IIS stands for Internet Information Services and it's a web application developed by Microsoft. It's a component of the Windows server family and some versions of Windows XP, Windows Vista, and Windows 7. It's not enabled by the default Windows setup but it can be enabled and configured after installing Windows. The user can then access its console via Control Panel > Administrative Tools.
When Microsoft used a web server for the first time it used a free web application in a research project called emwac. A free web application after that was then unable to manage the large amount of traffic going to Microsoft. So Microsoft decided to use its own web application server.
The first versions of IIS were related to certain versions of Microsoft operating systems. The first version was released with Windows nt 3.51 and as a free add on. The last Version 7.5 was released with the Windows 7 and Windows server 2088 r2. Many companies now offer IIS hosting and offer first-time discounts.
After making registration more enjoyable, ISS in 2011 dropped from the second to the third most popular web server application.
In earlier versions, IIS encountered some vulnerabilities like the worm called Code Red, but, then, Versions 5 & 6 improved the security issues and removed such vulnerabilities. Now Version 7 provides modules so each function associated with each module is added according to the need. With Version 6 and earlier, the application was run under a system process and a user account called super user. But with Version 7 the process is about network services. By this, if a vulnerability occurs it will be limited to certain components and it won't compromise the entire system.
ISS, with its share in the web hosting market of 22 % in 2007, hosts about 9% of website malware. That is the same as Apache, but Apache shares 66% of the market. This may be due to the spread of pirated versions of Windows that didn't have regular updates, but now Windows permits updates to all users.