BTW, I should note that one user did respond back to my pseudo-challenge and noted that small businesses like his can not afford professional vulnerability assessment solutions. I apologize for alienating these users. To such users: please start using the free Nessus tool. Use MBSA as a back-up. Check in-person on any suspicious anomalies. > -----Original Message----- > From: Drew Copley [mailto:dcopley@eeye.com] > Sent: Tuesday, February 10, 2004 11:08 AM > To: dotsecure@hushmail.com; full-disclosure@lists.netsys.com; > bugtraq@securityfocus.com; > patchmanagement@listserv.patchmanagement.org > Subject: RE: Another Low Blow From Microsoft: MBSA Failure! > > > > > -----Original Message----- > > From: dotsecure@hushmail.com [mailto:dotsecure@hushmail.com] > > Sent: Tuesday, February 10, 2004 10:21 AM > > To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com; > > patchmanagement@listserv.patchmanagement.org > > Subject: Another Low Blow From Microsoft: MBSA Failure! > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Another Low Blow from Microsoft. > > > > Within the last few weeks at our company we have been doing > testing to > > find out total number of patched machines we have against > the latest > > Messenger Service Vulnerability. After checking few > thousand computers > > we have found several hundred were still affected even though patch > > has been applied. We have scanned with Retina, Foundstone > and Qualys > > tools which they all showed as "VULNERABLE", however when > we scanned > > with Microsoft Base Security Analyzer it showed as "NOT > VULNERABLE". > > This was at first confusing; one would think an assessment tool > > released by the original vendor would actually be accurate > > <snip> > > > > > > Had we trusted Microsoft Base Analyzer we would still be vulnerable. > > Retina has the same potential functionality as MBSA. We can > also do registry and file checks. And, sometimes we do. But, > we try to do remote checks that are non-intrusive and that do > not use these. A big reason for this is that remote registry > and file checks are very unreliable. > (Far beyond just the fact that someone could fake out the > scanner by putting a dummy file or registry entry up there > intentionally). > > I don't know anyone that uses MBSA only for their network. It > is an interesting toy, but it surely isn't capable of > replacing a true vulnerability assessment solution. > > > > > > > Questions comments email me at dotsecure@hushamail.com or > > Aim: Evilkind. > > > > > > <snip> > >
