Re: Another Low Blow From Microsoft: MBSA Failure!

["kevin hinze" <kevin_hinze () navigators org>]

We also are a fairly small shop.  But I have found Foundstone's free tools
worthwhile. 

Nessus is always a good choice though.


-- 


> From: "Drew Copley" <dcopley () eeye com>
> Date: Tue, 10 Feb 2004 16:09:25 -0800
> To: <dotsecure () hushmail com>, <full-disclosure () lists netsys com>,
> <bugtraq () securityfocus com>
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>
> BTW, I should note that one user did respond back to my pseudo-challenge
> and noted that small businesses like his can not afford professional
> vulnerability assessment solutions.
>
> I apologize for alienating these users.
>
> To such users: please start using the free Nessus tool. Use MBSA as a
> back-up. Check in-person on any suspicious anomalies.
>
>
>
>
> > -----Original Message-----
> > From: Drew Copley [mailto:dcopley () eeye com]
> > Sent: Tuesday, February 10, 2004 11:08 AM
> > To: dotsecure () hushmail com; full-disclosure () lists netsys com;
> > bugtraq () securityfocus com;
> > patchmanagement () listserv patchmanagement org
> > Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
> >
> >  
> >
> > > -----Original Message-----
> > > From: dotsecure () hushmail com [mailto:dotsecure () hushmail com]
> > > Sent: Tuesday, February 10, 2004 10:21 AM
> > > To: full-disclosure () lists netsys com; bugtraq () securityfocus com;
> > > patchmanagement () listserv patchmanagement org
> > > Subject: Another Low Blow From Microsoft: MBSA Failure!
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Another Low Blow from Microsoft.
> > >
> > > Within the last few weeks at our company we have been doing
> > testing to 
> > > find out total number of patched machines we have against
> > the latest 
> > > Messenger Service Vulnerability. After checking few
> > thousand computers
> > > we have found several hundred were still affected even though patch
> > > has been applied. We have scanned with Retina, Foundstone
> > and Qualys 
> > > tools which they all showed as "VULNERABLE", however when
> > we scanned 
> > > with Microsoft Base Security Analyzer it showed as "NOT
> > VULNERABLE". 
> > > This was at first confusing; one would think an assessment tool
> > > released by the original vendor would actually be accurate
> >
> > <snip>
> >
> >
> > > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
> >
> > Retina has the same potential functionality as MBSA. We can
> > also do registry and file checks. And, sometimes we do. But,
> > we try to do remote checks that are non-intrusive and that do
> > not use these. A big reason for this is that remote registry
> > and file checks are very unreliable.
> > (Far beyond just the fact that someone could fake out the
> > scanner by putting a dummy file or registry entry up there
> > intentionally).
> >
> > I don't know anyone that uses MBSA only for their network. It
> > is an interesting toy, but it surely isn't capable of
> > replacing a true vulnerability assessment solution.
> >
> >
> >
> >
> >
> > > Questions comments email me at dotsecure () hushamail com or
> > > Aim: Evilkind.
> >
> > <snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html