Free Security Assistant: Microsoft benchmark Security Analyzer

After the Windows operating system is installed, many patches are installed. As new security vulnerabilities are discovered every month, many new patches need to be installed. How can I know whether I missed important updates, or how can I know the security of my system? Today we will introduce this free assistant, Microsoft Baseline Security Analyzer (hereinafter referred to as MBSA ).

The software can run on Windows 2000/XP/2003 to detect the security status of local or remote machines, including patch installation for Windows NT/2000/XP/2003 and Office 2000/XP/2003, Windows account information, IE Security, IIS 4.0/5.0/5.1/6.0 and the security status of background services such as SQL7.0/2000, and how to solve various problems correctly.

The use of software is very simple. We will illustrate how individual users scan one computer at a time and scan multiple computers at a time.

　　Single-host Scanning

In the running interface 1 of MBSA, click "Scan a computer (Scan a computer)". The following interface allows you to customize Scan details, for example, you can use the method of specifying the machine name or IP address to select which computer to scan. Because we want to scan the local computer, we can set it by default. In addition, you can select only one or more Windows vulnerabilities, weak passwords, IIS vulnerabilities, SQL vulnerabilities, and security updates. For security reasons, we use the default settings. All scan options are selected. After setting, click Start scan )".

Wait a moment. The detailed results will be displayed after the scan is complete. Scan results are separated by SCAN type, for example, Windows scan result 2. As shown in the figure, the problematic part of the MBSA will be marked with a Red Cross, and the problematic part will be displayed as a green check. We can see from the scan results that hard disk partitions are not NTFS file systems, so this is an insecure risk. Click "What was scaned" to view the problems scanned by the Project. "Result details" shows the detailed scan results; "How to correct this" shows How to correct the corresponding error. For example, for file system errors, after clicking "How to correct thisct", the system will see How the operator converts the partition of the FAT32 File System to the NTFS file system using the convert.exe program. After all the errors are corrected according to the suggestions of MBSA, you can run MBSA again to scan the local machine, if no error is found again, the system is safe.

Network Scanning

In a LAN environment, it is very troublesome for the Administrator to run the tool on each computer. Fortunately, MBSA allows the Administrator to scan all other computers on one computer at the same time, MBSA supports scanning up to 10000 computers at the same time.

Return to the main interface and click "Scan more than one computer (Scan more than one computer)". Then you can see the page in figure 3. Here, we can specify to scan a domain, or select to scan an IP address segment, you can also select the project to scan. In addition, if you have a SUS server in your Lan, you can select a SUS server here, so that the updates required during the MBSA scan process will be downloaded from the SUS server, instead of downloading it on Microsoft's website.

Wait a moment (if you want to scan a large number of computers, it may take a long time) and the scan results will be listed as if you had scanned a computer before, we only need to solve all the problems represented by Red forks. Because the general steps are similar, we will not talk about them here.

　　Offline use of MBSA

We can also use MBSA offline when it is inconvenient to access the Internet. First in http://go.microsoft.com/fwlink? LinkId = 18922 download the detected database file and save the downloaded file to the Program FilesMicrosoft Baseline Security Analyzer folder on the hard disk. Then, when using MBSA, you will not be able to access the Internet. Note that this database file is dynamically updated. We recommend that you download the latest version of the database before performing Offline Detection to find out the latest vulnerabilities in the system.

　　Intractable Diseases

The use of MBSA is very simple, but you may encounter various problems if your conditions are insufficient. First, for scanning local computers:

You need to have the latest MSXML interpreter, which can be downloaded for free here:

Http://go.microsoft.com/fwlink? LinkId = 16533;

The scanner must have administrator privileges;

In addition to the preceding conditions, computers scanned by the network must meet the following requirements:

Windows XP: Disable simple file sharing;

Remote Registry Service, file, and printer sharing must be enabled;

The default management share is not disabled;

If a network firewall is installed, open TCP ports 139 and 445;

In addition, the person scanning remote computers must have local administrator permissions for these machines. For a LAN with a domain controller, you can use an account with the domain administrator permission to scan all computers in the domain.

With the help of MBSA, most known system vulnerabilities can be solved, but security is never absolute, because there are still many unknown system vulnerabilities, or the security risks caused by user non-standard operations, these problems are always threatening the security of the system and data. Therefore, you must never paralyze or relax your vigilance because you use MBSA. We hope your system and data will be more secure!