Nessus 3.0 Released

duplo1 writes Tenable Security has announced the release of Nessus 3.0. Nessus is an enterprise level vulnerability scanner and this new version brings a complete rewrite of the Nessus engine redesigned for increased speed and efficiency running on the average, twice as fast as Nessus 2. From the release: "In addition to gaining dramatic improvements in performance, Tenable also provides an optional Direct Feed subscription service for Nessus 3.0 which provides immediate access to new vulnerability checks and entitles Nessus 3.0 users to commercial support from Tenable. The Tenable Plugins include support for a rating methodology called Common Vulnerability Scoring System (CVSS) that can be used to express the criticality of a discovered vulnerability or threat."

v3.0 Download? What Download?

[perlionex]

Nessus 3.0 is immediately available for download from Tenable...

Their website doesn't list 3.0 as being available for download, just the old 2.26. What's up?

Yeah, but there's also...

[hug_the_penguin]

...the fact it's majorly improved. Of the people here, most of them won't care that it's closed source, purely because of the reason they closed the source. If it hadn't been for rebranding issues, (IMO a fault with the GPL), nessus would still be open source. It's still the best there is, people will still use it.

Not everyone will avoid anything that isn't free/libre, especially if the quality is good. The free software community brought it upon themselves by not helping out and in the case of the rebranders, for stealing all sources of revenue nessus had when GPL. 100 hour weeks hacking on code don't come for free, you know. We'd all prefer it to be free, but it's not essential

Re:Yeah, but there's also...

> Not everyone will avoid anything that isn't free/libre, especially if the quality is good.

For security related software???

Re:Security Software

[hug_the_penguin]

Traditionally people have trusted closed source antiviruses and firewalls...

Re:There's also the itsy bitsy license change...

[Mark+Round]

Which is a major PITA, as there's currently no download for anything other than x86 Linux/FreeBSD. I run Nessus on Solaris (I'm the maintainer for the Blastwave.org packages), and it is this ramification of the license change that I find most infuriating. It wouldn't perhaps be so bad if Tenable could guarantee that all platforms would have binaries available for them - but this means they're leaving a large section of their userbase out in the cold. And woe betide you if you're running anything they consider really obscure or not worth supporting. Here's to the continued development of the forked GPL version.

Re:There's also the itsy bitsy license change...

[zerocool^]

*sigh*

Just get a $200 e-machine computer from best buy, wipe it, install ubuntu or whatever, and run the new nessus under x86 / linux. If you're worried about security or conformity of machines on your network, leave it turned off when not scanning. Or, boot off of a ubuntu or knoppix live cd and install nessus 3.0, configure it, and run it - save the config file to a thumbdrive for future runs - if you don't want to dedicate a computer to the task.

While I agree that it would be nice to be able to run it under solaris natively, x86 computers are essentially commodity hardware now. I'd imagine in the time it took you to type this post on slashdot, you probably could have walked around the office and found a computer that wasn't being used for anything - I know I could have.

~W

Re:To be fair...

I don't know the background, but if others were able to sell their software while it was licensed under the GPL, why can't they?