From: Sean Knox (sean.knox@sbcglobal.net)
Date: Fri Mar 28 2003 - 02:12:24 EST
fyi, here is the aforementioned InfoSec article.
http://www.infosecuritymag.com/2003/mar/cover.shtml
Cheers,
Sean
R. DuFresne wrote:
>On Thu, 27 Mar 2003, Chris Sharp wrote:
>
>
>
>>>Does Qualys' claim to more
>>>vulnerability signatures and faster/easier updates
>>>
>>>
>>hold
>>
>>
>>>water?
>>>
>>>
>>Well the front page of qualys.com claims that they
>>scan for 2531 vulnerabilities, that's twice what
>>Nessus (1378) or ISS (1218) claim.
>>
>>As for updates, it's all on their servers and
>>hardware, set it up once and forget abotu software
>>updates. Fire and forget. Not sure about the rate of
>>false positives, but my impression is that they're
>>cautious, only reporting False positives for dangerous
>>bugs.
>>
>>They don't do active tests, so they don't exploit
>>known bugs and crash servers during testing. A lot of
>>Nessus modules need to be launched manually and result
>>in the scanned machine needing a reboot - somewhat
>>inconvenient but it removes any doubt as to how
>>vulnerable you are.
>>
>>
>>
>
>Not totally, one of the recent Information Security issues tested nessus,
>iss, and a few other scanners. Not one came out with shining colors,
>though iss and nessus ranked first and second. but, it was what they
>could not do well and such that was the real meat of the article. The
>scan is only the beginning, a point of reference from which the real work
>begins in trying to ascertain how vulnerable one might be.
>
>
>Thanks,
>
>Ron DuFresne
>
>
top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:31 EDT