Hi Tim, Nessus gives some false positives, and so does ISS. This isn't a valid reason to change.
There always needs to be some human interpretation of the results. You know more about the systems than the scanner does. I normally use both ISS and Nessus when doing testing for customers. I import the results from both tools into a common database, classify each alert as false or valid, add comments and then produce a report from the database. ISS produces more false alerts than Nessus because it produces more total alerts, especially if it gets remote registry access. I'd say the percentage of false to valid alerts is probably about the same for both. An ISS report for a typical scan of a few NT servers can easily run to 100 pages. (Disclaimer: The last time I ran both side-by-side was probably around 12 months ago. I'd expect the number of alerts found by Nessus to be closer to the number found by ISS by now). Darryl Luff [EMAIL PROTECTED] Tim Sailer wrote: >Folks, > I'm getting serious pressure from Management to switch from Nessus >to ISS. One of the reasons being is that they claim that Nessus is >clouding any real issues with false positives. Does anyone else >have the same problem, and if so, how are you getting around it? > >Tim > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. * To subscribe again, send a mail to [EMAIL PROTECTED] with "subscribe nessus" in the body
