The attack surface analyzer takes a snapshot of the system before and after the installation of software and displays the changes to a number of elements of the Windows attack surface, Microsoft explained in releasing the tool.
The tool enables developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform; IT professionals to assess the aggregate attack surface change by the installation of an organization's line of business applications; IT security auditors to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews; and IT security incident responders to gain a better understanding of the state of a systems' security during investigations (if a baseline scan was taken of the system during the deployment phase).
“Unlike many tools that analyze a system based on signatures or known vulnerabilities, attack surface analyzer looks for classes of security weaknesses Microsoft has seen when applications are installed on the Windows operating system, and it highlights these as issues”, explained Monty LaRue and Jimmie Lee of Microsoft Trustworthy Computing Security in a blog.
“The tool also gives an overview of changes to the system that Microsoft considers important to the security of the platform, and it highlights these changes in the attack surface report. Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other parameters that affect a computer's attack surface”, they added.
The tool has a stand-alone wizard to help guide users through the scanning and analysis process. A command-line version supports automation and older versions of Windows and helps IT professionals as they integrate the tool with existing enterprise management tools, they noted.