Microsoft tool evaluates new software's impact on OS security
- 03 August, 2012 14:50
Microsoft has released Attack Surface Analyzer 1.0, a free tool that can help system administrators, IT security professionals or software developers understand how newly installed applications can affect the security of a Windows OS.
The tool scans for classes of known security weaknesses that can be introduced by the files, registry keys, services, Microsoft ActiveX controls and other parameters created or changed by new applications.
It can identify executable files, directories, registry keys, or processes with weak access control lists (ACLs). It can also flag processes that don't mark memory regions as non-executable (NX), which could result in the bypassing of the Data Execution Prevention (DEP) Windows security feature. The tool also identifies services with fast restart times that could be attacked to bypass address space layout randomization (ASLR), as well as changes to the Windows Firewall rules or Internet Explorer security policies.
These and many other weaknesses that the tool identifies can facilitate various types of attacks, including some that could allow attackers to gain control of the system, execute malicious code or gain access to sensitive data.
The tool is already being used by internal product groups at Microsoft and a public beta version has been available to download since January 2011. The 1.0 stable version released on Thursday contains significant performance enhancements and bug fixes.
"Through improvements in the code, we were able to reduce the number of false positives and improve Graphic User Interface performance," the Microsoft Security Development Lifecycle (SDL) team said in a blog post. "This release also includes in-depth documentation and guidance to improve ease of use."
The tool has 32-bit and 62-bit versions and supports Windows Vista and newer versions of Microsoft's OS, including Windows 8 and Windows Server 2012 that hit the RTM (release to manufacturing) milestone on Tuesday.
Attack Surface Analyzer 1.0 is not compatible with the beta version of the tool, so existing users need to perform new "clean" system and post-application-installation scans -- known as the baseline and product scans respectively.
Attack Surface Analyzer requires .NET Framework 4 or higher present on the system in order to compare and analyze scan results. However, performing the actual scans can be done from the command line interface without .NET Framework.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Devising a Server Protection Strategy with Trend Micro
With so many Information Technology solutions available to choose from today, many organizations put their trust in the experience, insight and advice of Gartner, and their industry-leading analysts. Trend Micro’s portfolio of solutions meets and exceeds Gartner’s recommendations on how to devise a server protection strategy. Precisely how Trend Micro does it is detailed in this whitepaper. Read now.
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.
Batten Down the Hatches! A Guide to Protecting Data in Motion
The risks facing high-speed data networks and unencrypted data while in motion are very real and on the rise. As information becomes one of the most valuable ‘off balance sheet’ assets, protection of that information and the investment in it is a paramount obligation of office-holders and management. Read now for a better understanding of the risks to data in motion.