Security

Microsoft's Baseline Security Analyzer now has a GUI

The newest version of the Microsoft Baseline Security Analyzer includes some new improvements such as a GUI interface. See what this tool can do and get the latest updates on other important security news in this edition of The Locksmith.


Microsoft has released Baseline Security Analyzer (MBSA) version 1.2, which adds a graphical interface and Unicode output. This valuable security tool can be downloaded for free (there are also French, German, and Japanese versions).

Details
MBSA version 1.2 has both GUI and command line interfaces and performs local or remote scans of Windows systems. The analyzer runs on Windows 2000, Windows XP, and Windows Server 2003 systems.

The scanner is intended to find “common system misconfigurations” and missing security updates for a number of Microsoft operating systems, utilities, and applications, even some running on Windows NT 4.0.

MBSA 1.2 checks most Microsoft Office applications on Windows 2000 and later systems but only on the machine that hosts MBSA. The scan for Office components also detects missing service packs, and not just security patches.

According to the Microsoft white paper, the new version of MBSA also supports security update scans for:
  • Exchange Server 2003
  • MDAC 2.5, 2.6, 2.7, and 2.8
  • Microsoft Virtual Machine
  • MSXML 2.5, 2.6, 3.0, and 4.0
  • BizTalk Server 2000, 2002, and 2004
  • Commerce Server 2000 and 2002
  • Content Management Server 2001 and 2002
  • Host Integration Server 2000 and 2004 (and its precursor, SNA Server 4.0)

MBSA will also check the configuration of the Internet Connection Firewall shipped with Windows XP and perform some checks on the security zone configurations in Internet Explorer. A number of other checks are performed, but these were also included in earlier versions.

MBSA is discussed in greater detail in Microsoft's Knowledge Base Article Q320454, in the MBSA Q&A, and in a white paper on the security analyzer.

Final word
The nice thing about MBSA is that it can help look for problems that may have been missed when patching. In my experience, MBSA 1.2 downloaded and installed fine. The GUI makes it a lot simpler to use, or at least much quicker; however, it crashes (just the MBSA GUI, not the whole system) every time I try to run it.

I suspect that this MBSA trouble is based on a problem with my Windows XP Pro testing machine (which has slowly become unstable despite all the tests I run and the maintenance I perform). Therefore, I suggest you test MBSA carefully before running it when you have other applications open, either locally or on any remote systems. You should be especially vigilant when running it on a Windows XP system.

Also watch for…
  • ComputerWeekly.com has reported that a German security firm, AERAsec, has discovered some serious flaws in three vendors’ antivirus software. Said to be affected are Kapersky Labs’ AntiVirus for Linux 5.0.1.0, Trend Micro’s InterScan Viruswall products for Linux/UNIX and Sendmail, and McAfee Virus Scan for Linux v4.16.0. TrendMicro and Kapersky have already posted fixes; Network Associates says that it is checking into the issue on its McAfee product. The problem is in the way these, and perhaps other antivirus software, look at some large compressed files. The issue lies in the decompression engine of the software.

  • Another recent problem affected Symantec users who found that the LiveUpdate system for Norton security products had blocked access to their Word and Excel applications. Another problem with LiveUpdate possibly allowed attackers to penetrate the system. Symantec immediately fixed both problems via LiveUpdate itself, but it just goes to show that you can’t depend 100 percent on any single product for protection.

  • Cisco has reported that its voice products, namely CallManager, IP Interactive Voice Response, IP Call Center Express, Personal Assistant, Emergency Responder, Conference Connection, and Internet Service Node, running on some IBM servers, may not be securely installed by default. See the Cisco Security Advisory for more details.

  • On the fraud watch front, there are more and more stories about people being caught and getting serious time for e-mail "phishing" and hacking their former employers. The latest is a spammer turned scammer in Ohio who forged e-mails to AOL users and got hundreds of naive folks to send her their credit card numbers. Although catching her was something of a no-brainer (she included an FBI computer specialist in her mailing list), at least the courts are taking things seriously now. Security Focus reports that 55-year-old Helen Carr will spend nearly four years in a federal slammer. Her 46-month sentence falls in the middle of the sentencing guidelines, but, at least, she isn’t getting a slap on the wrist. I mention this story because it shows the courts are taking hacking more seriously and because I found it instructive that this wasn’t some “kid;” rather, it was a 55-year-old, which should serve to remind my readers that they don’t need to just watch out for the youngsters. Former employees of any age can become a security threat.


 

Editor's Picks

Free Newsletters, In your Inbox