Microsoft tool evaluates new software's impact on OS security

Attack Surface Analyzer can identify multiple classes of weaknesses introduced by newly installed programs

Microsoft has released Attack Surface Analyzer 1.0, a free tool that can help system administrators, IT security professionals or software developers understand how newly installed applications can affect the security of a Windows OS.

The tool scans for classes of known security weaknesses that can be introduced by the files, registry keys, services, Microsoft ActiveX controls and other parameters created or changed by new applications.

It can identify executable files, directories, registry keys, or processes with weak access control lists (ACLs). It can also flag processes that don't mark memory regions as non-executable (NX), which could result in the bypassing of the Data Execution Prevention (DEP) Windows security feature. The tool also identifies services with fast restart times that could be attacked to bypass address space layout randomization (ASLR), as well as changes to the Windows Firewall rules or Internet Explorer security policies.

These and many other weaknesses that the tool identifies can facilitate various types of attacks, including some that could allow attackers to gain control of the system, execute malicious code or gain access to sensitive data.

The tool is already being used by internal product groups at Microsoft and a public beta version has been available to download since January 2011. The 1.0 stable version released on Thursday contains significant performance enhancements and bug fixes.

"Through improvements in the code, we were able to reduce the number of false positives and improve Graphic User Interface performance," the Microsoft Security Development Lifecycle (SDL) team said in a blog post. "This release also includes in-depth documentation and guidance to improve ease of use."

The tool has 32-bit and 62-bit versions and supports Windows Vista and newer versions of Microsoft's OS, including Windows 8 and Windows Server 2012 that hit the RTM (release to manufacturing) milestone on Tuesday.

Attack Surface Analyzer 1.0 is not compatible with the beta version of the tool, so existing users need to perform new "clean" system and post-application-installation scans -- known as the baseline and product scans respectively.

Attack Surface Analyzer requires .NET Framework 4 or higher present on the system in order to compare and analyze scan results. However, performing the actual scans can be done from the command line interface without .NET Framework.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?