System Utilities Tweaking Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer 2.3 for Windows

by Microsoft Corp.

Avg. Rating 4.1 (63 votes)

File Details

File Size 1.6 MB
License Freeware
Operating System Windows 2000/Server 2003/Server 2008/Vista/XP
Date Added
Total Downloads 23,907
Publisher Microsoft Corp.
Homepage Microsoft Baseline Security Analyzer

Publisher's Description

Microsoft Baseline Security Analyzer (MBSA) analyzes Windows systems for common security misconfigurations. MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.

MBSA uses a version of HFNetChk to scan for missing hotfixes and service packs for Windows, IIS, and SQL Server. MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.

Latest Reviews

neogator

neogator reviewed v2.1 on May 11, 2008

MBSA 2.1 offers Windows Vista and Windows Server 2008 compatibility, a revised user interface, 64-bit support, improved Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) based on Microsoft Update.

-Lord-

-Lord- reviewed v2.1 on May 6, 2008

Lack of vista support.

stevetures

stevetures reviewed v2.0.1 on Nov 9, 2006

As a budding security prof., this tool is constantly listed as a useful tool in many cases. It wasn't originally written by M$ either(a confidence statement in my book).

Using it is easy, which is how it should be since M$ is everywhere and there's no guarantee that their admins are capable.

From what I read, this is a minor update that makes it more compatible with the latest Windows Update def.-type file (a bugfix).

And it gets a 4 in my book since there are better tools out there (Nessus anyone?)

Aegis69

Aegis69 reviewed v2.0.1 on Nov 9, 2006

What could Microsoft possibly know about securing a computer system?

Mark Gillespie

Mark Gillespie reviewed v2.0.1 on Nov 9, 2006

Quite good, got a bug with MDAC reporting thou, as it constantly tells me I need a MDAC update, but when I run the MDAC update it requests, it says I already have a newer version!! Doh..

No way to get a clean bill of health from it...

phiber0ptik

phiber0ptik reviewed v2.0.1 on Nov 9, 2006

The MAZZTer, Linux is a security risk :) I mean, you can maount your NTFS-partition within linux and rip all those nasty docements from whatever account :p You can even reset passwords for all the accounts. Well um... this is more of an enterprise-concern, since the owner of the computer probably know he has linux installed :D

The MAZZTer

The MAZZTer reviewed v2.0.1 on Nov 8, 2006

Very nice tool. 5/5

But -2 for labeling Linux a security vulnerability. Admittedly a slight exaggeration, but not too much. All non-NTFS drives are labeled as security vulnerabilities... since Linux cannot be booted from NTFS, and good NTFS drivers are only recently maturing, this effectively means Linux partitions will be marked as vulnerabilities.

This might only appear for me because I have an EXT2FS driver for Windows; the warning probably would not appear otherwise.

This tool will get 5/5 from me if and only if it changes the check to check for FAT (which is probably what it's SUPPOSED to check for) instead of not-NTFS.

uberfly

uberfly reviewed v2.0.1 on Nov 8, 2006

mmatheny, yes, and it works great. Maybe you should try again. You know, more than one try. Give it another go and such.

mmatheny

mmatheny reviewed v2.0 on Jul 5, 2005

Well, cannot load the catalog from either my WSUS server or MS download servers - that makes this product half-baked. Anyone got it to download the catalog?

Crypton

Crypton reviewed v2.0 on Jul 5, 2005

While they are trying to make some great improvements to this security analyzer, the program itself has become buggy. Tested it here in my labs on fresh installs on various system setups and out of 20 machines, 5 received errors even detecting the local machine when the program was launched (manually typing in the workgroup and machine *eg. Workgroup\Machine1* is a workaround for the error)

3 other machines built using some older tested good hardware running various OS's in the dual boot environment including 2K, 2k3, and XP received various errors and mis-detected security risks.

The other machines had some detected security risks that are normal on Baseline, since it detects the service as being there but even if set to disabled it lets you know the service is there and could be at risk (if enabled)

I will have to settle at a score of 4 as these mis-detections can make some users nervous and the buggy detection of the local machine when it is clearly specified in Windows should be looked into.

Over all the update is much needed and a step in the right direction.

Avg. Rating 4.1 (63 votes)
Your Rating
neogator

neogator reviewed v2.1 on May 11, 2008

MBSA 2.1 offers Windows Vista and Windows Server 2008 compatibility, a revised user interface, 64-bit support, improved Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) based on Microsoft Update.

-Lord-

-Lord- reviewed v2.1 on May 6, 2008

Lack of vista support.

stevetures

stevetures reviewed v2.0.1 on Nov 9, 2006

As a budding security prof., this tool is constantly listed as a useful tool in many cases. It wasn't originally written by M$ either(a confidence statement in my book).

Using it is easy, which is how it should be since M$ is everywhere and there's no guarantee that their admins are capable.

From what I read, this is a minor update that makes it more compatible with the latest Windows Update def.-type file (a bugfix).

And it gets a 4 in my book since there are better tools out there (Nessus anyone?)

Aegis69

Aegis69 reviewed v2.0.1 on Nov 9, 2006

What could Microsoft possibly know about securing a computer system?

Mark Gillespie

Mark Gillespie reviewed v2.0.1 on Nov 9, 2006

Quite good, got a bug with MDAC reporting thou, as it constantly tells me I need a MDAC update, but when I run the MDAC update it requests, it says I already have a newer version!! Doh..

No way to get a clean bill of health from it...

phiber0ptik

phiber0ptik reviewed v2.0.1 on Nov 9, 2006

The MAZZTer, Linux is a security risk :) I mean, you can maount your NTFS-partition within linux and rip all those nasty docements from whatever account :p You can even reset passwords for all the accounts. Well um... this is more of an enterprise-concern, since the owner of the computer probably know he has linux installed :D

The MAZZTer

The MAZZTer reviewed v2.0.1 on Nov 8, 2006

Very nice tool. 5/5

But -2 for labeling Linux a security vulnerability. Admittedly a slight exaggeration, but not too much. All non-NTFS drives are labeled as security vulnerabilities... since Linux cannot be booted from NTFS, and good NTFS drivers are only recently maturing, this effectively means Linux partitions will be marked as vulnerabilities.

This might only appear for me because I have an EXT2FS driver for Windows; the warning probably would not appear otherwise.

This tool will get 5/5 from me if and only if it changes the check to check for FAT (which is probably what it's SUPPOSED to check for) instead of not-NTFS.

uberfly

uberfly reviewed v2.0.1 on Nov 8, 2006

mmatheny, yes, and it works great. Maybe you should try again. You know, more than one try. Give it another go and such.

mmatheny

mmatheny reviewed v2.0 on Jul 5, 2005

Well, cannot load the catalog from either my WSUS server or MS download servers - that makes this product half-baked. Anyone got it to download the catalog?

Crypton

Crypton reviewed v2.0 on Jul 5, 2005

While they are trying to make some great improvements to this security analyzer, the program itself has become buggy. Tested it here in my labs on fresh installs on various system setups and out of 20 machines, 5 received errors even detecting the local machine when the program was launched (manually typing in the workgroup and machine *eg. Workgroup\Machine1* is a workaround for the error)

3 other machines built using some older tested good hardware running various OS's in the dual boot environment including 2K, 2k3, and XP received various errors and mis-detected security risks.

The other machines had some detected security risks that are normal on Baseline, since it detects the service as being there but even if set to disabled it lets you know the service is there and could be at risk (if enabled)

I will have to settle at a score of 4 as these mis-detections can make some users nervous and the buggy detection of the local machine when it is clearly specified in Windows should be looked into.

Over all the update is much needed and a step in the right direction.

3nos

3nos reviewed v2.0 on Jul 5, 2005

a good analyzer & more: it's free!
similar to some online services from other security vendor.

donpacman

donpacman reviewed v2.0 on Jul 4, 2005

Must have.

mreese

mreese reviewed v2.0 on Jul 4, 2005

I was able to get on the beta test list for MBSA, and I really think MS is finally starting to see the value in getting the community more involved with development. MBSA 2.0 is nice and all, but it's intergration into SUS..errr WUS...uuhh I mean WSUS really shows what Billgatus is up to. MS released some scripting tools for MBSA 1.2 to allow customized exceptions and consolidated reporting, blah blah, etc, which was thrown together with some quick examples and posted in some dark corner of their site most people never stumbled upon. HOWEVER...WSUS brings together security and patch managment / reporting and staging of releases using MBSA 2.0 in a way that gives you the impression that it might actually be possible to manage updates for more than 50 2k3 boxes, and still have time to go through those event viewer logs you've been blowing off for weeks. I believe when they complete their one-stop-shop for updating patches / spyware / virus defs, and configurations (are they still calling it "choice one" or stop-n-crash.....whatever), they might actually come close to their goal of eliminating the need for 3rd party software alltogether. Seriously, they even have their sights on Photoshop!! Looks like MS is starting to listen to the little people, and it's paying off. I giveit a 4 cause I still have 17 NT4 TSE boxes which can't be scripted due to forced reboots that no switch in the universe will stop!

GoodThings2Life

GoodThings2Life reviewed v1.2.1 on Aug 18, 2004

Very good application, despite the fact that it sometimes reports installed updates as not installed... however, that's more of a registry error from the patch itself.

Anyway, djzepp, make sure you're scanning with an Administrator account, and not just a Power User or User account.

As for the Anonymous access setting... go with 2 unless you share files on a LAN with users via Guest account. Even then, reconsider using the Guest account for anonymous access.... not a safe idea.

guevara

guevara reviewed v1.2.1 on Aug 18, 2004

Nice tool . very useful on my Xp.

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy.