Penetration Testing mailing list archives
Re: Why eEye Retina (was MBSA scanner)
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Mon, 19 Jul 2004 13:31:50 -0400
On Wed, 2004-07-14 at 15:23, Rainer Duffner wrote:
Vulnerability Manager Service, which identifies the version, patch and hot fix level of technologies running on an asset.
I think this is the portion of the process that you really have to look at closely. How are patches being identified? Is it just checking the Q numbers listed in the registry or is an MD5 hash comparison being performed? If the former, you could do this yourself with some glue and free tools like MSC or psinfo. If an MD5 check is being performed, how are they verifying that this in fact is the binary running in memory (i.e. patched + no reboot = still vulnerable).
And, to be honest, I can't stand "appliances" with specs like that: "eTrust Vulnerability Manager is an appliance-based solution that runs on Windows 2000 Server Platform and can be accessed by Internet Explorer 5.0 and higher. " A 'security-appliance' with the most bug-ridden, most-exploited OS on the planet, to be used with the most bug-ridden, most-exploited application running on top of it ?
No comments here. Bait is too easy. :p
"In addition, eTrust Vulnerability Manager Service supports: " IBM AIX " HP-UX " Red Hat Linux " Sun Solaris " Windows NT/2000/XP/Server 2003" Does that mean it only detects vulnerabilities on those OSs ? What about all the other stuff that floats around ? The printer that runs some form of embedded Linux with a vulnerable Apache ?
I have not used the product but the description makes it sound like it is agent based. If this is true, you can only check OS's and applications that are supported by the agent. Given the above, I personally think Nessus is still a better choice. HTH, Chris
Current thread:
- Re: Why eEye Retina (was MBSA scanner) Rainer Duffner (Jul 19)
- Re: Why eEye Retina (was MBSA scanner) Chris Brenton (Jul 19)