Companies running older Windows software can still get vulnerability assessments and updates from Shavlik Technologies, which will feed scans and updates to the MBSA console for IT administrators.
Microsoft and Shavlik are working together again to provide free vulnerability assessment capabilities and updates for Windows systems that have traditionally relied upon the Microsoft Baseline Security Analyzer (MBSA) V1.2.1.
Shavlik launched its free tool, Shavlik NetChk Protect Limited, on Monday. "This allows Microsoft to focus on what they do best, developing software," said Eric Schultze, chief technology officer at Shavlik Technologies, based in Rosemont, Minn.
As products age, keeping them updated always becomes more challenging. Both companies said Monday that Shavlik NetChk Protect Limited for MBSA is now available for immediate download at no cost to Microsoft users as a way to keep their protection current.
NetChk Protect combines scans and updates that Microsoft has already provided in an older version of its MBSA tool, and scans for products that Microsoft does not have but that Shavlik does, Schultze said.
Microsoft and Shavlik's agreement extends an existing relationship between the two companies that started in 2001. Shavlik originally developed the core scanning and detection technology to be used as the basis for MBSA. Microsoft released this capability as two separate tools called MBSA and HFNetChk, making it the first operating system vendor to offer network patch check tools.
And because many IT shops have at least some older Microsoft products that the company no longer supports, this free technology is one more tool to help IT administrators keep their systems secure, analysts said.
"I would imagine that where they are holding on to older Windows stuff, particularly for those products that Microsoft is no longer supporting, it's helpful," said Eric Maiwald, an analyst with the Burton Group, based in Midvale, Utah. Of course, if patches are not available for some of the older products, that could prove an issue, he said.
In cases like Microsoft's Office 2000, Microsoft does not have scans available for the product, and by using Shavlik's new tool, IT administrators will be able to scan for vulnerabilities and then put the right Microsoft patches into place, Schultze said.
Last week Microsoft retired its Microsoft Baseline Security Analyzer V1.2.1, which is used for vulnerability scanning and detection for some older Microsoft products that are not supported by Windows Software Update Servers, or WSUS.
The extension and additions to scanning and updates didn't really surprise one user. "What's important about this is that Microsoft is acknowledging that [IT administrators] don't move off platforms easily," said Susan Bradley, a Microsoft MVP and certified public accountant at Tamiyasu, Smith, Horn and Braun Accountancy Corp. in Fresno, Calif.