Unfortunately this is the norm rather than the exception. At least Nessus was included in the article. Most of my experience has been in the network management arena and half the NMS platforms are not even tested or mentioned. When they are, the results are usually not very accurate. I'd say in those venues, the accuracy rates only approach 40%. I don't think any of these articles are really intended to be totally unbiased. In almost all cases, advertizers are treated much more "fairly" than those that don't pay for ads. Part of running a magazine, I suppose.
Giff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Renaud Deraison Sent: Tuesday, March 04, 2003 5:24 PM To: [EMAIL PROTECTED] Subject: Re: Nessus featured in InfoSecurity Magazine On Tue, Mar 04, 2003 at 03:38:27PM -0500, Michael Scheidell wrote: > Also, I find this amusing, not for its humor value, but it tells us > that they had unknown/undocumented vulnerabilities in several servers. > > Nessus gets our vote for "Most Unsafe Program to Have on Your Network." We > not only crashed servers and clients consistently with Nessus; we even > confused our GPS-based NTP server enough that it had to be re-FLASHed with > new firmware. Other amusing quotes: * "eEye's Retina allows you to scan a host even if it doesn't respond to ping packets." -> Nice. Nessus does that too, but the tone implies it's not the case * "SAINT generally did an excellent job, even finding some services that the others missed (for example, an SMTP server hidden on port 2525)." -> The guy is actually talking about an open port. Had he set the port range of Nessus to be 1-65535, he would have found everything. However apparently the author sticked to the default value of 1-1024, so obviously port 2525 was not "found". Gee. In other news, when NOT launching Nessus, NO vulnerabilities are found at all ! -- Renaud
