Microsoft tool evaluates new software's impact on OS security

Attack Surface Analyzer can identify multiple classes of weaknesses introduced by newly installed programs

Microsoft has released Attack Surface Analyzer 1.0, a free tool that can help system administrators, IT security professionals or software developers understand how newly installed applications can affect the security of a Windows OS.

The tool scans for classes of known security weaknesses that can be introduced by the files, registry keys, services, Microsoft ActiveX controls and other parameters created or changed by new applications.

It can identify executable files, directories, registry keys, or processes with weak access control lists (ACLs). It can also flag processes that don't mark memory regions as non-executable (NX), which could result in the bypassing of the Data Execution Prevention (DEP) Windows security feature. The tool also identifies services with fast restart times that could be attacked to bypass address space layout randomization (ASLR), as well as changes to the Windows Firewall rules or Internet Explorer security policies.

These and many other weaknesses that the tool identifies can facilitate various types of attacks, including some that could allow attackers to gain control of the system, execute malicious code or gain access to sensitive data.

The tool is already being used by internal product groups at Microsoft and a public beta version has been available to download since January 2011. The 1.0 stable version released on Thursday contains significant performance enhancements and bug fixes.

"Through improvements in the code, we were able to reduce the number of false positives and improve Graphic User Interface performance," the Microsoft Security Development Lifecycle (SDL) team said in a blog post. "This release also includes in-depth documentation and guidance to improve ease of use."

The tool has 32-bit and 62-bit versions and supports Windows Vista and newer versions of Microsoft's OS, including Windows 8 and Windows Server 2012 that hit the RTM (release to manufacturing) milestone on Tuesday.

Attack Surface Analyzer 1.0 is not compatible with the beta version of the tool, so existing users need to perform new "clean" system and post-application-installation scans -- known as the baseline and product scans respectively.

Attack Surface Analyzer requires .NET Framework 4 or higher present on the system in order to compare and analyze scan results. However, performing the actual scans can be done from the command line interface without .NET Framework.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?