RE: Vulnerability scanners

I'd be astounded if it took that much money to administer Nessus. I run nessus, and it's so little trouble that I don't think I've spent 60 minutes administering/installing/maintaining it all year so far. Every time I run it, I do the check for updates (and heck, you can set that as a cron job if you really want), and aside from that I've had no trouble with it whatsoever. I cannot believe that Qualys has vulnerability signatures faster than Nessus, at least by any reasonable amount of time...I've seen NASL plugins out within hours of the vulnerability being made public. Easier updates than Nessus? Um..."nessus-update-plugins"...wait about 20-90 seconds...done! What's so hard about that? And I can write my own NASL plugins for Nessus if I so desire (and I have), which I cannot do with Qualys.

Finally, a company I worked for tested Qualys once, and they failed to find some of the more important problems with the NT box we stood up outside of our firewall. This was years ago, and I'm sure things have improved (or so I hope) but it was still a powerful thing to see first hand. In the end, we went with Nessus, and never had a problem after that.

> -----Original Message-----
http://www.surfcontrol.com/go/zsfptl1

top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1 Received on Thu Mar 27 15:54:01 2003