News

Free Microsoft Baseline Security Analyzer Available

• By Stephen Swoyer
• 04/10/2002

The 1.0 version of the hotfix management tool with HTML reporting capabilities is available at www.microsoft.com/technet/security/tools/Tools/mbsahome.asp.

MBSA is similar in scope to Microsoft’s hugely successful HFNetChk tool, but also bundles a GUI interface and point-and-click administrative abilities. Unlike Microsoft’s GUI-based Personal Security Advisor (MPSA), MBSA can run local scans on individual machines, as well as network-wide scans based on NetBIOS names or IP address ranges. MBSA leverages HFNetChk as its scanning engine.

“It will create a security report card for every single machine that’s scanned. Reports are stored back on the machine that the report was created on,” says Lara Sosnosky, a security program manager with Microsoft. “We’ve got Windows-specific [and] OS-specific checks, but we also have IIS- and SQL-specific checks, but also IE, Office and Outlook.”

In related news, Eric Schultze, a senior technologist with Microsoft’s Trustworthy Computing initiative, reports that the HFNetChk 3.4 beta cycle is drawing to a close. “It's still in beta - we've found a couple minor issues (typos, etc) that we're fixing - so it's still not fully released yet,” Schultze said last week in an e-mail interview.

As expected, MBSA 1.0 shipped with an integrated instance of the HFNetChk 3.4 scanning engine. According to Schultze, the version of HFNetChk 3.4 that appears as a separate download will be tweaked for command-line usage.

“We're making a few last minute enhancements to the beta - the beta/final release will be 3.41 or 3.42 - the changes we're doing now don't impact MPSA - just minor things we're doing for the free [command-line] version,” he says.

Schultze expects that HFNetChk 3.4x to be the final iteration of the command-line utility for awhile.

“I’m hoping that [HFNetChk] 3.4 will be the last release before HFNetChk 4.0, which is many months down the road,” says Schultze, adding that HFNetChk 4.0 represents a drastic overhaul because “we’re going back and rebuilding the XML database from scratch, basically.”

In the interim, Shavlik Technologies LLC, which developed both the HFNetChk and MBSA tools for Microsoft, and which markets a professional version of both products, HFNetChk Pro, has gone live with a Web site that provides tips for using the free HFNetChk tool.

Microsoft says that the HFNetChk Tips Web site represents still another point of collaboration between the software giant and Shavlik. “Those are the most frequently asked questions that I used to get in the HFNetChk mailbox and things that we get either from customers or newsgroups. Those questions or answers resolve 90 percent of the answers that come in,” Schultze says.

The most important tip, says Mark Shavlik, president of Shavlik Technologies, is to set HFNetChk or HFNetChk Pro to scan only for necessary patches. “Run it with necessary, because necessary understand that the roll-up of 22 patches, for example, supercedes all of the others and won’t even show them,” he says. Many IT managers configure both tools to scan for all missing patches. In such cases, Shavlik explains, HFNetChk indicates that patches that have been superceded by hotfix roll-ups, and which aren’t necessary, are missing.