[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Another Low Blow From Microsoft: MBSA Failure!
- To: Drew Copley <dcopley@eeye.com>, <dotsecure@hushmail.com>, <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>
- Subject: [Full-Disclosure] Re: Another Low Blow From Microsoft: MBSA Failure!
- From: "kevin hinze" <kevin_hinze@navigators.org>
- Date: Wed, 11 Feb 2004 14:08:00 -0700
We also are a fairly small shop. But I have found Foundstone's free tools
worthwhile.
Nessus is always a good choice though.
--
> From: "Drew Copley" <dcopley@eeye.com>
> Date: Tue, 10 Feb 2004 16:09:25 -0800
> To: <dotsecure@hushmail.com>, <full-disclosure@lists.netsys.com>,
> <bugtraq@securityfocus.com>
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>
> BTW, I should note that one user did respond back to my pseudo-challenge
> and noted that small businesses like his can not afford professional
> vulnerability assessment solutions.
>
> I apologize for alienating these users.
>
> To such users: please start using the free Nessus tool. Use MBSA as a
> back-up. Check in-person on any suspicious anomalies.
>
>
>
>
>> -----Original Message-----
>> From: Drew Copley [mailto:dcopley@eeye.com]
>> Sent: Tuesday, February 10, 2004 11:08 AM
>> To: dotsecure@hushmail.com; full-disclosure@lists.netsys.com;
>> bugtraq@securityfocus.com;
>> patchmanagement@listserv.patchmanagement.org
>> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>>
>>
>>
>>> -----Original Message-----
>>> From: dotsecure@hushmail.com [mailto:dotsecure@hushmail.com]
>>> Sent: Tuesday, February 10, 2004 10:21 AM
>>> To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com;
>>> patchmanagement@listserv.patchmanagement.org
>>> Subject: Another Low Blow From Microsoft: MBSA Failure!
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Another Low Blow from Microsoft.
>>>
>>> Within the last few weeks at our company we have been doing
>> testing to
>>> find out total number of patched machines we have against
>> the latest
>>> Messenger Service Vulnerability. After checking few
>> thousand computers
>>> we have found several hundred were still affected even though patch
>>> has been applied. We have scanned with Retina, Foundstone
>> and Qualys
>>> tools which they all showed as "VULNERABLE", however when
>> we scanned
>>> with Microsoft Base Security Analyzer it showed as "NOT
>> VULNERABLE".
>>> This was at first confusing; one would think an assessment tool
>>> released by the original vendor would actually be accurate
>>
>> <snip>
>>
>>
>>>
>>> Had we trusted Microsoft Base Analyzer we would still be vulnerable.
>>
>> Retina has the same potential functionality as MBSA. We can
>> also do registry and file checks. And, sometimes we do. But,
>> we try to do remote checks that are non-intrusive and that do
>> not use these. A big reason for this is that remote registry
>> and file checks are very unreliable.
>> (Far beyond just the fact that someone could fake out the
>> scanner by putting a dummy file or registry entry up there
>> intentionally).
>>
>> I don't know anyone that uses MBSA only for their network. It
>> is an interesting toy, but it surely isn't capable of
>> replacing a true vulnerability assessment solution.
>>
>>
>>
>>
>>
>>> Questions comments email me at dotsecure@hushamail.com or
>>> Aim: Evilkind.
>>>
>>>
>>
>> <snip>
>>
>>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html