Dispelling the myths of IIS security
Reading around a few IIS blogs yesterday and came across a really good post by Tobin Titus addressing the largely false conception in the wider web hosting community that IIS is not a secure platform to host your web infrastructure on. In his post Tobin covers the hard lessons Microsoft had to learn after the Code Red and Nimda exploits, and how they have been addressed.
Nobody is denying that the default install of IIS 5 left a lot to be desired from a security point of view. The idea of turning everything on by default for an Internet facing service does not make a lot of sense. Since then though IIS has made a lot of improvements in this respect. First in IIS 6, and even more so now with IIS 7.
I highly recommend you drop by Tobin's blog for a bit of a read. Even if you don't have any specific IIS security concerns, it is good to get an understanding of what has been changed under the IIS hood to dispell the myth that IIS is not a secure web hosting platform.