Home page logo

basics logo Security Basics mailing list archives

Re: Security scanning tools
From: Chris Burton <cyberhiker99 () yahoo com>
Date: Mon, 15 Dec 2003 11:38:33 -0800 (PST)

I would try out SecurityExpressions from Pedestal
Software.  They put out an MS-Fixes file everytime
that Microsoft releases an update.  It will require
you to have admin access on the target.  However, the
upside is that you can right-click and fix it on the

We have had good success with it, on many machines
here.  We also run ISS Internet Scanner, and have
accepted the fact that all scanners cannot reliably
report whether a machine is patched or not.


--- Jack Solomon <solzjack43 () hotmail com> wrote:


Im currently testing new scanning tools to replace
nessus.  I ran ISS system 
scanner and Micro$oft Baseline Security analyst on a
win2000 box and 
compared the results to the regular nessus scan. 
Each product reports 
different things...

- Nessus says everything is cool
- MS BSA reports that patch ms02-032 has not been
- System scanner finds a nonexistent modem, no virus
software (as if!) but 
no patches

When I logon to the machine and try to run the MS
update routine through IE, 
it reports no patches to be applied.  Am I going
crazy or using the tools 
wrong? surely they should all report the same

My questions to the group are:
1. What tool[s] should I look to buy that that
correctly reports security 
vulnerabilties with the least false positives?
2. Are false positives a known [feature] of all
scanning tools?


Hotmail messages direct to your mobile phone



Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]