Find Out How Secure Your Programs Are With Microsoft Attack Surface Analyzer

Windows Attack Surface Analyzer - Scan your system securityEver wondered how installing a program affects the security of your system?  Or are you a software developer and wondering something similar?  Microsoft has a groovy tool that will analyze your Windows system before a program installed, analyze it again post-installation, and them compare the two reports and show you any known vulnerabilities created.

Developed by the Security Engineering group, Attack Surface Analyzer is the groovy little utility we are talking about.  Some use cases for this application suggested by Microsoft allow:

– Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
– IT Professionals to assess the aggregate Attack Surface change by the installation of an organization’s line of business applications
– IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
– IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

The best part is it doesn’t take much time to set up.  Installation is simple, and setup comes in the fashion of a single file.

attack surface analyzer installation

Threat tests are performed and recorded in .CAB files.  Attack Surface Analyzer requires you to manually scan your system both before and after installing an application; at which point you can compare the two .CAB files (scans) to see the differences in system configuration.  attack surface analyzer run new scan

Each scan can take a good bit of time, and Attack Surface Analyzer isn’t easy on system resources either.  If you are going to be scanning, set aside a 15-30 minutes of time for web browsing or light computer use as the load it puts on your system strains it doing anything else.

data collection of attack sufrace analyzer

Ready to try it out?

Download the Attack Surface Anaylzer

1 Comment

1 Comment

  1. Vadim Schmidt

    February 2, 2011 at 9:40 pm

    Is this is new tool or just the MBSA scanner rebranded?

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top