The vast majority of websites that are inadvertently serving malware have been compromised through the website itself, which can happen totally independently of the web server software or the host.
About the best the host can do is have a reasonable IP blacklist, but even that doesn't stop nearly enough attackers. (My little mail server, hosting only around a dozen accounts, is currently averaging 14 new SSH bans per day for example.)
The only thing that a "secure" host guarantees is that a compromised website can not lead to a compromised server; attempting to measure that by checking the number of malware-hosting websites at a service provider is the wrong way to go about it.
All that said, if you want a "secure" host without spending a lot of money, your best compromise would be an OpenBSD VPS, and then either spend a lot of time learning how to set it up correctly (and maintain it), or have someone do it for you.
Having NetSol and GoDaddy on a list of potentially "secure" hosts is hilarious.
edit: I'd recommend checking the Sucuri Blog (http://blog.sucuri.net/) for an idea of who's been compromised and how they've responded. Sucuri's pretty good at keeping track of all this stuff.
I kinda agree with you, but when you see 21% at Rackspace, it shows that something odd is going on there (taking out hosting-specific attacks, the % should be the same everywhere).
Heh! I just added a link to your blog as a recommendation, before seeing your reply.
My guess is that more of the stuff at Rackspace is being admin'd by customers who don't know what they're doing, versus the managed shared hosting at other places.
The US vs. Microsoft case started in 1998 [1], but the investigation started all the way back in 1991. Given that the DOJ has just initiated an investigation into Apple over possible antitrust violations in online music sales [2], we can expect to maybe see a case in 2017 or so...
That said, there are many difference between the Windows platform and the iPhone. When the DOJ started investigating Microsoft in 1991 they did have a monopoly on PC operating systems, and (as the DOJ investigation found) was using this power to unfairly give Internet Explorer an edge.
The iPhone platform may command the lion's share of the attention in the smartphone market, it is nowhere near a monopoly [3, 4]. The same cannot be said about the iTunes Music Store [5]. It seems, however, that the investigation into Apple's practices are moving beyond music [6], so we'll see in 7 years time about "does nothing".
"Lessons learned from the Apache.org defacement of 2000" would have been a pretty good title. I still would have clicked, but my expectations would have been differently calibrated. As the title was written, I was expecting Apache.org to be, currently, defaced.
The "from 2000" is not really relevant -- all the same technologies are in use and are likely misconfigured in the same way. There are probably 100s of sites on the Internet that could be owned in the way the article describes.
Intentionally provocative question: So you think domain squatting is ethical if it's done occasionally and unsystematically, but not if it's done in an efficient and industrious manner?
Your definition doesn't match how I usually see the term used, so I don't understand how it's the real one. Sure, it's written into law that way, but legal jargon doesn't supersede actual widespread usage except in a legal context. When people say "domain squatting" or "cybersquatting," they mean speculatively buying and holding a domain with no intention of using it, hoping to sell it later when it becomes valuable to someone else. (And no, putting up a generic advertising search page does not qualify as "using" it for the purposes of this definition.)
