Microsoft has finally released the much anticipated beta version of Attack Surface Analyzer. The security tool is not a new development, but the product was already used by the internal product team of Microsoft for the last five years. The Attack Surface Analyzer is a program that records changes made to the critical operating system files during the process of installation of new software. Some of the changes that are noted by the security tool include newly added and changed files, services, registry keys, access control lists, ActiveX controls, listening ports and several other parameters that could affect a computer’s attack surface.
The Microsoft verification tool, the Attack Surface Analyzer Beta can be useful for IT professionals and ISVs to know the alterations in the system state, securable objects of the Windows OS and runtime parameters by any application or services. This analysis will eventually help testers, developers and IT professionals to identify the changes made by any particular application which increase the vulnerability of the OS and widen the attack surface.
The security tool works by taking a snapshot of the system and compares the changes and highlights them. The tool does not work on known vulnerabilities or system based signatures; instead it searches for different classes of security weaknesses as the new application is installed on the Windows operating system. Besides, identifying the changes made to the system and the changes to attack surface, the security tool presents all the changes made to the security of the platform and highlights all the analysis findings in the attack surface report. The Vulnerability Analysis Tool was extensively used by Microsoft internal product teams in Security Development Lifecycle (SDL) to minimize the possibility of exploitation of system wherever possible.
The Vulnerability Analysis Tool can be handy for professionals that test applications or often make changes to their system. The Attack Surface Analyzer is available free for download. Microsoft has however cautioned users to use the newly released Attack Surface Analyzer in a virtual machine in order to minimize the harm to real system.
Microsoft is offering the Attack Surface Analyzer as a stand-alone tool to developers in the form of a wizard that guides steps through process. The security tool will also be available in command-line version to assist IT professionals to easily integrate the tool in presently available enterprise management tools. The security tool enables the developer to look at the modification in attack surface after introduction of their application code on the Windows platform. This ultimately helps the developers to measure the total attack surface change after the installation of any business application. The security tool will also help the IT security auditors to evaluate threat risk of any software on the Windows platform. The Attack Surface Analyzer uses a patented attack analysis method and runs on Windows Server 2008, Windows 7 and Windows Vista.