[plug] Tiger: security checker -- opinions?

Christian christian at amnet.net.au
Wed Oct 24 13:23:58 WST 2001


On Wed, Oct 24, 2001 at 12:30:41PM +0800, Denis Brown wrote:
> Clearly I need to resolve the runtime errors and at the same time become 
> familiar with what it's checking and the security implications of same -- 
> otherwise I could wind up with a false sense of security :-)  Anybody 
> using/used Tiger?  If so what +'s, -'s in comparison with other security 
> checkers of similar ilk?

For memory Tiger is a bit like the SATAN/Saint style checker which looks
primarily for general types of problems rather than specific flaws.
General problems are hopefully reasonably rare now that security is a
bigger concern for vendors and specific vulnerabilities tend to be the
source of most security problems.  The problem with any sort of program
that looks for these specific problems is that obviously it cannot
detect specific vulnerabilities that it doesn't know about.  Having said
that, Nessus is supposed to be one of the better ones and is free
software.  At the end of the day though, nothing compares to tracking
vulnerabilities daily combined with a generally restrictive setup.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C



More information about the plug mailing list