Microsoft Baseline Security Analyzer (MBSA) 2.3

  • 0 Replies
  • 1775 Views
*

Offline joe53

  • Dell Community Colleague
  • SpywareHammer Staff
  • Bronze Member
  • 248
  • Certifiable
    • Free PC Security Software- A Primer
Microsoft Baseline Security Analyzer (MBSA) 2.3
« on: November 22, 2013, 01:33:10 AM »
MBSA is a lesser-known free standalone utility that provides a streamlined method to identify missing security updates and common security misconfigurations. Unlike similar utilities such as Secunia PSI, or Belarc Advisor, it only analyzes Windows products (including Office, IE and other programs included at the MS update site) and operating systems, but not programs from 3rd parties. MBSA will not scan or report on missing non-security updates, tools or drivers from MS.

It has been around for quite a while. I tried an earlier version about 6 years ago on XP, and didn't find it useful.  But with the release of this new version 2.3 last week, thought I would give it another test drive on a Win 7x64/sp1 system. Although tailored for IT professionals typically managing multiple PCs in a small business environment, it is also easily used for personal/home PCs.

Supported operating systems  include Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP.

Download:
It's a small  ~1.7 MB download for the .msi installer (in my case, for the English 64 bit version: MBSASetup-x64-EN.msi). Choose the appropriate download below for English (EN), German (DE), French (FR) and Japanese (JA) for x86 (32-bit) or x64 (64-bit) platforms.
http://www.microsoft.com/en-us/download/details.aspx?id=7558#

Installation:
Took only a minute or so, with no bundled software offered, or configuration decisions to make. No reboot required.
Desktop shortcut created. Nothing loads at startup. No services added that I could see. Nothing running in the background.

Usability:
It features a very straightforward GUI. You will have to have administrator rights, but basically it just scans one or more networked PCs, or you can view reports of prior scans. I would suggest that for most home users, the default scan settings will suffice:
- Windows Administrative vunerabilities
- Weak passwords
-  SQL vulnerabilities
- Security updates

My scan time, using default settings:  less than one minute. (First scan took a few minutes longer).

The scan results  list:
- Secure results (green check) e.g. Security updates successfully installed
- Potential risks (orange check) e.g. Automatic updates not enabled
- Security risk fail (red check) e.g. Missing security updates
- Additional info (blue icon) e.g. No unnnecessary  services were found
- Not installed (gray icon) e.g. SQL server not installed

Each category listed has info links to "What was scanned", "Results details", and (where applicable) "How to correct this".

My scan reminded me that I had a previous incomplete update installation, that required a reboot to complete, and that my user accounts had non-expiring passwords. (I chose to ignore the latter as a much-hated "feature" I always associated with passwords at work). It also noted my user account password was "simple". This I did correct. I was happy to learn that my Win 7 configuration was secure. In particular, that I had no unnecessary services, and that my Internet Explorer zones have secure settings. It also correctly confirmed all MS security updates were installed (after I got around to installing them).

Summary:

MBSA is a simple utility that can supplement programs such as Secunia PSI, due to its added analysis of  Windows settings affecting security. I don't see it as a scan that needs to be run for routine maintenance, but might be useful to run once, and thereafter following any major system changes (system restore/re-installation, or a new IE browser for example).

Because a lot of what is analysed is relevent only to work-related networks, I would not recommend it to the novice home user, for whom it might be confusing. However, as a scanner that just gives security info, but lacks capability to change anything, it certainly seems safe to use. Having used it for a week now, I see no downside to trying it.