On Thursday, Microsoft made available for download the final flavor of a new, highly useful tool for developers, IT professionals and Independent Software Vendors (ISVs), namely the Attack Surface Analyzer.
The application was made available for download in a beta flavor last year, in an attempt to provide people with the possibility to have a look at the changes that software installs bring to Windows systems’ attack surface.
The new release comes with a variety of performance improvements, as well as with various bug fixes that are meant to improve the overall user experience.
The final flavor of the tool also comes with enhanced code, which results in fewer false positives being delivered, as well as with better Graphic User Interface performance.
Additionally, Attack Surface Analyzer 1.0 arrives with in-depth documentation and guidance that are meant to make the tool easier to use.
As mentioned above, the utility
should prove a great option for ISVs, IT pros and software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL).
The application provides features such as:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Microsoft designed Attack Surface Analyzer to look for classes of security weaknesses that Windows has when applications are installed and to highlight them, Monty LaRue & Jimmie Lee, Trustworthy Computing Security, explain in a blog post
The tool checks for changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other aspects that might influence computer's attack surface.
The tool arrives with support for Windows Vista, Windows 7, Windows 8
, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012
. It requires Microsoft .NET Framework 4.
Download Attack Surface Analyzer 1.0