Users login

Create an account »


Users login

Home » Hacking News » Microsoft preps Windows security scanner

Microsoft preps Windows security scanner

by Nikola Strahija on February 25th, 2002 The software will scan Windows for missing patches, weak passwords and other vulnerabilities As part of a push to regain the public trust, Microsoft plans to release a wizard-like program to help home software users and network administrators protect their computer systems from outside attack.

Called the Baseline Security Advisor, the program will scan Windows computers for unpatched programs, weak passwords, and vulnerabilities in the operating system and in several Microsoft products.

"Our goal is to allow (home) users to check their own machines," said Jason Shaw, lead product manager for Microsoft. "Company administrators can also use it to check their entire network."

While Microsoft has still not announced the product, the software titan showed off an early version of the scanner at its booth at the RSA Conference 2002 in San Jose, California. Shaw said the program will be available for free download from Microsoft's Web site in March.

"It won't matter what we do now and in the future if people don't trust computers," Craig Mundie, Microsoft vice president and chief technical officer for advanced strategies and policy, said during a Wednesday afternoon keynote address. "This is not a new initiative at the company; there has been a lot of people at it for a long time."

Microsoft has trained more than 9,000 of its programmers and developers in secure coding techniques since last fall, Mundie said. The company has also had outside security consultants pick through the source code for Windows, the .Net Web services framework and .Net server.

"For all of us, this cycle really has no end," Mundie said. "Programmers today are still human beings, and despite training them, it is difficult to get them to look to the future."

Unlike many vulnerability scanners, the MBSA doesn't take the role of an attacker and look for vulnerabilities. Instead, the scanner acts as an expert administrator looking for problems on the Microsoft security checklist.

The MBSA downloads a 700KB vulnerability and patch database from Microsoft that the company has created in Extensible Markup Language, or XML. XML is a popular Web standard by which businesses can easily exchange data between employees, customers, partners and suppliers. The software giant intends to maintain the database and provide the software for free.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »