October 8th, 2005 01:01 AM
Nessus 2 vs Nessus 3
As many of you have seen in another thread, Nessus 3 is on the way (and it will be closed source but still available free of charge). On the nessus mailing list Renaud asked for testers for nessus 3 RC 1 that were running either RH ES3 or ES4. While I'm not Running either of the RHES's I contacted him saying that I'd be more than willing to put any resources I had available into testing in the future. His response included the RPM packages for both ES3 and ES4 and asked me to report back to him if I had any luck running it on various other operating systems. So far I've gotten the RPM to successfully run on FC4 and Ubuntu. FC4 went quite easily, a simply rpm -Uvh did the trick. With Ubuntu I had to meet some dependancies, compile a few packages and then create some symlinks to trick the binary but I got it up and running (After removing a couple plugins that were causing problems)
The big difference is supposed to be speed. The first place I noticed a speed difference was when I ran nessusd and waited for the plugins to load. While I didn't time this, nessus3 loaded its plugins (9338) in approx 1/4 of the time that nessus2 took to load its plugins (9478) (There's a difference in numbers due to the plugin problems I was having earlier, however the difference of 140 plugins should not affect the speed by that much). The second place that I noticed the speed difference was in the scan itself. The scan I ran was against my network with the machines that were currently up (The Router, Nessus Server, and 3 XP Workstations) I used the same plugin set with both nessus 2 and 3 (it contained 1517 plugins) and the scan times varied greatly. Nessus3 took a total elapsed time of 4:21 to run the complete scan. Nessus2 took 8:10 almost double the time. When my roommate get's home on Monday (It's Thanksgiving weekend here in Canada) we're going to bring up his machines and my other box, as well as my girlfriend second computer and some VMWare images and run a large scan to test the results. I'm also going to test two servers that are hosted elsewhere to test the speed over the Internet rather than just on the LAN.
I just wanted to share this information because nessus3 is going to be very exciting when released. For those of you that would like more information, you can view the nessus scan results at:
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".