File Details |
|
| File Size | 1.6 MB |
|---|---|
| License | Freeware |
| Operating System | Windows 2000/Server 2003/Server 2008/Vista/XP |
| Date Added | November 12, 2013 |
| Total Downloads | 23,914 |
| Publisher | Microsoft Corp. |
| Homepage | Microsoft Baseline Security Analyzer |
Publisher's Description
Microsoft Baseline Security Analyzer (MBSA) analyzes Windows systems for common security misconfigurations. MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
MBSA uses a version of HFNetChk to scan for missing hotfixes and service packs for Windows, IIS, and SQL Server. MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
Latest Reviews
neogator reviewed v2.1 on May 11, 2008
MBSA 2.1 offers Windows Vista and Windows Server 2008 compatibility, a revised user interface, 64-bit support, improved Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) based on Microsoft Update.
-Lord- reviewed v2.1 on May 6, 2008
Lack of vista support.
stevetures reviewed v2.0.1 on Nov 9, 2006
As a budding security prof., this tool is constantly listed as a useful tool in many cases. It wasn't originally written by M$ either(a confidence statement in my book).
Using it is easy, which is how it should be since M$ is everywhere and there's no guarantee that their admins are capable.
From what I read, this is a minor update that makes it more compatible with the latest Windows Update def.-type file (a bugfix).
And it gets a 4 in my book since there are better tools out there (Nessus anyone?)
Aegis69 reviewed v2.0.1 on Nov 9, 2006
What could Microsoft possibly know about securing a computer system?
Mark Gillespie reviewed v2.0.1 on Nov 9, 2006
Quite good, got a bug with MDAC reporting thou, as it constantly tells me I need a MDAC update, but when I run the MDAC update it requests, it says I already have a newer version!! Doh..
No way to get a clean bill of health from it...
phiber0ptik reviewed v2.0.1 on Nov 9, 2006
The MAZZTer, Linux is a security risk :) I mean, you can maount your NTFS-partition within linux and rip all those nasty docements from whatever account :p You can even reset passwords for all the accounts. Well um... this is more of an enterprise-concern, since the owner of the computer probably know he has linux installed :D
The MAZZTer reviewed v2.0.1 on Nov 8, 2006
Very nice tool. 5/5
But -2 for labeling Linux a security vulnerability. Admittedly a slight exaggeration, but not too much. All non-NTFS drives are labeled as security vulnerabilities... since Linux cannot be booted from NTFS, and good NTFS drivers are only recently maturing, this effectively means Linux partitions will be marked as vulnerabilities.
This might only appear for me because I have an EXT2FS driver for Windows; the warning probably would not appear otherwise.
This tool will get 5/5 from me if and only if it changes the check to check for FAT (which is probably what it's SUPPOSED to check for) instead of not-NTFS.
uberfly reviewed v2.0.1 on Nov 8, 2006
mmatheny, yes, and it works great. Maybe you should try again. You know, more than one try. Give it another go and such.
mmatheny reviewed v2.0 on Jul 5, 2005
Well, cannot load the catalog from either my WSUS server or MS download servers - that makes this product half-baked. Anyone got it to download the catalog?
Crypton reviewed v2.0 on Jul 5, 2005
While they are trying to make some great improvements to this security analyzer, the program itself has become buggy. Tested it here in my labs on fresh installs on various system setups and out of 20 machines, 5 received errors even detecting the local machine when the program was launched (manually typing in the workgroup and machine *eg. Workgroup\Machine1* is a workaround for the error)
3 other machines built using some older tested good hardware running various OS's in the dual boot environment including 2K, 2k3, and XP received various errors and mis-detected security risks.
The other machines had some detected security risks that are normal on Baseline, since it detects the service as being there but even if set to disabled it lets you know the service is there and could be at risk (if enabled)
I will have to settle at a score of 4 as these mis-detections can make some users nervous and the buggy detection of the local machine when it is clearly specified in Windows should be looked into.
Over all the update is much needed and a step in the right direction.
neogator reviewed v2.1 on May 11, 2008
MBSA 2.1 offers Windows Vista and Windows Server 2008 compatibility, a revised user interface, 64-bit support, improved Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) based on Microsoft Update.
-Lord- reviewed v2.1 on May 6, 2008
Lack of vista support.
stevetures reviewed v2.0.1 on Nov 9, 2006
As a budding security prof., this tool is constantly listed as a useful tool in many cases. It wasn't originally written by M$ either(a confidence statement in my book).
Using it is easy, which is how it should be since M$ is everywhere and there's no guarantee that their admins are capable.
From what I read, this is a minor update that makes it more compatible with the latest Windows Update def.-type file (a bugfix).
And it gets a 4 in my book since there are better tools out there (Nessus anyone?)
Aegis69 reviewed v2.0.1 on Nov 9, 2006
What could Microsoft possibly know about securing a computer system?
Mark Gillespie reviewed v2.0.1 on Nov 9, 2006
Quite good, got a bug with MDAC reporting thou, as it constantly tells me I need a MDAC update, but when I run the MDAC update it requests, it says I already have a newer version!! Doh..
No way to get a clean bill of health from it...
phiber0ptik reviewed v2.0.1 on Nov 9, 2006
The MAZZTer, Linux is a security risk :) I mean, you can maount your NTFS-partition within linux and rip all those nasty docements from whatever account :p You can even reset passwords for all the accounts. Well um... this is more of an enterprise-concern, since the owner of the computer probably know he has linux installed :D
The MAZZTer reviewed v2.0.1 on Nov 8, 2006
Very nice tool. 5/5
But -2 for labeling Linux a security vulnerability. Admittedly a slight exaggeration, but not too much. All non-NTFS drives are labeled as security vulnerabilities... since Linux cannot be booted from NTFS, and good NTFS drivers are only recently maturing, this effectively means Linux partitions will be marked as vulnerabilities.
This might only appear for me because I have an EXT2FS driver for Windows; the warning probably would not appear otherwise.
This tool will get 5/5 from me if and only if it changes the check to check for FAT (which is probably what it's SUPPOSED to check for) instead of not-NTFS.
uberfly reviewed v2.0.1 on Nov 8, 2006
mmatheny, yes, and it works great. Maybe you should try again. You know, more than one try. Give it another go and such.
mmatheny reviewed v2.0 on Jul 5, 2005
Well, cannot load the catalog from either my WSUS server or MS download servers - that makes this product half-baked. Anyone got it to download the catalog?
Crypton reviewed v2.0 on Jul 5, 2005
While they are trying to make some great improvements to this security analyzer, the program itself has become buggy. Tested it here in my labs on fresh installs on various system setups and out of 20 machines, 5 received errors even detecting the local machine when the program was launched (manually typing in the workgroup and machine *eg. Workgroup\Machine1* is a workaround for the error)
3 other machines built using some older tested good hardware running various OS's in the dual boot environment including 2K, 2k3, and XP received various errors and mis-detected security risks.
The other machines had some detected security risks that are normal on Baseline, since it detects the service as being there but even if set to disabled it lets you know the service is there and could be at risk (if enabled)
I will have to settle at a score of 4 as these mis-detections can make some users nervous and the buggy detection of the local machine when it is clearly specified in Windows should be looked into.
Over all the update is much needed and a step in the right direction.
3nos reviewed v2.0 on Jul 5, 2005
a good analyzer & more: it's free!
similar to some online services from other security vendor.
donpacman reviewed v2.0 on Jul 4, 2005
Must have.
mreese reviewed v2.0 on Jul 4, 2005
I was able to get on the beta test list for MBSA, and I really think MS is finally starting to see the value in getting the community more involved with development. MBSA 2.0 is nice and all, but it's intergration into SUS..errr WUS...uuhh I mean WSUS really shows what Billgatus is up to. MS released some scripting tools for MBSA 1.2 to allow customized exceptions and consolidated reporting, blah blah, etc, which was thrown together with some quick examples and posted in some dark corner of their site most people never stumbled upon. HOWEVER...WSUS brings together security and patch managment / reporting and staging of releases using MBSA 2.0 in a way that gives you the impression that it might actually be possible to manage updates for more than 50 2k3 boxes, and still have time to go through those event viewer logs you've been blowing off for weeks. I believe when they complete their one-stop-shop for updating patches / spyware / virus defs, and configurations (are they still calling it "choice one" or stop-n-crash.....whatever), they might actually come close to their goal of eliminating the need for 3rd party software alltogether. Seriously, they even have their sights on Photoshop!! Looks like MS is starting to listen to the little people, and it's paying off. I giveit a 4 cause I still have 17 NT4 TSE boxes which can't be scripted due to forced reboots that no switch in the universe will stop!
GoodThings2Life reviewed v1.2.1 on Aug 18, 2004
Very good application, despite the fact that it sometimes reports installed updates as not installed... however, that's more of a registry error from the patch itself.
Anyway, djzepp, make sure you're scanning with an Administrator account, and not just a Power User or User account.
As for the Anonymous access setting... go with 2 unless you share files on a LAN with users via Guest account. Even then, reconsider using the Guest account for anonymous access.... not a safe idea.
guevara reviewed v1.2.1 on Aug 18, 2004
Nice tool . very useful on my Xp.
dzjepp reviewed v1.2 on Jan 20, 2004
Pretty good, but for the hotfix scans it did say something along the lines of, "Cannot scan, registry cannot be accessed." I don't know what the deal is with that.
ditoa reviewed v1.0 on Apr 10, 2002
i can see big things for this program in the future! As long as Microsoft update it very regularly keeping it up to date with every known issue raised on the Windows platform it will be the best tool any windows owner (who cares about security) will need! Very impressed with this one, excellent start from Microsoft in their new approach on security. also the design is very nice :D
Darken reviewed v1.0 on Apr 10, 2002
Very nice tool from Microsoft ! See ya, Darken
Palomino reviewed v1.0 on Apr 10, 2002
All went well after I allowed the script. It said I was missing 3 Hotfixes, but I wasn't; only one. It just couldn't find one and wasn't sure about the other. I was able to disable 5 running services. I also shut down Telnet; don't use it anyway. It had a lot to say about my password and auto-logon but I am a single home user, so I don't need a high level of security. It told me to set my anonymous user setting to 2 but when I went to the site, it said to NOT set it to 2; it might keep some of my programs from working because they often work in the OS anoymously. Well which is it? I set it to 1. :)
controler reviewed v1.0 on Apr 10, 2002
HFNetChkPro 3.7 builds on Shavlik/Microsoft's HFNetChk to enable you to identify missing patches and to push them to all the computers on your network without intermediate reboots
http://www.shavlik.com/security/
FunkyFred reviewed v1.0 on Apr 10, 2002
Good start, now if they can get it to check and provide suggestions for other microsoft server products like exchange and isa instead of just sql server then it would be a whole lot more useful!
KAMiKAZOW reviewed v1.0 on Apr 10, 2002
I also have a problem with the Local Account Password Test. On my XP-System the accounts have no password (I don't need any in my case) and this tool tells me that my accounts are secure, because they don't have blank or simple passwords. Well, nice try.
cintel reviewed v1.0 on Apr 10, 2002
brn2bhrny1 - norton pops up whenever a program uses a script to try and modify something important to the system. safe in the knowledge its the ms installer (hence the msi bit), i chose 'authorise this script' and the install ran perfectly :) i'm very happy with it - both my hdds run ntfs and the only 'critical' i got was a missed hotfix.. DEFINTELY one to download.
keystroke reviewed v1.0 on Apr 9, 2002
Great! This was needed for a LONG time! :) Hopefully one day it can replace windowsupdate.. Only thing is you need the server service turned on to scan, unlike a straight up hfnetchk. I can't wait as this is impoved upon. Looks like Trustworthy Computing is going somewhere :)