Memset had the most reliable hosting company site in March, responding to all but three of Netcraft's requests.

Memset provides dedicated physical and virtual servers, all-inclusive managed hosting and cloud-computing services from their two data centres near Reading, UK. Memset uses Apache on Linux to run their own website.

The second most reliable hosting company site in March was DataPipe, responding to all but four of Netcraft's requests.

DataPipe provides custom managed hosting solutions for businesses with complex Internet facing infrastructures with over 1,000 customers in seven data centres across the United States, Europe and China. DataPipe use Apache on FreeBSD to run their own website.

Six of the top ten in March were identified as running Linux and three as running FreeBSD. The operating system used by one of the top ten could not be identified.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage.

Further information on the measurement process and current measurements are available.

In the March 2010 survey we received responses from 206,675,938 sites.

This represents a slight fall in the number of hostnames seen since last month and consequently most of the major web servers experienced small losses in hostnames relative to the February 2010 survey: only lighttpd and Google gained hostnames, with increases of 560k and 275k respectively. The overall gain for lighttpd originates from 785k parked hostnames at SAVVIS in Australia, catapulting the proportion of hostnames using lighttpd in the country from 2.29% in February to 37.80% this month.

For the third month in a row nginx lost sites, recording 1.3M fewer hostnames in March than in February. This is again due to losses from Wordpress as stale blogs continue to be expired from the survey. nginx also lost in terms of active sites (down 1.2M since last month) while the other major web servers saw minor gains in this metric.

A new internet browser, Comodo Dragon, reports that more than half of the world's valid SSL certificates are unsafe.

Comodo Dragon is based on the open source Chromium project, but includes additional security and privacy features. In particular, when a user browses to a site that uses a domain-validated SSL certificate, Comodo Dragon will warn the user that the site may not have undergone trusted third-party validation.

Users are presented with buttons to "Proceed anyway", or go "Back to safety". The warning message explains why such a site is deemed to be unsafe:

The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with, and many websites connected to cyber-crimes use this type of security certificate. Prior to exchanging sensitive information including login/password, personal identity information, or financial details such as credit card numbers with any website that generates this warning, you should find some alternative method of validating this business or consider abandoning the transaction.

Mainstream adoption of this behaviour would have a huge impact on e-commerce — more than half of the SSL certificates in use on the web are domain-validated, and this market continues to show strong growth due to the generally lower costs and ease of issuance when compared with organisation and extended validation certificates.

However, none of the popular browsers provides an explicit warning when browsing to a domain-validated site. With such widespread use of domain-validated certificates, it would undoubtedly lead to uproar if any of these browsers were to display warnings when users browse to domain-validated sites.

Although Comodo states that many websites connected to cyber-crimes use domain-validated certificates, Netcraft's phishing site feed shows that only 0.3% of reported phishing sites use HTTPS, including those running on compromised servers with SSL certificates already in place.

Netcraft found 683,563 valid domain-validated certificates in its March 2010 survey. Go Daddy has issued more than half of these, which it currently sells at $29.99 per year for new purchases.

Comodo itself is also a sizable player in the domain-validated SSL market, accounting for 7.6% of all domain-validated certificates. Ironically, domain-validated certificates signed by Comodo are also reported as being potentially unsafe, including those sold via hosting companies such as DreamHost.

DreamHost's CTO, Dallas Kashuba, told Netcraft: "I think the information being presented about the nature of the SSL certificate is useful, but the approach Comodo has taken to present the information is heavy-handed and seems a bit too close to "crying wolf". I worry that users of the browser will see that warning so frequently that they will become desensitized to all warnings."

Last year, DreamHost launched an amusing tirade against certificate authorities, criticising the "entirely automated" process of issuing domain-validated certificates. To prove a point, DreamHost then began offering domain-validated certificates to existing customers for only $15, stating: "...we're not making anything on them because we feel the whole business is a scam!"

DreamHost's Kashuba also told Netcraft: "I think Extended Validation SSL certificates are a good way to reduce the impact of phishing and other similar nefarious activities, but is not a necessary expense for most secure websites."

There is no doubt that upsetting the current level of trust in domain-validated certificates would cause problems: Many FDIC members continue to use domain-validated certificates for their banking sites, including Bank of the Sierra, Bank of Hawaii, TierOne Bank and Great Western Bank.

For additional information or details on how to order the Netcraft SSL Survey, please contact us at sales@netcraft.com.

NaviSite had the most reliable hosting company site in February, responding to all of Netcraft's requests.

NaviSite, providers of managed hosting and application management solutions, sold its Lawson/Kronos Managed Application Service business this month in order to "focus on providing Enterprise-class cloud computing for large organisations with complex environments". NaviSite uses Apache on CentOS to run its own website.

The second most reliable hosting company site in February was DataPipe, responding to all but one of Netcraft's requests.

DataPipe provides custom managed hosting solutions for businesses with complex Internet facing infrastructures with over 1,000 customers in seven data centres across the United States, Europe and China. DataPipe use Apache on FreeBSD to run their own website.

Six of the top ten in February were identified as running Linux, two as running FreeBSD and one running Windows Server 2008.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage.

Further information on the measurement process and current measurements are available.

In the February 2010 survey we received responses from 207,316,960 sites.

The biggest change of the month belongs to Apache with a 1.6M increase in hostnames. It was closely followed by Microsoft which saw a growth of 1.1M.

After a year long consistent rise nginx is experiencing a loss for a second month in a row as inactive weblogs on WordPress and 163.com are expired out of the survey. This month nginx had a decrease of 1.5M hostnames, which brings its total down to the number of hostnames it had in October.

China Internet Network Information Center has recently announced a change in the .cn domain name registration regulations. Since December 14th individuals can no longer register .cn domains and a paper application has to be submitted to register one along with photocopies of the company business license and registrant ID. While this has reduced the frequency of .cn domains in spam, it does not seem to have affected the growth of the domain. Netcraft has discovered 49k new hostnames in .cn this month, compared to 37k in December, 59k in November and 39k in October.