I run a daily scan of several networks using a very cut-down list of
Windows-only vulnerability tests (about 20 in number).
These are some of the options set
begin(SERVER_PREFS)
optimize_test = yes
auto_enable_dependencies = yes
safe_checks = no
port_range = 1-1024
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_restore = no
end(SERVER_PREFS)
With XP SP2 now out and installed on some machines, I actually took the time
to really see how well Nessus was reporting things: answer - not very :-(
With this cut-down scan, it is reporting that XP SP2 boxes that are
*completely* up-to-date (as far as Windows Update and lots of reboots are
concerned) still has the following "Security Vulnerabilities":
RPC/DCOM bugs (Nessus ID : 12206)
Messenger Service hole (Nessus ID : 11888)
missing a critical Microsoft Windows Security Update (Nessus ID : 12205)
This Nessus scan was run as Domain Administrator, so it had total access to
the registry. Also we disabled Firewall settings to ensure it had total
access.
If I then run a manual Nessus scan against this box - full scan with all
safety turned off (still as administrator), I find a lot more
"vulnerabilities", including all the ones listed above. But again, some are
like "CAN-2003-XXXXX" - bugs found last year. These just can't be true - can
they?
Now of course I'm really confused. Is it that SP2 has changed so much of XP
that the current tests are mis-diagnosing all sorts of things, or is it a
more fundamental problem? i.e. could these be "false positives" for Windows
2000 and XP-SP1 machines too?
Linux running Nessus-2.0.12
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
