Article ID: 307439 - View products that this article applies to.
This article was previously published under Q307439
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses Microsoft's policy regarding the availability and necessity of security patches for Microsoft Personal Web Server and Microsoft Peer Web Services.
Personal Web Server and Peer Web Services are basic Web publishing services for use in low-volume, protected, and secure networks.
Windows 95, Windows 98, Windows MEVarious versions of Personal Web Server are included with Windows 95, Windows 98, and Windows ME; however, no version of Personal Web Server installs by default. Peer Web Services is not included with these platforms, nor can it be installed on them.
Because Windows 95, Windows 98, and Windows ME are not secure platforms, Personal Web Server is not intended for hosting Internet Web sites and is not supported in this capacity. As a result, security patches are not available for Personal Web Server on these platforms. Microsoft recommends that you use Microsoft Internet Information Services (IIS) for Internet Web sites.
Windows NT 4.0 WorkstationPeer Web Services is included with Windows NT 4.0 Workstation, but it does not install by default. Personal Web Server 4.0 is included as part of the Windows NT 4.0 Option Pack (NTOP), but it does not install by default unless Peer Web Services is already installed when you apply the Windows NT 4.0 Option Pack. In this case, Peer Web Services is automatically upgraded to Personal Web Server 4.0.
Peer Web Services consists of a scaled-down version of IIS 2.0. Because IIS 2.0 is no longer supported, security patches are not available for IIS 2.0 or Peer Web Services.
Personal Web Server 4.0 is a scaled-down version of IIS 4.0, which is supported. Any security vulnerability that affects IIS 4.0 also affects Personal Web Server 4.0. Therefore, the IIS 4.0 patch can be installed to eliminate it. However, Personal Web Server 4.0 does not provide any support for ISAPI. Therefore, if a vulnerability in IIS 4.0 involves an ISAPI extension, Personal Web Server 4.0 is not affected, and no patch is needed (although installing the patch in such a case does not cause any harm).
Windows NT 4.0 ServerNeither Peer Web Services nor Personal Web Server are included with Windows NT 4.0 Server products. When you install the Windows NT 4.0 Option Pack on a computer running a Windows NT 4.0 Server product, the Windows NT 4.0 Option Pack installs IIS 4.0, which is fully supported and for which security patches are available.
Windows 2000 ProfessionalNeither Personal Web Server nor Peer Web Services are included with Windows 2000 Professional, nor can they be installed on it. Windows 2000 Professional does include a scaled-down version of IIS 5.0, but it is not installed by default unless the computer was previously running Windows NT 4.0 Workstation and Personal Web Server 4.0, and you upgraded to Windows 2000 Professional. In this case, Personal Web Server 4.0 is automatically upgraded to IIS 5.0 as part of the Windows 2000 installation.
IIS 5.0 is fully supported, and the security patches for it can be installed on a Windows 2000 Professional system. However, the version of IIS 5.0 that installs with Windows 2000 Professional does not provide any support for ISAPI. Therefore, if a vulnerability in IIS 5.0 involves an ISAPI extension, you do not need to install the patch on Windows 2000 Professional systems (although installing the patch in such a case does not cause any harm).
Windows 2000 ServerNeither Peer Web Services nor Personal Web Server are included with Windows 2000 Server products. IIS 5.0 is included with Windows 2000 Server and installs by default. IIS 5.0 is fully supported, and security patches are available for it.