Where is your PC vulnerable? A ‘pro’ security tool for us

IT Security professionals use special scanners to analyze the “endpoints” (computers on the network) for risks (aka “vulnerabilities”)– such as missing or weak passwords, missing updates and ‘hotfixes’, and running Services that shouldn’t be running, and more. These tools (vulnerability assessment scans) make the job of keeping tabs on large networks much easier to do, as you might imagine. (Think of, say, trying to keep all the computers on the campus of your State College patched, updated, and reasonably locked down. Just you. Yikes!)

Wouldn’t it be cool if you could borrow one of these professional tools and scan your own (home) system with it?
I know; you read this (and other tech tip sites) series everyday; you’ve followed the advice contained in these (types of) articles; you’re pretty savvy, and you’ve taken steps to secure your computer. At least, you have made a reasonable effort.
But wouldn’t it be nice to check your work with the click of a mouse? Find any security areas/settings you might have over-looked.. or need improvement? And then be able to fix those areas with a couple of clicks? If you answered, “yes!”, keep reading.

Microsoft offers just such a tool to IT Professionals for the specific purpose of analyzing Windows “endpoints” on their networks, and the good news is that we regular folk can download and run this tool on our networks too, even if we have a “network” of one machine (if you’re connected to the Internet, you’re on a network). It’s named the MBSA, the Microsoft Baseline Security Analyzer, and it scans your machine(s) for:
* Missing (or misconfigured) Security Updates: (Office and Windows)
* Administrative (mis)configurations: (firewall, password strength/expiration, file system, Automatic Update, User accounts)
* Services and Shares: (this helps determine if you’re exposing more than you need to by running unnecessary options)
* Internet Explorer settings

When the scan is completed, it provides a status report of the results in an easy to read Red Shield = critical!, Yellow= warning (not compliant), and Green = you’re OK. For those yellow and red areas it discovers, it provides links for “Details”, so you can see why you didn’t score well, and one-click “How to correct this”, so you can fix your weak areas.

 Home users will download and install MSBA (I will provide the link below) which will create an icon on their Desktop. Double-clicking the icon launches the MBSA, and a window opens asking you which computer, or range of computers, you want to analyze. Us regular folk will just want to scan our (local) machine, so we will select (click on) the first option.. as shown below.
By default, the next window will show that our machine has been selected.

 Click on “Start scan”, and sit back to await your results (you won’t wait long, MBSA can analyze a single machine in about a minute).

A perfectly configured machine will produce all green shields, and you can give yourself a big pat on the back and Quit MBSA. For the rest of us, any areas that require your attention will be listed first, and have red or yellow warnings.
My test machine produced two yellow shields: one warning me that Automatic Updates was configured to download, but not Install, Microsoft patches (that is my preferred setting as I like total control over what gets installed, and so I can ignore this warning); and one warning me that I am missing a Service Pack.. this alarmed me, so I clicked on “Details” to find out what I was “missing”.

This new window told me that this month’s MSRT had not yet been Run (remember? I’ve set Update to download but manually install.), and provided me with the link to click to Download the “missing” Update.. allowing for quick remediation of a detected problem.
Basically what you do is go down the list of red and yellows, and correct each one by clicking the provided links, which will turn the shield to green.

Today’s free link: To download your copy of this “Pro” tool, click here, and choose “Save” (not “Run”) and “To: Desktop” from the download window. This will place an “Install package” icon on your computer’s Desktop. When the download is completed, close any open windows and double-click on the new Install icon; this will start the installation. Agree to the EULA and follow the prompts through to “Finish”. There will now be a new shortcut icon (shown above) on your Desktop which you will use to launch the MBSA (you can “Recycle” the Install package now) and start evaluating and hardening your machine’s security.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 13, 2008 - Posted by techpaul | advice, computers, how to, network shares, networking, passwords, PC, security, tech, Vista, Windows, XP | hardening Windows, MBSA, risk assessment, securing Windows, vulnerability scanning