Version 2.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations.
[sarcasm[Don’t be surprised if it reports that everything is ok, when a system is analyzed with a tool provided by the same provider as the system itself. And if that provider is someone with nil history on security, well, if you don’t count the purchasing of others, which I don’t.[/sarcasm]
What’s wrong with Nessus?
We’ve used this quite a bit for patch management. Windows Update will miss things.
I just ran it on a win2k advanced server scanning a private network and on the 2nd machine, the server bluescreened. Nice.
That’s a server that doesn’t usually have any problems.
Where’s the sarcasm? I seem to have missed it.
Had to try this one. Turned out to be amusing. After a few minutes, it gave me a report which a) told me that the guest account was enabled even though the control panel said different and b) while the Windows Security Center sees that I don’t have an antivirus installed the Baseline Security Analyzer doesn’t. And I’d say a missing antivirus is a pretty “common security misconfiguration”. Not very effective but pretty funny
so funy!m$ baseline security scanner!LOL
It’s quite amazing that a free piece of software for Windows can’t be downloaded from http://www.microsoft.com without running an executable to verify that you’re running “genuine” Windows ! Why should I have to be running Windows to *download* a Windows binary ? That’s ludicrous and Microsoft should be ostracised for this – as far as I know, it’s the only site in the world that insists you’re running a particular OS before you can download free software from its site.
You can download it without running the genuine software check just click No take me to the download.
Downloaded the tool, ran it on Windows 2000 without problems. While it’s not earth-shattering, it did point out some little stuff that it was best to change. A few things it highlighted weren’t relevant to our configuration, but it’s probably good to have them drawn to awareness.
Given most insecure systems are a product of bad setup (be it Windows, Linux or whatever), I’m pleased Microsoft have made this tool to at least provide some assistance in securing the system. I would imagine it would make a useful quick check even for very experienced admins.
And yes, you can download it without doing the genuine software check.
“as far as I know, it’s the only site in the world that insists you’re running a particular OS before you can download free software from its site.”
I find it to be disgusting. I guess that’s [another reason] why I don’t use Windows, and will never use another product from Microsoft ever again.