Nessus 5.0 just got released, and if the forum is anything to go by, people are not impressed, me included!

First off its a major new version number, but appears to have no new functionality whatsoever. All that has changed are the report templates, and they’re totally screwed up. You’ve got HTML that doesn’t wrap properly and takes an age to render the XSLT, the Synopsis and Solution are no longer output at all (WTF?!) and the PDF export relies on Oracle Java, who knows why they didn’t use LaTeX or something.

There’s reports of people not being able to upgrade, downgrade or even install on various flavours of Linux, MacOSX and Windows; let alone do offline updates/activation.

There’s bugs in the Flash that prevent people even getting as far as the login screen, or being able to filter the plugin list – even after two updates in the feed already! I have no idea why it still uses Flash and not HTML5/Ajax like the rest of the planet.

The severity levels have changed – Low/None seem to become Info depending on what function you call and script attribute you set, they are different to 4.x and there’s a new Critical severity.

I know you should never use a x.0 release of any software, but seriously, this should really be called 4.5beta, not 5.0. If you thought upgrading from 4.2.2 to 4.4.1 was hardly worth it, then you won’t want to bother with this.

I’ve quickly grabbed all of the 4.4.1 installers before they remove them, as support for all but the very latest Linux distro’s has been ditched in 5.0, as have the generic tarballs.

Nessus is seriously going in the wrong direction, its trying to appeal to PHB’s when that should be the realm of Security Center. Users want new functionality like better IPv6/SCTP support and VoIP fuzzing, not bling.

If nmap‘s Lua scripting engine was more mature or OpenVAS was packaged a bit better, I’d be jumping ship.

Update: I’ve just tried 5.01 which I think has somehow managed to get even worse – report upload doesn’t show the upload window half the time (Chrome 20 or Firefox 13) and when installing for some reason it recreated the database cache (a long process) then fetched the new plugins and re-cached the database!