those users are off-line and synchronize only once a day, the connection/session limits were quickly saturated even before many users complained that they simply could not connect.

The third solution proposed by Microsoft consultants and one of the largest Indian development houses? Install IIS on every remote user's laptop, and have SQL Server synchronize in the background so that the newly web-ified application can operate offline. Let me clarify that: For these thousands of remote roaming workers in the field, many with a public IP, there is one copy if IIS PER USER for a major MS application. And while every time this comes up the Indian developers mutter under their breath things so foul I didn't think you could say them in Hindi, the MS-employed wonks ...BLINK... BLINK... don't seem to recognize there's even an issue.

So the discrepancy is not that IIS is "gaining" on Apache, but that IIS is being dumped out in the street in every cereal box and bubblegum wrapper as part of the .NET mess for purposes it's clearly incapable of serving and that even Apache would be no good for . Just my subjective opinion, but I don't think anyone would ever do this with Apache. The result is that a single project -- an abject failure of a bad design from every meaningful metric, and the willful ignorance of user requirements in favor of vendor fantasies -- shows up on a webserver market share survey as a several-thousand-instance win for MS. By all indication from MS consultants, this is not a unique event.

In the immortal words of Stan Lee: 'Nuff said.

The lure of a truely zero-fuss .Net

[Qbertino]

Apache is neat. Very neat.
PHP is neat. Very neat.
Compared to any other SSI solution that is.

...etc. ...

There is but one problem. The world and especially the web and it's technologies is moving along at a breathtaking pace. Apache is neat, but it's style of configuration is nearly 10 years old from back when XML was considered the hottest thing since sliced bread.
Why isn't there a zero-fuss web interface backend built into Apache that enables me to configure anything I want with 3 clicks of a mouse (with a backend deactivation option of course). Why isn't there a version of PHP with a MySQL driven persistance layer and SQL-free serialisation built right into it?
How come a little bit of marketing, screencasts and a website which, for once, doesn't look like shit, and suddenly people think Rails is the holy grail of webdeving? Rails and the hip project hype they kicked off is a very good thing, but it shouldn't stop just there.

Don't get me wrong. I'm convinced that Microsoft, in terms of available software technology, is an incarnation of evil and should be avoided at all costs unless there is a solid reason not to. 'Client wants Exchange' could be one. But we have to be realistic about this. It takes only a handfull of people at MS with 2 or more braincells, freshly assigned decision power and half a billion out of Microsofts piggybank to build an entire webstack that blows any OSS solution (Zope, Rails, Django and whatnot included) out of the water and into next wednesday, technology wise. Even the most advanced OSS webstack today has superfluos installation fuss one has to go through that should disapear ASAP. There is a lure of a truely zero-fuss .Net. Look at the countless Linux people flocking to Mac OS X to see what I mean.

IIS, .Net and whatever from MS not sucking to much is a reaction to the pressure the feel from OSS. They may be reacting to this, thus the rise in IIS hits.

Then again, MS bought Godaddy just to raise their level of IIS installs by a few percent, and LAMP machines are extremely Multi-Domain friendly. This Necraft study might just be reflecting this. And I have no doubt that should Apache drop to a real 30%, they'd get their shit together and start building a full integrated OSS webstack that picks up where Zope ends. And not only halfway there. I hope so anyway.

My 2 Eurocents.

Microsoft Gaming Netcraft

[mpapet]

I don't know jack about the methodology Netcraft uses nor do they make it clear. The "top developers" attributes Google as the big winner, but there's no documentation on those stats either.

This page is pretty strange. http://uptime.netcraft.com/up/today/requested.html [netcraft.com] The site blink.nu is a microsoft press release machine of some kind and has ~1.6 times the number of queries of the next nearest site. Odd to say the least.

Conjecture aside, what's happening is all kinds of GPL(ish) projects are growing and the stats are being positioned as a loss for Apache. This is very similar to how NPD intellect royally screws Apple in favor of Microsoft by aggregating all PC's with Microsoft's OS against Apple. Disaggregate the numbers by vendor and you find Apple does extremely well in consumer segments.

Well that explains a lot

[erroneus]

As I have been following spam trends, I have noticed increasingly that a lot of spam is originating from compromised boxes within the US at hosting facilities. Some of these compromised boxes are LAMP boxes, but the majority of them are Windows boxes I have been finding. (sources from outside the US are somewhat irrelevant to me since I set up spamassassin rules that ranks spam from outside the US well above the minimum score... the vast majority of actual spam is coming from connections outside of the US even if the originators are still from the U.S.)

So as we see this increase in Windows servers on the net, I fear we'll see an increase in incidents of machines compromised for bot membership and on and on.

I'm *NOT* saying that Linux is more secure in this regard. As mentioned above, some compromised boxes are, in fact, LAMP boxes. I'm saying that Windows boxes are an easier target and are targeted more often and compromised successfully quite often with automated measures since they are all typically configured the same ways with the same directory structures, software patches and updates etc. (With the variety of Linux distros out there, there is far less incident of homogeny in system configuration which at the very least slows down automated procedures for compromises and take-overs.)

In any case, I think there's a distinction to be noted in that more frequently targeted doesn't mean less secure. (I hope G.W.Bush isn't reading this...) But given that Linux and Windows security is equal (indulge me), what does it mean when Windows is targeted more often?

Re:What?!

[moosesocks]

People (I.T. guys included) will almost always go with what they are comfortable with. IIS is very easy to configure and you could have a Windows Server up and running in no time. With Apache, it's not so simple. Modifying text files gives the admins great control over nearly everything; but it's not so simple. And some n00b admin couldn't exactly master Apache in a weekend like they could IIS.

Really?

sudo apt-get install apache2 php5 libapache2-mod-php5 mysql-server
sudo /etc/init.d/apache2 restart

This gives you a setup that works right off the bat, and is reasonably secure. IIS has *nothing* on Apache. Configuring a more flexible site does take a bit of elbow grease, but I wouldn't say that it's any more than IIS.

Upgrades are also a cinch, and don't require a reboot.

Re:Close your eyes and plug your ears.

[dave562]

I can't speak for the GP, but I think that he is referring to the application stack, as in LAMP. In that case it isn't so much Apache's fault that PHP has some issues, but the fact that Apache is the main environment for PHP developers causes its name to be sulled by the association.

Re:Close your eyes and plug your ears.

[QuoteMstr]

Roughly, because PHP manages to do less with more.

Two articles:

Experiences of using PHP in Large Websites [ukuug.org]: from 2002, but the basic PHP philosophy hasn't changed since then (although some specifics have). Oversimplification and pandering to less experienced developers hurts the language as a whole.

PHP in Contrast to Perl [tnx.nl]. From the table of contents:

• Arguments and return values are extremely inconsistent
• PHP has separate functions for case insensitive operations
• PHP has inconsistent function naming
• PHP has no lexical scope
• PHP has too many functions in the core
• PHP lacks abstraction and takes TIMTOWTDI to bad extremes

It's not that PHP is that bad. VB, COBOL and PL/1 were all much worse. It's that there are better languages out there that people never learn because they learned PHP as "n00bs" (you can almost detect a PHP developer by his use of that word) and are complacent with it.

Incidentally, I think it's a lot more mind-expanding to learn two programming languages than to learn one. I see single-language people all the time confusing possibility with possibility in a particular language, or confusing overall algorithms and data structures with particular idioms from their pet language. It's sad.

Re:What?!

[Tom]

Yes and no.

I've successfully fixed and restarted a broken Apache configuration on a Palm III going online via mobile phone and IR link (I was on the train, no other option for at least half an hour).

Try that with IIS. And no, that wasn't a minor thing, the company was losing an estimated 500 for every minute the server was down.

There are many good reasons why plain-text configuration files are still a good idea in 2007. One of them is that if you want a flashy GUI go and write one. You can. It's an open, well-documented, easy-to-implement format.

Re:What?!

[backwardMechanic]

"It is extremely well suited to numerical and scientific computation."

I wish it wasn't true. It's nasty, horrible, ugly to write and maintain. But it is still true, it's damn fast. I write high performance EM simulators in C++. They're quite fast. On a really good day they'll reach the speed of the equivalent Fortran code. At best. I prefer C++ because I spend at least as much time messing with code as running it. The astrophysics guys here almost all write in Fortran. The protein folders too. If you're trying to simulate the whole universe, every bit of speed makes a difference and Fortran still has the edge. Sigh. Maybe I'll be forced back into writing it some day.

moderators! moderators! moderators!

[Gary W. Longsine]

Look, you jackass moderators, the parent is an example of "Overrated" perhaps, but it's not a Troll. "Troll" should be used sparingly. If you don't understand what a Troll is, then don't fucking rate a post as "Troll". There has been a flood of inappropriate Troll ratings for the past several months. I seem them constantly.

To the rest of you, please, meta moderate frequently, and be sure to flag these kinds of things as "Unfair". It's the only hope to save Slashdot. God knows the keepers of the system won't fix the algorithms that allow people to be bounced out of the moderation system by a couple jackass moderators flipping Troll mods at all the people they don't like.

Re:moderators! moderators! moderators!

[Gary W. Longsine]

I disagree. While Twitter's posts tend to be vacuous, insipid, information-free, or merely incorrect on occasion, it isn't entirely clear to me that this differentiates Twitter's posts from, oh, probably half of the other posts at Slashdot these days. If the only difference is that Twitter has an opinion that annoys some people who use their mod points to punish people with differing opinions. Although Twitter can't express it very well, Twitter's opinions tend to be rooted in the notion that Microsoft is a convicted monopolist which has the media by the short hairs and which has done far more damage to the pace of technology development through use of anti-competitive and illegal monopolist tactics, than they have helped the pace by investment in R&D and delivery of interesting, innovative, high quality software.

With respect to the particular post above us, Twitter is being punished for having an opinion that differs from the moderator, rather than being punished for being consistently insipid. The Twitter post in question is weak sauce, but it isn't off-topic and it's not even really much different from the opinions held by quite a few people posting round here. Hell, it really isn't even inflammatory enough to warrant the briefest consideration as a Troll mod if it has been posted by some random newbee, for example, or by someone who posted on a wider variety of topics and had more "street cred".

Maybe other Twitter posts are Trolls, but this one seems unfairly punished by, what, possibly a paid pro-Microsoft contingent? Abuse of the Troll and Flamebait mods to squelch opinions that the moderators don't like appears to me to be entirely too common of late. Personally, I'd rather never see another post by that twit, Twitter, they are a waste of electrons, but Troll is an abuse in this case.