Free Microsoft Baseline Security Analyzer Available

Microsoft Corp.'s ongoing efforts to improve the security of its products got a boost this week when Redmond made its promised Microsoft Baseline Security Analyzer (MBSA) available for free download.

The 1.0 version of the hotfix management tool with HTML reporting capabilities is available at

MBSA is similar in scope to Microsoft’s hugely successful HFNetChk tool, but also bundles a GUI interface and point-and-click administrative abilities. Unlike Microsoft’s GUI-based Personal Security Advisor (MPSA), MBSA can run local scans on individual machines, as well as network-wide scans based on NetBIOS names or IP address ranges. MBSA leverages HFNetChk as its scanning engine.

“It will create a security report card for every single machine that’s scanned. Reports are stored back on the machine that the report was created on,” says Lara Sosnosky, a security program manager with Microsoft. “We’ve got Windows-specific [and] OS-specific checks, but we also have IIS- and SQL-specific checks, but also IE, Office and Outlook.”

In related news, Eric Schultze, a senior technologist with Microsoft’s Trustworthy Computing initiative, reports that the HFNetChk 3.4 beta cycle is drawing to a close. “It's still in beta - we've found a couple minor issues (typos, etc) that we're fixing - so it's still not fully released yet,” Schultze said last week in an e-mail interview.

As expected, MBSA 1.0 shipped with an integrated instance of the HFNetChk 3.4 scanning engine. According to Schultze, the version of HFNetChk 3.4 that appears as a separate download will be tweaked for command-line usage.

“We're making a few last minute enhancements to the beta - the beta/final release will be 3.41 or 3.42 - the changes we're doing now don't impact MPSA - just minor things we're doing for the free [command-line] version,” he says.

Schultze expects that HFNetChk 3.4x to be the final iteration of the command-line utility for awhile.

“I’m hoping that [HFNetChk] 3.4 will be the last release before HFNetChk 4.0, which is many months down the road,” says Schultze, adding that HFNetChk 4.0 represents a drastic overhaul because “we’re going back and rebuilding the XML database from scratch, basically.”

In the interim, Shavlik Technologies LLC, which developed both the HFNetChk and MBSA tools for Microsoft, and which markets a professional version of both products, HFNetChk Pro, has gone live with a Web site that provides tips for using the free HFNetChk tool.

Microsoft says that the HFNetChk Tips Web site represents still another point of collaboration between the software giant and Shavlik. “Those are the most frequently asked questions that I used to get in the HFNetChk mailbox and things that we get either from customers or newsgroups. Those questions or answers resolve 90 percent of the answers that come in,” Schultze says.

The most important tip, says Mark Shavlik, president of Shavlik Technologies, is to set HFNetChk or HFNetChk Pro to scan only for necessary patches. “Run it with necessary, because necessary understand that the roll-up of 22 patches, for example, supercedes all of the others and won’t even show them,” he says. Many IT managers configure both tools to scan for all missing patches. In such cases, Shavlik explains, HFNetChk indicates that patches that have been superceded by hotfix roll-ups, and which aren’t necessary, are missing.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.