BTW, I should note that one user did respond back to my pseudo-challenge
and noted that small businesses like his can not afford professional
vulnerability assessment solutions.
I apologize for alienating these users.
To such users: please start using the free Nessus tool. Use MBSA as a
back-up. Check in-person on any suspicious anomalies.
> -----Original Message-----
> From: Drew Copley [mailto:dcopley (at) eeye (dot) com [email concealed]]
> Sent: Tuesday, February 10, 2004 11:08 AM
> To: dotsecure (at) hushmail (dot) com [email concealed]; full-disclosure (at) lists.netsys (dot) com [email concealed];
> bugtraq (at) securityfocus (dot) com [email concealed];
> patchmanagement (at) listserv.patchmanagement (dot) org [email concealed]
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>
>
>
> > -----Original Message-----
> > From: dotsecure (at) hushmail (dot) com [email concealed] [mailto:dotsecure (at) hushmail (dot) com [email concealed]]
> > Sent: Tuesday, February 10, 2004 10:21 AM
> > To: full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed];
> > patchmanagement (at) listserv.patchmanagement (dot) org [email concealed]
> > Subject: Another Low Blow From Microsoft: MBSA Failure!
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Another Low Blow from Microsoft.
> >
> > Within the last few weeks at our company we have been doing
> testing to
> > find out total number of patched machines we have against
> the latest
> > Messenger Service Vulnerability. After checking few
> thousand computers
> > we have found several hundred were still affected even though patch
> > has been applied. We have scanned with Retina, Foundstone
> and Qualys
> > tools which they all showed as "VULNERABLE", however when
> we scanned
> > with Microsoft Base Security Analyzer it showed as "NOT
> VULNERABLE".
> > This was at first confusing; one would think an assessment tool
> > released by the original vendor would actually be accurate
>
> <snip>
>
>
> >
> > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
>
> Retina has the same potential functionality as MBSA. We can
> also do registry and file checks. And, sometimes we do. But,
> we try to do remote checks that are non-intrusive and that do
> not use these. A big reason for this is that remote registry
> and file checks are very unreliable.
> (Far beyond just the fact that someone could fake out the
> scanner by putting a dummy file or registry entry up there
> intentionally).
>
> I don't know anyone that uses MBSA only for their network. It
> is an interesting toy, but it surely isn't capable of
> replacing a true vulnerability assessment solution.
>
>
>
>
>
> > Questions comments email me at dotsecure (at) hushamail (dot) com [email concealed] or
> > Aim: Evilkind.
> >
> >
>
> <snip>
>
>
and noted that small businesses like his can not afford professional
vulnerability assessment solutions.
I apologize for alienating these users.
To such users: please start using the free Nessus tool. Use MBSA as a
back-up. Check in-person on any suspicious anomalies.
> -----Original Message-----
> From: Drew Copley [mailto:dcopley (at) eeye (dot) com [email concealed]]
> Sent: Tuesday, February 10, 2004 11:08 AM
> To: dotsecure (at) hushmail (dot) com [email concealed]; full-disclosure (at) lists.netsys (dot) com [email concealed];
> bugtraq (at) securityfocus (dot) com [email concealed];
> patchmanagement (at) listserv.patchmanagement (dot) org [email concealed]
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>
>
>
> > -----Original Message-----
> > From: dotsecure (at) hushmail (dot) com [email concealed] [mailto:dotsecure (at) hushmail (dot) com [email concealed]]
> > Sent: Tuesday, February 10, 2004 10:21 AM
> > To: full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed];
> > patchmanagement (at) listserv.patchmanagement (dot) org [email concealed]
> > Subject: Another Low Blow From Microsoft: MBSA Failure!
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Another Low Blow from Microsoft.
> >
> > Within the last few weeks at our company we have been doing
> testing to
> > find out total number of patched machines we have against
> the latest
> > Messenger Service Vulnerability. After checking few
> thousand computers
> > we have found several hundred were still affected even though patch
> > has been applied. We have scanned with Retina, Foundstone
> and Qualys
> > tools which they all showed as "VULNERABLE", however when
> we scanned
> > with Microsoft Base Security Analyzer it showed as "NOT
> VULNERABLE".
> > This was at first confusing; one would think an assessment tool
> > released by the original vendor would actually be accurate
>
> <snip>
>
>
> >
> > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
>
> Retina has the same potential functionality as MBSA. We can
> also do registry and file checks. And, sometimes we do. But,
> we try to do remote checks that are non-intrusive and that do
> not use these. A big reason for this is that remote registry
> and file checks are very unreliable.
> (Far beyond just the fact that someone could fake out the
> scanner by putting a dummy file or registry entry up there
> intentionally).
>
> I don't know anyone that uses MBSA only for their network. It
> is an interesting toy, but it surely isn't capable of
> replacing a true vulnerability assessment solution.
>
>
>
>
>
> > Questions comments email me at dotsecure (at) hushamail (dot) com [email concealed] or
> > Aim: Evilkind.
> >
> >
>
> <snip>
>
>
[ reply ]