BTW, I should note that one user did respond back to my pseudo-challenge and noted that small businesses like his can not afford professional vulnerability assessment solutions.
I apologize for alienating these users. To such users: please start using the free Nessus tool. Use MBSA as a back-up. Check in-person on any suspicious anomalies. > -----Original Message----- > From: Drew Copley [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 10, 2004 11:08 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Another Low Blow From Microsoft: MBSA Failure! > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 10, 2004 10:21 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Subject: Another Low Blow From Microsoft: MBSA Failure! > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Another Low Blow from Microsoft. > > > > Within the last few weeks at our company we have been doing > testing to > > find out total number of patched machines we have against > the latest > > Messenger Service Vulnerability. After checking few > thousand computers > > we have found several hundred were still affected even though patch > > has been applied. We have scanned with Retina, Foundstone > and Qualys > > tools which they all showed as "VULNERABLE", however when > we scanned > > with Microsoft Base Security Analyzer it showed as "NOT > VULNERABLE". > > This was at first confusing; one would think an assessment tool > > released by the original vendor would actually be accurate > > <snip> > > > > > > Had we trusted Microsoft Base Analyzer we would still be vulnerable. > > Retina has the same potential functionality as MBSA. We can > also do registry and file checks. And, sometimes we do. But, > we try to do remote checks that are non-intrusive and that do > not use these. A big reason for this is that remote registry > and file checks are very unreliable. > (Far beyond just the fact that someone could fake out the > scanner by putting a dummy file or registry entry up there > intentionally). > > I don't know anyone that uses MBSA only for their network. It > is an interesting toy, but it surely isn't capable of > replacing a true vulnerability assessment solution. > > > > > > > Questions comments email me at [EMAIL PROTECTED] or > > Aim: Evilkind. > > > > > > <snip> > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
