Numbers Games

Jim Jagielski comments on a bump in this month’s Netcraft figures (the SecuritySpace survey gives radically different results, demonstrating the effects of different sampling).

One thing that he doesn’t mention is an artifact familiar amongst those who know about browser stats: spoofing. It’s clear that it happens: it’s an FAQ on more than one Apache mailinglist, and lots of people are quite insistent about it. Mainstream and reputable apache security books recommend it, and show as an example setting it to claim to be MS IIS. Some of the people on the lists are doing it for (percieved) security reasons. Having these recommendations out there ‘in the wild’ puts systematic downward pressure on the survey figures.

Because Apache is opensource, it’s very easy to spoof the signature. And even for those who would be scared to change a light bulb, there’s the option of doing it with mod_security. Given that it’s both trivial to do and recommended by some, one could argue that it’s impressive that it holds up anything more than a niche market share in these statistics.

Of course, that doesn’t apply to closed source servers like IIS. Does it apply to other open source servers? I don’t know, but I expect they may benefit from the evangelism that comes from being part of a minority community. Apache and IIS may be the only servers whose numbers are so high as to be totally dominated by non-core-community users.


Posted on February 9, 2007, in apache. Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: