Re: ISS Internet Scanner Cannot be relied upon for conclusive

[chris () NETMONGER NET (Christopher Masto)]

On Mon, Feb 08, 1999 at 09:46:10AM -0500, Chris Brenton wrote:
> Many security audit tools that I've tested would in fact say that the
> system is safe because SP4 has been installed. This is because instead
> of checking file dates, they are looking for registry keys which
> identify what patches have been loaded on the system.

"Testing" for some vulnerabilities means breaking in to or even
crashing the system.  I agree that products should make it very clear
whether they're just checking for known-vulnerable versions, or
actually testing for vulnerabilities.  They should probably do both,
with some kind of option: "This test scans for problem X by attempting
to exploit it, and may cause a failure or loss of data."

I suspect naive system administrators may run scanners against
production systems that are in operation at the time, and would be
rather suprised to see them taken out, with the ensuing Angry Phone
Calls.
--
Christopher Masto        Director of Operations      NetMonger Communications
chris () netmonger net        info () netmonger net        http://www.netmonger.net

    "Good tools allow users to do stupid things." -- Clay Shirky