When *almost* everyone fail's .. (Web application security related / IIS)
This was a good read today morning..
Here's the brief : virustotal 0 detection - It's unpatched from over 10 months (Published: April 17, 2008 | Updated: October 9, 2008) - Most other security appliances will never pick it up..
The three main actors in this movie were a web application with a security vulnerability, Microsoft’s server class operating systems with an unpatched local privilege escalation vulnerability and the last line of everyone’s defense, the AV vendors.
Life isn’t easy, thanks to Microsoft!
Finally, the AV vendors should be more proactive (instead of reactive) and follow exploit research developments so they can add detection for similar exploits early and protect their customers.
Source : http://isc.sans.org/diary.html?storyid=6010
Secunia Software Inspector
I too use the Secunia tool at home and I think it is great. Especially for reviewing if things like Java, Flash, Acrobat etc are vulnerable or not. When I ran this for the first time I was surprised by having multiple versions of Java and Flash on my system at home, when I applied updates or more accurately upgrades old versions kept hanging around. These are things everyone has on their systems but Windows update doesn't manage.
I have also done an evaluation of the Network or Enterprise version. It too was very good with a lot of good reporting options and history tracking options. One thing to be aware of is that you can get it in two "versions". The first and cheaper up front version basically means you scan your devices locally but scans are managed from, and results are uploaded to, the remote Secunia servers for correlation and reporting. The second version which is more expensive up front basically gives your enterprise its own version of the scanning server and means that it is all manageable and maintainable in house without having to rely on the Secunia servers (other then updating the vulnerability database from the Secunia servers).
The govt organisation I was working for would never have agreed to send its vulnerability data (I details on what machines are vulnerable to what exploits) to an external source.
When I looked at it there was also no support for Linux scanning, Secunia said they were working on it but not sure of its status now (I was evaluating 6 months ago).