PaulDotCom mailing list archives

Re: openvas vs nessus

From: Mike Patterson <mike () snowcrash ca>
Date: Tue, 14 Dec 2010 13:55:31 -0500

On 2010/12/14 6:17 AM, Ron Gula wrote:

For credentialed checks speed is also something you should consider.
False positives are less of an issue with credential checks, but false
negatives are a big issue. Lots of other scanners besides Nessus miss
3rd party apps like java, trend, iTunes, .etc. and only focus on patches
related to the OS. Doing things like running netstat durign a port-scan
dramatically changes the speed of the scan as well.


For what it's worth, the 3rd party stuff seems very well handled by
Secunia.  We have a CSI license, which wound up making me look pretty
good - my prediction was "it'll be utterly dominated by Acrobat and
Java."  You can guess how it turned out.  :-)

Mike
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

openvas vs nessus Robin Wood (Dec 13)
- Re: openvas vs nessus Ron Gula (Dec 14)
  - Message not available
    - Re: openvas vs nessus Robin Wood (Dec 14)
  - Re: openvas vs nessus Mike Patterson (Dec 14)
- <Possible follow-ups>
- Re: openvas vs nessus Jody McCluggage (Dec 14)