Re: New Version of Retina Nimba Scanner

[Christian Kuhtz]

This is no different than eEye's CodeRed scanner which didn't give you a
trustworthy indication whether CodeRedII was actually present.  It would
recognize the cmd.exe backdoor and whine about CR2 being present, which wasn't
neccessarily true at all (various other exploits created the same backdoors).

Given the difficulty in detecting an infection with high confidence, more
accurate reporting would go a long ways to improving the credibility of these
scan tools.

Andrew Calo wrote:
> 
> This scanner reports many boxes that aren't infected as infected. Terribly
> deceiving.
> 
> At 05:31 PM 9/20/2001 -0700, info wrote:
> >A new version of Nimda Scanner has just been posted to the eEye web site
> >that will also detect open shares on systems which is a common trait of an
> >infection.
> >
> >http://www.eeye.com/html/Research/Tools/nimda.html
> >
> >Signed,
> >eEye Digital Security
> >T.949.349.9062
> >F.949.349.9538