I just ran an evaluation version of a (expensive) commercial scanner; let's be politically correct and call it "X". The target machine was a SuSE 7.2 box running, among other things, Apache (HTTP & HTTPS) and Samba.
X found 11 problems on registry keys that Nessus was unable to point <grin>. It also told me that WinNT keeps the name of the last logged used, unless I modify a registry key (damn! Where is this registry on linux?? :) X also mentions _potential_ attacks against mountd, sshd, lockd and statd. I strongly suspect that it just checked the presence of those daemons. sshd is vulnerable, by the way. It found a HTTP server on port 443 but obviously did not try a SSL connection. (Apache sends back an error page in clear text if you try to speak HTTP on a HTTPS port) It said that my htdig is vulnerable, and advise me to upgrade to the last version. But I am already running the safe 3.1.5 version! I think I am starting to understand why Nessus finds "less" vulnerabilities than its commercial competitors :-] X did not find the web servers on ports 901 or 6711, and did not mention a couple of other real or potential vulnerabilities. PS: I am disapointed by X. I thought the product was better.
