Security Basics mailing list archives
Security scanning tools
From: "Jack Solomon" <solzjack43 () hotmail com>
Date: Mon, 15 Dec 2003 12:04:34 +0000
AllIm currently testing new scanning tools to replace nessus. I ran ISS system scanner and Micro$oft Baseline Security analyst on a win2000 box and compared the results to the regular nessus scan. Each product reports different things...
- Nessus says everything is cool - MS BSA reports that patch ms02-032 has not been applied- System scanner finds a nonexistent modem, no virus software (as if!) but no patches
When I logon to the machine and try to run the MS update routine through IE, it reports no patches to be applied. Am I going crazy or using the tools wrong? surely they should all report the same vulnerabilities?
My questions to the group are:1. What tool[s] should I look to buy that that correctly reports security vulnerabilties with the least false positives?
2. Are false positives a known [feature] of all scanning tools? Jack _________________________________________________________________ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Security scanning tools Jack Solomon (Dec 15)
- Re: Security scanning tools Carlton Foster (Dec 15)
- Re: Security scanning tools Devilscrow Sr (Dec 15)
- Re: Security scanning tools Chris Burton (Dec 15)
- SV: Security scanning tools Kim Guldberg (Dec 16)
- <Possible follow-ups>
- Re: Security scanning tools H Carvey (Dec 15)
- RE: Security scanning tools KoRe MeLtDoWn (Dec 15)