Finally, an updated version of Nessus is out after a long time! This is Nessus version 4.4.0

    “The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.”

As expected, this is the list of changes made:
User interface:

    * A brand new reporting engine produces improved reports. Two new HTML reports have been added: a detailed plugin report (results displayed by plugin / vulnerability) and an “Executive Summary” report that summarizes the top 10 most vulnerable hosts on the network.
    * Scan scheduling has been added for Nessus ProfessionalFeed users. It is now possible to schedule Nessus scans on a one-time, daily, weekly, monthly or yearly basis.
    * The XSLT transformations now take place on the server, instead of the user’s web browser, for a unified and smoother user-experience.
    * The user interface now allows you to select multiple scans, policies or reports and delete them in bulk.
    * The web server is running and listening as soon as the “nessusd” process starts and no longer waits until it has finished processing the plugins.
    * When a scanner is managed by SecurityCenter, the web interface is now enabled and updated automatically.
    * By clicking on “About” in the Flash interface, it’s now possible to see how many days remain on your ProfessionalFeed subscription (for online updates).

Nessus Scanning Server Enhancements:

    * Nessus can now reload its configuration file, plugins and web server while scans are in progress.
    * Per-scan memory requirements have been reduced by more than 50%. The average amount of memory needed per host is now approximately 1.3 MB (versus approximately 2.8 MB previously). This means that given the same amount of memory (and bandwidth permitting), you can double the “max_hosts” setting in your scan policy.
    * It is now possible to tune Nessus to use less memory when idle (at the price of a moderate performance impact).
    * It is possible to safely cipher all the policies (and the credentials they contain) by using the command “nessusd -K” to set a master key. Once a key is set, the server will prompt the user (via the web interface) at startup for the password.
    * The web server uses gzip on its XMLRPC answers if the web client supports it.
    * The web server can make use of a SSL certificate chain.
    * Improved performance on Windows.



New (Often Requested) Platforms:

   1. Fedora 14 build
   2. Ubuntu 10.10 build
   3. FreeBSD 8 build
   4. Oracle Linux is officially supported (via the RHEL ES5 packages)

Others:

    * “nasl -M” now runs the scripts and their dependencies in command-line mode
    * “nessuscmd –fast” speeds up network discovery.

Bug Fixes:

    * Fixed a few bugs when using the command “nessus -qSP”.
    * Compliance results are now always listed in the order that the checks ran.
    * Packet forgery would not always work or use the correct route on Windows systems.
    * Plugin details did not change when selecting an open port.
    * When the client reloads the list of scans, it does not scroll the scan, policy or results window back to the top.

So, you see that this update includes several new features and enhancements, including the addition of scan scheduling and enhanced reporting.

Download Nessus 4.4.0 here.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.