A Microsoft product designed for developers, professionals and security auditors
This week’s security app is the Attack Surface Analyzer, an application that Microsoft has recently released in its final version.The Attack Surface Analyzer is a great tool not just for professionals and developers, but also for security enthusiasts who are interested in learning just how much each app increases the attack surface of Windows.
Microsoft’s internal product groups have been using it to see the changes in the attack surface made by newly installed apps, and now they’ve made it available to anyone.
It’s recommended that the application is installed on a fresh operating system, since that’s how it performs the most efficiently.
Once it’s installed, it must be executed with administrative privileges. A “Run new scan” action must be selected, this being the part in which the tool takes a screenshot of the system’s initial state, storing the information it collects in a Microsoft Cabinet file, located in a folder selected by the user.
The applications that are about to be tested must then be installed with as many options as possible, especially those that have a higher chance of increasing the attack surface. After that, the scans will reveal the changes and their impact on the operating system.
For analysis and reports, the computer on which it’s installed must have .NET Framework 4. The Generate Report option outputs an HTML file that contains the results.
For better results, the use of a virtual machine with “undo disks” is recommended.
During the scans Attack Surface Analyzer looks for changes made to files, registries, ActiveX controls, services, listening ports and other elements that could make the difference between a protected and an unprotected device.
So, if you’ve just developed a Windows app, or if you want to test a particular piece of software to see how insecure it is, be sure to install this interesting tool.
Attack Surface Analyzer is available for download here