> Pardon me, but why in the heck would they do that? Performance? That's what they claim.
> Do you have any references on this that I can read? A google search on "iis kernel" brought up too many references to list. However, the following was found at http://www.infosecuritymag.com/2003/apr/lockdown.shtml: ---------------------- Finally, Microsoft made a major architectural change to IIS to improve its performance. The logic responsible for initial processing of HTTP requests was moved out of IIS, which runs in user mode, to a kernel-mode component called http.sys. Code runs faster in kernel mode. But this could also be disastrous if the code falls victim to a buffer overflow, since kernel mode operates at a much higher privilege level. Microsoft is aware of the increased security risk posed by http.sys, saying it has mitigated this risk through extensive security testing, including threat modeling and independent code reviews. ---------------------- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
