One of the possible false positives is the flood of www vulnerabilities when a webserver doesn't return a 404 page. I.e. script requests. It would probably help a -lot- in reducing false positives if the scripts took a peek at the content returned to see if it actually had anything resembling what the script was searching for. Notably there is sometimes an advisory that states the webserver doesn't return a 404 but that doesn't always show up and when it does, it's somewhat masked as trivial information.
As to ISS v.s. Nessus, I'd still pick Nessus. Aesthetics aside, ISS performs worse and actually does some dangerous scans even when not selected, a bug in their database I'm sure. ISS also comes up with less accuracy for real positives. There have been several independant reviews of products, the URLs escape me at present, and Nessus normally tallies less total vulnerabilities scanned for but is more accurate in it's results. -d Renaud Deraison wrote: >On Mon, Jul 22, 2002 at 01:47:27PM -0400, Tim Sailer wrote: > > >>On Mon, Jul 22, 2002 at 01:47:47PM -0400, Dion Stempfley wrote: >> >> >>>And they think ISS will not! :) >>> >>> >>Well, some people are actually comparing side by side reports, >>and getting this conclusion... >> >> > >This is the first time I hear that. Maybe you could shed some light on >the false positives you're getting (as well as give us your exact >configuration [Nessus version, options enabled]) so we can try to find >the root of the problem ? > > > -- I may have the information you need and I may choose only HTML. It's up to you. Disclaimer: I am not responsible for any email that you send me nor am I bound to any obligation to deal with any received email in any given fashion. If you send me spam or a virus, I may in whole or part send you 50,000 return copies of it. I may also publically announce any and all emails and post them to message boards, news sites, and even parody sites. I may also mark them up, cut and paste, print, and staple them to telephone poles for the enjoyment of people without internet access. This is not a confidential medium and your assumption that your email can or will be handled confidentially is akin to baring your backside, burying your head in the ground, and thinking nobody can see you butt nekkid and in plain view for miles away. Don't be a cluebert, buy one from K-mart today.
