Microsoft was criticized by vendors of other web server software, including O'Reilly & Associates and Netscape, for its licensing of early versions of Windows NT; the "Workstation" edition of the OS permitted only ten simultaneous TCP/IP connections, whereas the more expensive "Server" edition, which otherwise had few additional features, permitted unlimited connections but bundled IIS.
It was implied that this was intended to discourage consumers from running alternative web server packages on the cheaper edition.
[17] Netscape wrote an open letter to the Antitrust Division of the U.S. Department of Justice regarding this distinction in product licensing, which it asserted had no technical merit.
[18] O'Reilly showed that the user could remove the enforced limits meant to cripple NT 4.0 Workstation as a web server with two registry key changes and other trivial configuration file tweaking.
The new features are: IIS 8.5 has several improvements related to performance in large-scale scenarios, such as those used by commercial hosting providers and Microsoft's own cloud offerings.
It is portable, stores its configuration on a per-user basis, does not require administrative privileges and attempts to avoid conflicting with existing web servers on the same machine.
[51] Netcraft data in February 2017 indicates IIS had a "market share of the top million busiest sites" of 10.19%, making it the third most popular web server in the world, behind Apache at 41.41% and nginx at 28.34%.
Under 6.0 all request handling processes run in the context of the Network Service account, which has significantly fewer privileges, so should there be a vulnerability in a feature or custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in.
The study also observed the geographical location of these dirty servers and suggested that the cause of this could be the use of unlicensed copies of Windows that could not obtain security updates from Microsoft.
[61][62] The 2013 mass surveillance disclosures made it more widely known that IIS is particularly bad in supporting perfect forward secrecy (PFS), especially when used in conjunction with Internet Explorer.