FTP for Windows – FileZilla is the way to go.

Windows IIS comes with an FTP component. I wish it didn’t. Because it is there, one would be tempted to use it. Do not succumb to this temptation. Pain and misery will ensue.

First off, IIS FTP is painfully slow. You can actually feel it in your bones how slow it is if you have used anything else. Second, it is completely dangerous. Here is what I mean by that. IIS FTP uses real Windows user names for authentication. It’s possibly to use the same real user and password as on the startup screen on your domain-cotrolled desktop or laptop.

This means that anyone can use FTP to attempt to locate usernames and passwords that work all over YOUR network! Yikes. Even worse, the bad guys will attempt to find your DOMAIN ADMINISTRATOR username and password. This is a search for the keys to the kingdom. It is possible to limit the exposure, but by default any user could be at least exposed as being a valid username, even if that user can’t login to FTP.

There is hope here, in the form of FileZilla Server. It is fast, it uses its’ own list of users, not the local computer’s or the domain’s, and you can set individual user directories with per-user rights. It’s quite simple to set up and has a great Windows FTP client available. And it’s free, but you can make a donation to the cause.

Leave a Reply

Your email address will not be published. Required fields are marked *