Microsoft Baseline Security Analyzer

Printable View

April 18th, 2002, 01:34 PM
sun7dots

Microsoft Baseline Security Analyzer

Take a look at Microsoft Baseline Security Analyzer. It's a tool that does this -

Quote:

Abstract

The Microsoft® Baseline Security Analyzer (MBSA) is a tool that allows an individual home or corporate user or an administrator to scan one or more Windows®-based computers for common security misconfigurations. The MBSA will scan a Windows-based computer and check the operating system and other installed components, such as Windows 2000 Server's Internet Information Services (IIS) and SQL Server™, for security misconfigurations and whether or not they are up-to-date with respect to recommended security hotfixes and patches.

More you can find here and here .

Hope this can help some of you...
April 18th, 2002, 01:52 PM
RiOtEr

hehe anything from microsoft is probably also scanning and sending some info back to bill gates lol i always make sure i have my firewall on when playing with stuff from MS cause after the increase of reports on MS sending unothised packets to bills home im sceptical just a word of advice
RiOtEr
April 18th, 2002, 03:37 PM
micael

IMHO "Microsoft Baseline Security Analyzer" has some potential, but a manual security check is to prefer since the tool aint is that good (yet?). The only thing I liked with it was the report of missing patches, that's a nice feature except that MBSA reported a missing patch in my system, and the patch reported missing for my system did not exist on M$ web. And MBSA could not verify if my custom policy's was secure and reported them as a potential risk. This tool will not today (if ever) replace good knowledge and good sources of information :).
April 18th, 2002, 04:56 PM
souleman

How long till someone finds a vulnerabilty in site security analyzer?
April 18th, 2002, 05:08 PM
d313t3d

I thought I read something on this site yesterday that was talking about how it's already screwin' up, stuff about saying you need patches when you don't. . .
April 19th, 2002, 01:00 PM
Kitara

The tool is informational, the same with their hfnetchk program.
But beware, putting on patches that your system doesn't need will screw up your servers. Don't learn the hard way, make sure you have a good backup, or image, before applying the patch, and read the entire technical document that is included with the patch.
Just thought I'd throw that in.
April 20th, 2002, 04:44 PM
micael

Quote:

Originally posted here by Kitara
The tool is informational, the same with their hfnetchk program.
But beware, putting on patches that your system doesn't need will screw up your servers. Don't learn the hard way, make sure you have a good backup, or image, before applying the patch, and read the entire technical document that is included with the patch.
Just thought I'd throw that in.

I agree with Kitara, don't fix it if its aint broken :D.

And do follow RA's good advice RTFM on the mainpage (Quick Tip!).
April 20th, 2002, 08:28 PM
{P²P}Apocalypse

This little site from Microshaft still does better than the baseline advisor. I like it because it does it remotely.
http://www.microsoft.com/technet/mpsa/start.asp

PS: Nevermind now. They have now replaced the page with a link to the Baseline Security progy now. This just sucks...................