Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Where is your PC vulnerable? A ‘pro’ security tool for us

IT Security professionals use special scanners to analyze the “endpoints” (computers on the network) for risks (aka “vulnerabilities”)– such as missing or weak passwords, missing updates and ‘hotfixes’, and running Services that shouldn’t be running, and more. These tools (vulnerability assessment scans) make the job of keeping tabs on large networks much easier to do, as you might imagine. (Think of, say, trying to keep all the computers on the campus of your State College patched, updated, and reasonably locked down. Just you. Yikes!)

Wouldn’t it be cool if you could borrow one of these professional tools and scan your own (home) system with it?
I know; you read this (and other tech tip sites) series everyday; you’ve followed the advice contained in these (types of) articles; you’re pretty savvy, and you’ve taken steps to secure your computer. At least, you have made a reasonable effort.
But wouldn’t it be nice to check your work with the click of a mouse? Find any security areas/settings you might have over-looked.. or need improvement? And then be able to fix those areas with a couple of clicks? If you answered, “yes!”, keep reading.

Microsoft offers just such a tool to IT Professionals for the specific purpose of analyzing Windows “endpoints” on their networks, and the good news is that we regular folk can download and run this tool on our networks too, even if we have a “network” of one machine (if you’re connected to the Internet, you’re on a network). It’s named the MBSA, the Microsoft Baseline Security Analyzer, and it scans your machine(s) for:
* Missing (or misconfigured) Security Updates: (Office and Windows)
* Administrative (mis)configurations: (firewall, password strength/expiration, file system, Automatic Update, User accounts)
* Services and Shares: (this helps determine if you’re exposing more than you need to by running unnecessary options)
* Internet Explorer settings

When the scan is completed, it provides a status report of the results in an easy to read Red Shield = critical!, Yellow= warning (not compliant), and Green = you’re OK. For those yellow and red areas it discovers, it provides links for “Details”, so you can see why you didn’t score well, and one-click “How to correct this”, so you can fix your weak areas.

capture.jpg Home users will download and install MSBA (I will provide the link below) which will create an icon on their Desktop. Double-clicking the icon launches the MBSA, and a window opens asking you which computer, or range of computers, you want to analyze. Us regular folk will just want to scan our (local) machine, so we will select (click on) the first option.. as shown below.
By default, the next window will show that our machine has been selected.

mbsa.jpg

 Click on “Start scan”, and sit back to await your results (you won’t wait long, MBSA can analyze a single machine in about a minute).

A perfectly configured machine will produce all green shields, and you can give yourself a big pat on the back and Quit MBSA. For the rest of us, any areas that require your attention will be listed first, and have red or yellow warnings.
My test machine produced two yellow shields: one warning me that Automatic Updates was configured to download, but not Install, Microsoft patches (that is my preferred setting as I like total control over what gets installed, and so I can ignore this warning); and one warning me that I am missing a Service Pack.. this alarmed me, so I clicked on “Details” to find out what I was “missing”.
mbsadetails.jpg

This new window told me that this month’s MSRT had not yet been Run (remember? I’ve set Update to download but manually install.), and provided me with the link to click to Download the “missing” Update.. allowing for quick remediation of a detected problem.
Basically what you do is go down the list of red and yellows, and correct each one by clicking the provided links, which will turn the shield to green.

Today’s free link: To download your copy of this “Pro” tool, click here, and choose “Save” (not “Run”) and “To: Desktop” from the download window. This will place an “Install package” icon on your computer’s Desktop. When the download is completed, close any open windows and double-click on the new Install icon; this will start the installation. Agree to the EULA and follow the prompts through to “Finish”. There will now be a new shortcut icon (shown above) on your Desktop which you will use to launch the MBSA (you can “Recycle” the Install package now) and start evaluating and hardening your machine’s security.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 13, 2008 - Posted by | advice, computers, how to, network shares, networking, passwords, PC, security, tech, Vista, Windows, XP | , , , ,

3 Comments »

  1. Very nice :) btw very good tips i will use them. Some of them i did not knew.

    Like

    Comment by SCE | March 28, 2008 | Reply

  2. Thank you so much for the very good information. Easy to read and understand. I am 73 yr’s old and try to maintain my computer. I started having some problems and made the mistake of moving files and am sure I over wrote some of them. I will probably never recover from some of my mistakes. I have been searching for information to help me identify my files. Since I have changed some of them. It probably won’t help. Anyway thanks again for all the good advice.

    Like

    Comment by Fern | October 27, 2011 | Reply

    • Fern,
      Thank you for the kind words.

      In terms of offering some advice with “identify my files”..
      If the “files” you refer to are personal things you have created (aka ‘documents’) – as opposed to the computer’s “system files” – and you have moved them and now cannot find them again, the Search tool is where I would start.
      My tutorial for that is here.

      Like

      Comment by techpaul | October 27, 2011 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: