[9440] in bugtraq
Re: ISS Internet Scanner Cannot be relied upon for conclusive
daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue Feb 9 16:40:04 1999
Date: Tue, 9 Feb 1999 11:05:25 -0500
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: cbrenton@sover.net
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36BEF8B2.5D30F122@sover.net>
At 09:46 AM 2/8/99 -0500, Chris Brenton wrote:
>Many security audit tools that I've tested would in fact say that the
>system is safe because SP4 has been installed. This is because instead
>of checking file dates, they are looking for registry keys which
>identify what patches have been loaded on the system.
>
>I personally can not say if ISS's scanners fall into the same boat, but
>from my testing I know many do.
We check file dates when checking for NT patches, and would catch your
example.
David LeBlanc
dleblanc@mindspring.com
