fyi, here is the aforementioned InfoSec article. http://www.infosecuritymag.com/2003/mar/cover.shtml Cheers, Sean R. DuFresne wrote: >On Thu, 27 Mar 2003, Chris Sharp wrote: > > > >>>Does Qualys' claim to more >>>vulnerability signatures and faster/easier updates >>> >>> >>hold >> >> >>>water? >>> >>> >>Well the front page of qualys.com claims that they >>scan for 2531 vulnerabilities, that's twice what >>Nessus (1378) or ISS (1218) claim. >> >>As for updates, it's all on their servers and >>hardware, set it up once and forget abotu software >>updates. Fire and forget. Not sure about the rate of >>false positives, but my impression is that they're >>cautious, only reporting False positives for dangerous >>bugs. >> >>They don't do active tests, so they don't exploit >>known bugs and crash servers during testing. A lot of >>Nessus modules need to be launched manually and result >>in the scanned machine needing a reboot - somewhat >>inconvenient but it removes any doubt as to how >>vulnerable you are. >> >> >> > >Not totally, one of the recent Information Security issues tested nessus, >iss, and a few other scanners. Not one came out with shining colors, >though iss and nessus ranked first and second. but, it was what they >could not do well and such that was the real meat of the article. The >scan is only the beginning, a point of reference from which the real work >begins in trying to ascertain how vulnerable one might be. > > >Thanks, > >Ron DuFresne > > top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 10:57:18 PST