This is not true, IIS 4.0 is choked full of exploits. Microsoft refuses = to fix a quite few of them considering they are winding down support for = that OS. This is why your friend hasn't had to patch his server. Where do you this Windows 2000's IIS got it's codebase from??? Joe -----Original Message----- From: drtester@xxxxxxxxxxx [mailto:drtester@xxxxxxxxxxx] Sent: Thursday, May 01, 2003 10:10 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] How secure is NT4 on the web? List, I have a friend who thinks running NT4.0 with SP6 and IIS 4.0 is a very=20 secure alternative to Win2k. He says he doesn't have to keep patching=20 his system, that it runs for over a year without needing intervention. Can anyone confirm/deny this? This machine is running on the open=20 internet, with some of the other "junk" services turned off. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm