Microsoft Security Tool for Windows - Attack Surface Analyzer

Discussion in 'other security issues & news' started by m00nbl00d, Jan 18, 2011.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -http://news.softpedia.com/news/Download-Free-Microsoft-Security-Tool-for-Windows-Attack-Surface-Analyzer-178852.shtml

    -http://www.softpedia.com/get/Security/Security-Related/Attack-Surface-Analyzer.shtml
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    This will be interesting to try. Thank you m00nbl00d :).
     
  3. wat0114

    wat0114 Guest

    It is interesting, having just tried it on my base VM snapshot in VMWare Workstation, win7x64 Ultimate, ran a baseline scan with Attack Surface Analyzer, then installed a well known Security Suite, complete with firewall, antivirus, Spyware protection and some HIPS functionality, then ran a second scan called "Product scan", then generate an "Attack surface report" based on the comparison between the Baseline and Product scans.

    There are numerous "Weak ACL" reports on some of the directories, some vulnerable services, and vulnerable named pipes, among others, found as well. The report is very technical in content, better suited for experts for sure. I'm thinking MrBrian, Sully, kees, and a few others will understand the technical terminology better than I and most users, but it does illustrate the fact that installed software could cause security issues, but then how serious are they, and does the protection offered by the security suite offset the vulnerabilities caused by its presence in the O/S? I have no idea.

    here's one of the far more technical entries for illustration:

    Code:
    Weak ACL on C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_9aefdaaa829eb818 allows tampering by NT SERVICE\TrustedInstaller.
    Description:
    
    The ACL on the directory C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_9aefdaaa829eb818 allows tampering by NT SERVICE\TrustedInstaller.
    Details:
    
    Path: C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_9aefdaaa829eb818
    Weak ACLs:
    Account 	Rights
    NT SERVICE\TrustedInstaller (S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464) 	WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA 
    Some of them are, however, easy enough to understand.

    BTW, thank you for this, m00nbl00d
     
  4. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    No 32-bit love here it seems....
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I didn't even notice it. :D I wonder why no x86 flavor o_O Maybe Microsoft wants users with x64 versions be the Guinea pigs.

    -edit-

    Hope is not lost, my friend! -http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e068c224-9d6d-4bf4-aab8-f7352a5e7d45

    Softpedia just forgot to add the x86 link. :D
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    https://blogs.msdn.com/b/sdl/archiv...ce-analyzer-1-0-released.aspx?Redirected=true
     
Loading...
Thread Status:
Not open for further replies.