March 26th, 2003, 12:42 AM
Microsoft Baseline Security Analyzer
i found this today and thought it was kinda cool sounding, so if you have Windows (any version based on NT seems to work on it) check it out.
Publisher's Description :
As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).
Version 1.1 is the second release of MBSA and includes a graphical and command-line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer 5.01 and later, and Office 2000 and 2002. MBSA will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, IIS 4.0 and 5.0, SQL Server 7.0 and 2000, IE 5.01 and later, Exchange 5.5 and 2000, and Windows Media Player 6.4 and later.
March 26th, 2003, 01:17 AM
I have done a review of MBSA before.
It isn't perfect, but I think it is helpful for companies that want to start to identify what patches and updates they are missing. It definitely is worth the money (being that its FREE).
The tool doesn't work flawlessly. Some Microsoft Security Bulletins contain workarounds or manual fixes rather than patches to install. For these items MBSA will report yellow X's to signify that it can not tell whether or not you have applied the patch / workaround. There are also discrepancies at times between what MBSA finds and what Windows Update detects.
At its core, MBSA still uses HFNetChk Lite. MBSA is essentially a GUI interface for HFNetChk that outputs a nice XML-based report. If you want, you can still use HFNetChk commands and switches if you run the tool from the command line instead of the GUI interface.
Lastly, it is not comprehensive because it only assesses Microsoft products (and not even 100% of those). I believe for corporations there are better tools to use to do vulnerability assessments, but for small companies and home users I think MBSA is a great tool that is at least a step in the right direction.