Slashdot Mirror
Microsoft Releases Attack Surface Analyzer Tool
wiredmikey writes "Microsoft has released the public version of Attack Surface Analyzer, a tool designed to help software developers and independent software vendors assess the attack surface of an application or software platform. The tool was pushed out of beta with Version 1.0 released on Thursday. Since ASA doesn't require the original source code, managers and executives can also use the tool to determine how a new application or software being considered would affect the organization's overall security before deploying it. The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. A stand-alone wizard guides users through the scanning and analysis process and a command-line version is available for use with automated tools. Attack Surface Analyzer 1.0 can be downloaded from Microsoft here."
Geez, they haven't even shipped the thing yet.
My first thought on seeing the title was WTF...Microsoft are releasing their own 0-day exploits ahead of a product launch?
I guess marketing should be careful next time to write some exclusions into their company-wide email requesting staff to spread the word Surface as widely as possible to get it into peoples' subconscious.
So I haven't yet tested it, but it sounds like a fancy interface to netstat, diff, and a wee bit of HijackThis thrown in for good measure. From the download site:
Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other parameters that affect a computer's attack surface.
The actual assessment of an attack surface is far more complex than any single system, and there's a heavy user-education component that no automated tool can test. While I'm sure this will have some use for admins who don't run firewalls or are under typically-asinine requirements to describe in detail the impact of a package, it looks more useful for ensuring programs actually uninstall completely.
You do not have a moral or legal right to do absolutely anything you want.
IT Security Auditors can use the tool to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews ... ... ...
The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed.
The tool also gives an overview of changes to the system that Microsoft considers important
The tool analyzes changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters.
Analyzer does not appear to rely on signatures or try to exploit known vulnerabilities. Instead, it just looks at classes of security weaknesses where programs commonly fall short, or are exposed to attack vectors.
This is for Windows only and it does not test applications for security problems, it looks at the entire system and how it is affected by the installation.
You can't handle the truth.
If that's the obvious question, you must know almost nothing about computers and/or software. Or your reading comprehension is gone missing.
No one said anything about changing the OS.
It's basically a divide-by-zero, implode the Internet kind of event. Don't do it.