Microsoft Attack Surface Analyzer 1.0 sniffs out security weakness
After more than 18 months in beta, Microsoft released version 1.0 of its free Attack Surface Analyzer, a tool which aims to highlight security weaknesses that have been introduced by the installation of any given application on a Windows 7 PC.
And as with the previous builds, the program is very easy to use. You run a baseline scan to capture your setup now, install an application, run another scan, and the Analyzer tells what’s changed: new processes, services, loaded modules, network connections and a whole lot more.
The program is targeted very much at developers, system administrators and other high-end users, however, so there are no concessions to novices when it comes to the reports.
We installed Apache on a test Windows 7 PC, for instance, and Attack Surface Analyzer complained that “the process ApacheMonitor.exe was detected with the NX setting disabled”. Not sure what that means? Unlucky: even clicking the “Explain” link won’t help you very much.
However, the Analyzer also produces a more general “Attack Surface” report which simply lists everything potentially security-related which has changed between your two scans.
In the case of our Apache installation, for instance, this revealed that the program had added a new Windows User group; two new registered file types; a single new service; and assorted other new running processes, network connections and more.
Even if you’re not a developer, then, the Attack Surface Analyzer (both 32-bit and 64-bit) could be useful whenever you need to understand more about how your PC’s configuration has changed over time. Just run a baseline scan at some known point, another one later on, and allow the Analyzer to highlight any important modifications.