Anyway, this was not a good question. It is in the FAQ, and the answer
is "no!". Porting Nessusd on Win32 is possible, right. But...
1. Maintaining both version (Unix & Win) would be a pain in the back.
2. The mailing list throughput would be multiplied by ten. Can we cope
with that?
3. This would make Nessus even more popular among script kiddies.
I would have to stress that Michel's points are near show stoppers. I
have 10+ years exp writing Microsoft Windows/DOS based programs and
those are the same 3 reasons I would loose sleep over writing a Linux to
Win32 port. Point 3 would give me nightmares!!!! How many of you want
to give a 9-year-old child a loaded gun and teach him Russian Roulette?
Re Michel's points:
1. Yes, it would be a pain. And over time, Linux is becoming
more and more accepted. But, please realize that you ARE
limiting your user community, and the acceptance of the tool
as a result, by dictating Linux only. This is not to say
it is the wrong decision to limit it to Linux, just that there
are ramifications.
2. The mailing list issue is bogus. If the tool is that popular
that the traffic increases so much, you will also have to
a large extent a near corresponding increase in knowledgable
people that will post answers to questions. There are plenty
of other projects one can look to in terms of how they handle
user questions and answers with large volume user bases.
3. This is bogus. Nessus is not an exploiter, it assesses
vulnerabilities. In the hands of a 9 year old or script
kiddie, Nessus is useless. Deciding to not port because
of the fact that Nessus can provide a security profile of
a system to a 9 year old just doesn't make a whole lot
of sense.
If you think through the circumstances that would allow
a 9 year old to breach your system by employing Nessus,
I think you'll see that either
a) the 9 year old is NOT a script kiddie, or
b) the 9 year old is capable of using Linux (again fails
I think the common definition of script kiddie), or
c) automated script kiddie tools have had time to develop
meaning your system has been explosed for a long time.
None of this provides a decent rational for not porting
Nessus.
Ultimately, the real issue boils back down to who's got the itch,
and who's willing to do the scratching. The Nessus team has
absolutely zero obligation to do a port, doesn't want to do it
(and that's IMHO the best explanation of all of why not to do it),
and that's pretty much that. The software, however, is GPL, and
the Nessus team has correspondingly NO right to tell anyone else
not to port it. Got the itch to port it? Figure out how to do it.
If the Nessus team doesn't want to support the streams if they
are too different? Fork the code. It is certainly stable enough
that at this point, you could probably get away with that. You'll
get a claim to fame and the thanks of MANY admins out there.
Cheers,
Thomas
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
