A vulnerability scanner is simply a device or program that's responsible for vulnerability assessment or system mapping in order to search for possible coding flaws or bugs in a program, machine, or network. A vulnerability scan, on the other hand, refers to the inspection of active IP addresses, open ports, operating systems, and running applications on a given system in order to analyze whether or not they're being used to garner remote unauthorized access into your PC or computer network. The scanner could either create a report if no suspicious activities are detected or move on to the next step if it detects something amiss with your machine.
Most if not all vulnerability scanners allow quite a bit of user control when it comes to doing scans. For instance, depending on its findings, it may either attempt to provide you, the user, recommendations in protecting or patching your computer, offer a sandbox simulation of how serious a threat the vulnerability may be, or, depending on the program, actually crash your system for the sake of giving you a good idea of how hazardous or harmless the bug that it has found really is. A vulnerability scanner rarely gets to do the last scenario, and it only does so at the behest of a user, who is usually a security researcher who wants to conduct a more in-depth analysis of the newly discovered weakness.
The best vulnerability scanners available in the market are usually the ones that could automatically pinpoint the latest threats posed by online networks. There's no need to leave your system's vulnerability assessment in the hands of security experts (i.e., manual vulnerability assessment) unless the problems you're facing are dire enough to justify this method's expensiveness and rarity. More often than not, a software- or hardware-based automatic vulnerability scanner is enough to handle the majority of Internet hazards your system might face.
Then again, you must also watch out for this type of scanner's tendency to create high false positives and network resource problems. It's always best to look for programs or devices that are quite easy to setup and operate as well, because intuitiveness and comprehensibility of scan results are major factors in judging a given vulnerability scanner's overall effectiveness. You must shop for scanning programs or appliances that can precisely recognize which workarounds, solutions, and patches are required in order for you to combat a specific security hole.