Microsoft updates baseline security tool

Redmond has released a new version of its Microsoft Baseline Security Analyzer software. Although version 1.2 of MBSA is free, the security tool's usefulness is limited, according to some Windows experts.

As part of its effort to improve customers' overall patching experience, Microsoft this week released a version of a Windows security tool that can view an expanded number of patch configurations.

The Microsoft Baseline Security Analyzer (MBSA) version 1.2, which is now available as a download, adds functions in three categories. First, it checks for missing hotfixes on underlying objects, such as DirectX multimedia technology, Microsoft Data Access Components (MDAC), the Windows scripting host and Microsoft Java Virtual Machine.

The new version can also run security checks on a variety of critical Microsoft servers and applications, including Exchange 2003, Office 2003, BizTalk Server, Commerce Server, Content Management Server and others.

Finally, there is a check box that lets MBSA 1.2 compare results with data provided by Software Update Services (SUS) instead of Windows Update, two sources of Microsoft's security patches. This way, when IT managers scan a local machine, the tool compares with SUS and not Windows Update.

At Microsoft's monthly security webcast this week, Mike Nash, corporate vice president of Redmond's security business unit, said that, with the new MBSA, customers can view an Internet connection firewall and a software firewall in Windows XP and be able to tell whether ports are on or off, and whether their systems are configured correctly.

Experts said that IT administrators should keep in mind that MBSA is still limited to security checks. "That's not bad, but that's all that it does," said Brett Hill, a Boulder, Colo., Windows expert and author. "If there is a bug that causes a system to crash, [MBSA] won't find that."

Hill said that these improvements to MBSA show Microsoft's willingness to continue its investment in security patching and detection of flaws. Though Hill said MBSA is an important tool, Microsoft still must improve how MBSA matches its findings to those of Windows Update. MBSA tends to offer a more reliable check than Windows Update, because MBSA runs locally on a computer and can check the registry settings, in addition to the versions of files, whereas Windows Update is downloaded each time from Microsoft.

While MBSA is fine for some, not every IT professional believes that the free tool is worth the bother. Douglas Spindler, president of the San Francisco Networking Technologies User Group and IT administrator for a Berkeley, Calif.-based research institution, said that he wishes Microsoft would develop a tool that has a management console -- something that gives administrators the security status of all their Windows machines. "That way, a system administrator can go through and see where all the potential problems exist," Spindler said.

Spindler said that he's not using MBSA because its results are inconsistent. "What Microsoft needs to do is come up with a fix from a system administrator's point of view, not a programmer's point of view," he said.

Indeed, tools like MBSA offer only basic features. They are great for small businesses that like to use the tools that come bundled with Windows and don't require a lot of extra training, said Charles Kolodgy, an analyst at Framingham, Mass.-based International Data Corp. He said that it's also a useful tool for business units that want to ensure that their part of the company is secure even if they don't have a separate security budget.

FOR MORE INFORMATION:

Article: Microsoft to launch SUS 2.0 beta in January

Tip: Installing Software Update Services on the server

Tip: Installing Software Update Services on the client

Best Web Links: Security

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close