I also find few false negatives, but even positives. The more you use custom setting of security in registry / filesystem / group policies, the higher possibility of misses.
I am very disappointed by combination of these tools: hfnetchk, windows update and MBSA. Many times I found "no problems - OK" using windows update - well, even Microsoft says it is not suited for servers, but... And I found in the meantime that hfnetchk is alerting about some problems - I applied some fixes, but in final I realized that security analyzer misses 5 hotfixes. Who the hell must know what hotfixes I miss except MS? The tools above all have problem with localized software (czech version windows, english version SQL server and combinations alike...)
Plug & Play, Hotfix & Pray, Update & Hope