Microsoft has released a free tool for 32-bit and 64-bit editions of Windows that they have been using internally only for some time. The Attack Surface Analyzer assists "both testers and IT Pros in assessing the security of an application". It does so by highlighting "the changes in system state, runtime parameters and securable objects on the Windows operating system" after the installation of new programs.
The tool takes two snapshots of the system, one before the installation and one after the installation. It compares the two snapshots to identify the changes. It looks in particular for "classes of security weaknesses as applications are installed on the Windows operating system".
In addition, Microsoft Attack Surface Analyzer "gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report".
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
The program stores the report in a cab file. The start page offers to run a new scan or to generated a report by comparing a previous scan with a new scan.
Each scan performs several tasks, like enumerating files, handles or services. Some operations may take a while or show up as pending if they have not been started by the application.
The report is launched in the default web browser, a short explanation is available as well.
Attack Surface Analyzer is available as a 32-bit and 64-bit application at Microsoft.com. Please note that the application has been released as beta. Reports can be generated on Windows Vista, Windows 7 and Windows Server 2008 R1 and R2. The analysis of the data and report generation requires the Microsoft .NET Framework 3.5 in addition.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.