News

Microsoft Baseline Security Analyzer Preview

• By Stephen Swoyer
• March 06, 2002

According to Lara Sosnosky, a security program manager with Microsoft, MBSA will supplant the Microsoft Personal Security Advisor, a hotfix testing service for Windows NT 4.0 Workstation, Windows 2000 Professional and Windows XP Professional systems that Microsoft unveiled, in conjunction with Shavlik Technologies, in August 2001.

"MBSA will actually be replacing MPSA. The reason that we’re replacing it is that MBSA is a superset of all of the MPSA checks," she says. "MPSA was really targeted for desktop configurations. It was an ActiveX control that could run only on a system itself. MBSA is a self-contained tool that can run locally or remotely against servers or workstations."

MBSA will also leverage Microsoft’s highly successfully HFNetChk hotfix management tool. "MBSA actually calls HFNetChk," she says. "It doesn’t bundle it separately, but it runs HFNetChk from within the tool engine itself."

Microsoft plans to continue to support the standalone HFNetChk tool, Sosnosky says, for the simple reason that many Windows administrators prefer a command-line interface to that of a GUI.

MBSA, which is expected to debut by the end of March, will run locally on Windows 2000 and Windows XP. At the same time, MBSA will incorporate scanning support for remote Windows NT 4.0, Windows 2000, Windows XP and Windows .NET Server systems, Sosnosky asserts. In addition, MBSA boasts the ability to scan IIS configurations running on all four platforms –- although .NET Server and IIS 6.0 aren’t officially supported because they haven’t yet been released -– and can also probe SQL Server, Internet Explorer and Office configurations for hotfix compliance, as well.

Microsoft has steadily improved the features and capabilities of its hotfix management toolset, in the process cutting into the market segments of vendors such as Shavlik Technologies, St. Bernard Software, Configuresoft and Gravity Storm Software, which have traditionally provided pay-for-use GUI-based hotfix management tools. Still, MBSA still lacks many of the features –- including a robust reporting engine and the ability to remotely patch vulnerable systems -– that these vendors have long provided.

According to Shavlik President Mark Shavlik, his company has assisted Microsoft with the development of many of its hotfix-checking tools, including MBSA. Rather than cutting into the market share for his company’s pay-for-use tools, he maintains, Shavlik’s cooperation with Microsoft has fueled its growth.

"The ability to work with Microsoft so closely on this security management initiative has really helped us to grow in this emerging market," he says.

Similarly, Shavlik says, his company’s pay-for-use HFNetChk Pro tool extends the functionality of MBSA. For example, Microsoft’s new tool can create HTML reports, but lacks a facility to automatically export them. "Right now, for version 1.0, you can copy and paste reports. We have an action button to paste [report data] into Excel," Sosnosky says.

Shavlik’s HFNetChk Pro utility, on the other hand, is able to export reports to a variety of repositories. Similarly, Shavlik says, HFNetChk Pro, like most of its pay-for-use competitors, boasts a hotfix push mechanism that can update vulnerable systems remotely.