Free Open-Source vs. Commercial Security Tools?

sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.

I want his job

[YankeeInExile]

I have no joke here, I just like saying, I work as a penetration tester ...

I have a similar job.

[bigtallmofo]

My job duties sound similar to the story poster... My job description is "Penetration Preventer". My business card title just says, "Cockblocker".

That's your day job...

[AtariAmarok]

"Penetration tester" is your day job, but tell me, do you solve crimes in the evening as a "private dick" ?

Re:I want his job

[Aliencow]

As long as you're not a "backdoor AnalYzer" ..

What a pile of shit?

[Foofoobar]

So if something goes wrong with your setup, a commercial company will quickly take credit? Riiiiight.

I know Microsoft readily accepts monetary responsibility for their products being crap and causing crashes, viruses and trojans in my system.

In fact, Bill and Steve cut me a check weekly.

Re:I want his job

[Anonymous Coward]

I have determined that there is a vulnerability in your sister.

Re:Accountability

[Keamos]

Yeah, and if it were up to Stallman, we'd be using HURD.

Re:Huh?

[OblongPlatypus]

You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

You want to work as a penetration tester?

[That's Unpossible!]

Ben Dover.

Re:Hmmm

[YrWrstNtmr]

I would like to see a fair assesment of commercial vs open source tools over a biased statement about how open source tools are better.

You're new here, right?

Re:Accountability

[Anonymous Coward]

Yeah tell that to my network admin that came to shut us down because ISS said that our linux servers where sending windows viruses. And when questioned about false-possitvies he let us know that it was impossible that a software so expensive was wrong.

Docmentation

[CKnight]

I'm thinking of writing a how-to for "penetration testers". It'll be titled "Locating Unprotected Backdoor Entrances" or more aptly, "Lube"

"I work as a penetration tester..."

[BigZaphod]

If I would have been drinking something when I read that, my screen would be soaked right now...

Interesting Business Card

[catdevnull]

I was just wondering about that title "Penetration Tester [imdb.com]." Somehow, it seems to garner immediate respect.

Re:Docmentation

[FrankDrebin]

I'm thinking of writing a how-to for "penetration testers". It'll be titled "Locating Unprotected Backdoor Entrances" or more aptly, "Lube"

Don't forget a section on avoiding Trojans. Although they sometimes help with L.U.B.E., they can often get in the way of a successful test.