On Tuesday 20 August 2002 11:22, [EMAIL PROTECTED] wrote: > ISS is claiming to have attack signatures that cover 95% of the high > risk CVE's while they also claim that nessus only cover less than 10% > of the high risk CVE's.
I benchmark various scanning products against Nessus on a regular basis, the only real advantage ISS has is that they require you to run it from a Windows NT Domain Administrator account, otherwise about half of their checks don't work. Instead of actually *testing* for the vulnerabilities, their software just asks the registry what patches are installed. When run with no netbios access, ISS misses almost ALL of the serious IIS bugs. Even running with full permissions, it still tends to miss alot, and not consistently in what it does miss. ISS just added their first SSH related check a couple months ago, and all it does is warn you that ssh/openssh is running. The scanner itself has all sorts of other problems, from policy management to the reporting system, but its suffice to say that it can't hold a candle to Nessus as far as its ability to accurately find security flaws. -HD - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
