Re: false positives

[David A. Braun]

First of all - Nessus is great! And open source too. What more can you ask for?   John - Be a little more careful! While Nessus is a great tool miss quoting an article in its favor is not going to help. I just took a look at the article you cited. "We set up 17 of the most common and critical vulnerabilities out there, and not one product detected them all (see "Vulnerability Scanners: Detection Results"). The closest was the Nessus Security Scanner, which nailed 15 of the 17. But even one hole is too many. Because all the products failed to identify key vulnerabilities, none of them received our Editor's Choice award." [emphasis added] Way to go Nessus! Being top dog is still good - Let 'em keep their silly award (which nobody won)!   And here's why Nessus has to keep kickin' butt. "We liked best the two that did a decent job at their fundamental purpose: to find known security vulnerabilities. The two that shined the brightest on this front were ISS' Internet Scanner and Nessus Security Scanner." The score was ISS:13.5 Nessus:15 out of 17. And we know how to fix Nessus! It's open source.   Keep up the good work folks. Being top dog is the real award in a world that is constantly changing. Look at the competition. A few good programmers against how many hackers and application programmers? Nessus VS microsoft, sun, ....   By the way - Thanks very much for an excellent tool!   dave braun   ----- Original Message ----- From: "John Scott" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 23, 2002 8:07 AM Subject: Re: false positives > I've got both Nessus and ISS.  I can deal with false positives, just > clean up the report before submitting.  What I can't deal with is when a > product tells me that everything is ok and it isn't.  If I relied solely > upon ISS for vulnerability scans, I could find that I miss something's > that Nessus informs me of. > > Remind management that you don't rely on just one tool for security. > Would they want you to just use a firewall to secure the network.  How > many would suggest that a firewall is all that is needed?  None, because > it can't do everything.  Same goes here.  One scanner cannot be expected > to do all things (though Nessus is the closest). > > In the December 20, 2000 issue of Network Computing,  several > vulnerability scanners were compared side by side.  Guess which came out > on top (Hint: it wasn't ISS).  Article can be found here: > www.networkcomputing.com/1201/1201f1b1.html > Nessus won the Editor's Choice award.  Let management know this.  Also > inform them that Nessus reports it findings using CVE, not some system > that only the software company uses.  Let them know that the community > is very responsive to issues regarding the scripts (which btw, can be > read, modified, and submitted back) and Nessus as a whole. > > A few false positives are not a reason to stop using Nessus, the fact > that it finds more positives (real vulnerabilities) is all the more > reason to keep using it.  Remember, it's more important to find holes > than having clean, pretty reports for management.  Not every scanner can > do the former, all can do the later. > > > John Scott > Network Administrator > > > } On Mon, 22 Jul 2002, Tim Sailer wrote: > > } > > } TS} Folks, > > } TS}   I'm getting serious pressure from Management to switch from Nessus > > } TS} to ISS. One of the reasons being is that they claim that Nessus is > > } TS} clouding any real issues with false positives. Does anyone else > > } TS} have the same problem, and if so, how are you getting around it? > > } TS} > > } TS} Tim > > } TS} > > } TS} -- > > } TS} Tim Sailer <[EMAIL PROTECTED]> > > } TS} Brookhaven National Laboratory  (631) 344-3001 > > } TS} > > } > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. > * To subscribe again, send a mail to [EMAIL PROTECTED] with > "subscribe nessus" in the body >