> ISS is claiming to have attack signatures that cover 95% of the high risk
> CVE's while they also claim that nessus only cover less than 10% of the
> high risk CVE's. I have been very happy with Nessus' flexibility and would
> like some information on this claim. Has anyone on this list heard this
> before? Are these results accurate, skewed, etc? I would like an opinion
> from the Nessus user community.
I checked four of these at random, and....
1 was a mailto CGI command execution which nessus/iss could/should have a check for.
NO details in CVE, not even vendor name for
the CGI, so I'm lead to think that perhaps ISS is just checking for its existence, not
the actual vulnerability (guessing)
2 were local problems--one writing a password to a log file, the other a local buffer
overflow. So, how exactly does their scanner check
that? hmmm... must be magic (or they are including their entire host-based checking
as well)
1 was a remote buffer overflow in socks5 on linux. yes, nessus should have a check
for that.
As the question of "how many cve items are checked" seems kind of like plain
vendor-sales-speak, the real questions are... which has
fewer false positives and, more importantly, false negatives? Not to mention cost.
IMHO...
-Sullo
___________________________________________________
http://www.cirt.net/
Home of Nikto
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
