Sun Scanner is not just another linux distribution.
And what is it then, you ask. This is a linux distribution, which is FSTEC certified means of analyzing the security of automated systems that do not contain state secrets. It sounds quite solid, getting a certificate of FSTEC is very difficult.
It produces this engineering marvel a certain NPO Echelon (carefully, austere web 0.9 and an animated gif). If we discard the jokes aside, the company is sufficiently well known as a developer of hardware information protection tools (Protection against PEMIN and all that) Now go to the site of the scanner itself . As soon as we watch the left third of the screen and complain that not all the desired topics are revealed (sophisticated people can still enjoy themselves by looking at the code showing the pictures in the page source) you can get down to business. Open the page with the description and see:
Normal functionality for the indicated purposes. The only certified competitor I know (XSpider) does roughly the same thing. But let's look at the implementation. The site kindly offers us to download a demo version, which promises to work until April 2011 (for example, from here ). Load and see something like this.
. The appearance of the bottom panel instilled in me doubts: some labels of programs with strangely sounding names “network scanner” “password scanner seemed so familiar to me. After viewing the panel settings, the suspicions were confirmed.
This is how it looks - everything falls into place.
However, while nothing criminal, well, guys sell free software is a good thing. Popularization of open source software, certification again. Yes, and in the technical description they honestly list the programs that formed the basis of their creations.
BUT there is a crime after all. It is located in the license agreement (It is not freely available, you can contact by email to the sales manager.). Some items are just great.
I am aware that there is no product name in the agreement, and there is a possibility that the manager who sent him simply made a mistake, but it does not seem to me that this probability is too great.
So in the bottom line we have:
upd Camrad eugenets found wonderful.
It is a pity we won’t find out if everything was so originally, or is it a reaction to the publication. But it is unreal cool.
It produces this engineering marvel a certain NPO Echelon (carefully, austere web 0.9 and an animated gif). If we discard the jokes aside, the company is sufficiently well known as a developer of hardware information protection tools (Protection against PEMIN and all that) Now go to the site of the scanner itself . As soon as we watch the left third of the screen and complain that not all the desired topics are revealed (sophisticated people can still enjoy themselves by looking at the code showing the pictures in the page source) you can get down to business. Open the page with the description and see:
Topology definition and network resource inventory
With the help of the Scanner-VS, you can make an inventory of network resources, monitor the emergence of network services.
Vulnerability Scan
')
Scanner-VS allows you to scan network services for known vulnerabilities.
Local and network audit of password strength
Scanner-VS contains powerful tools for local auditing of passwords for Windows operating systems (NT, 2000, 2003, 2008, XP, Vista, 7) and Linux (MSVS, Linux XP, Astra Linux, etc.).
Scanner-VS supports the ability to select passwords for more than 20 network protocols (HTTP, SMTP, POP, FTP, SSH, etc.).
Normal functionality for the indicated purposes. The only certified competitor I know (XSpider) does roughly the same thing. But let's look at the implementation. The site kindly offers us to download a demo version, which promises to work until April 2011 (for example, from here ). Load and see something like this.
. The appearance of the bottom panel instilled in me doubts: some labels of programs with strangely sounding names “network scanner” “password scanner seemed so familiar to me. After viewing the panel settings, the suspicions were confirmed.This is how it looks - everything falls into place.
However, while nothing criminal, well, guys sell free software is a good thing. Popularization of open source software, certification again. Yes, and in the technical description they honestly list the programs that formed the basis of their creations.
BUT there is a crime after all. It is located in the license agreement (It is not freely available, you can contact by email to the sales manager.). Some items are just great.
3. You agree not to distribute the software. Software distribution is the provision of
access by third parties to software components reproduced in any format, including by
networks and other means, as well as by renting, renting or lending.
6. You can not allow the following actions:
- violate the conditions specified in this agreement;
- divide the software into component parts for use on different equipment;
- try to decompile (convert the object code into the source text) any part
programs included in the software;
- make any changes to the object code of programs;
- perform other actions with respect to the software that violate the Russian regulations on copyright
the right and use of software.
I am aware that there is no product name in the agreement, and there is a possibility that the manager who sent him simply made a mistake, but it does not seem to me that this probability is too great.
So in the bottom line we have:
- The guys collected the Gnu Linux distribution, included free security tools in it (of all the tools in the distribution, only the system auditor on python is self-written, and then I'm not sure). And they certified it to the FSTEC. This is generally good. The only thing you can find fault with is the development of your own distribution, when you can take Backtrack or something like that as a basis, but here the developers themselves are evil Buratia
- Sell ​​on incomprehensible conditions, and with an incomprehensible license, most likely different from the GPL, under which the original software was distributed
- But the saddest thing in this story (though not directly related to NPO Echelon) is that according to Russian laws, open security tools cannot be used until someone collects them with their own names and sells them for an impressive amount. Such is the cult of cargo.
upd Camrad eugenets found wonderful.
It is a pity we won’t find out if everything was so originally, or is it a reaction to the publication. But it is unreal cool.
Source: https://habr.com/ru/post/112611/
All Articles