Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Comparison of Network Security Scanners
From: "Alexander" <Pigrelax () yandex ru>
Date: Fri, 2 Jul 2004 10:12:03 +0400

Hi!

Certainly, this test is not independent. However, methodology of the
tests is completely described, and everyone can check up them. I did not
see any other similar tests comparing various vulnerability scanners.



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gregory A.
Gilliss
Sent: Friday, July 02, 2004 12:46 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Comparison of Network Security Scanners

On my *first* day at my current employer (a large network appliance
vendor), we had a situation similar to this. One of these "independent
evaluators" informed my employer that they were evaluating my employer's
product, and that my employer had 24 hours to respond to their
evaluation
before they submitted their results. 

Basically these people were contracted by one of my employer's
competitors
to "evaluate" the competing products and publish the results. My
employer's
investigation revealed that these people obtained their equipment (with
back level software) through a "gray market" vendor, and that their
"tests"
included such things as not configuring the hardware prior to testing.

In summary, these "independent evaluators" appear to be nothing more
than
paid agent provocateurs who publish "results" designed to promote one
specific product over the competition. 

BTW, I am not implying that *all* such testing organs are of this
caliber,
however caveat emptor.

G

On or about 2004.07.01 21:35:12 +0000, Anders B Jansson
(hdw () kallisti se) said:

And to everyones surprise their own product came out on top!

Wow, it has to be good, film at 11

// anders

Alexander wrote:
Hi all!

Comparison of Network Security Scanners:

http://www.maxpatrol.com/pd_cmp2.asp

In this survey the following products were tested:
1    IS - Internet Scanner 7.0       Internet Security Systems
http://www.iss.net
2    LG - LanGuard 3.2       GFI
http://www.gfi.com
3    Ns - Nessus 2.0.6       Renaud Deraison<
http://www.nessus.org
4    NR - NetRecon 3.6       Symantec
http://www.symantec.com
5    Rt - Retina 4.9.97      eEye Digital Security
http://www.eeye.com
6    MP - MaxPatrol 7.0      Positive Technologies
http://www.maxpatrol.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Gregory A. Gilliss, CISSP                              E-mail:
greg () gilliss com
Computer Security                             WWW:
http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14
0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]