Does anyone else remember the days when Nessus was a GPL’ed application? It was a top-notch security scanning tool. While nmap is a really powerful port scanner, Nessus was more targeted at helping administrators and auditors spot vulnerabilities in their network. As I recall it, people kept taking GPL’ed Nessus and trying to pass it off as their own commercial product, making a pretty penny on GPL’ed software. The Nessus developers were understandably annoyed, but they did something I wish they hadn’t: they became a commercial service.

It’s still a free download, but it’s kind of like anti-virus software (actually, a lot like anti-virus software) in that they steer you into paying for updates. The version I downloaded appears to be several months behind.

The reason I downloaded it was that I had heard it had been updated to detect Conficker machines. The media had hyped Conficker as an incredibly destructive virus, so I thought I’d set myself up with some tools to detect infestations. It’s always important to be prepared against infestations.

I certainly don’t wish malice on anyone, but I have to say that I was disappointed to see what a failure Conficker was. I don’t know a single person affected by it. It’s kind of like SARS, which after months and months of being hyped as the end of the world, turned out to cause something like 20 fatalities across the world. It was practically a joke. (Except to the 20 people who died.)

If you download the latest nmap, it’s capable of picking up Conficker-infested machines, too. If you check out the changelog, don’t miss “The compile-time Nmap ASCII dragon is now more ferocious thanks to better teeth alignment.”