Available only to "customers running genuine Microsoft Windows", Microsoft Baseline Security Analyzer v2.0 (for IT Professionals) offers to "Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems."
OK, good. I'll give 'em a brownie point for providing the tool. But what's with the restricted download? Why does the machine I'm downloading to have to pass Microsoft's check to be sure I have a genuine copy of Windows? Did these paranoid jackasses ever think that I might want to download it on my Mac or one of my Linux boxes and deploy it from there? Sheesh - if you are so worried about somebody stealing your oh-so-valuable operating system, why not put that check in the scan itself instead of limiting the download? Buncha maroons, as usual.
But at least they offer the tool. It's probably just as good or better than the ridiculously expensive "security audits" that so many firms are pushing nowadays. These folks are selling you the computer equivalent of a driveway sealcoat. There are honest contractors who will do a good job sealing your driveway and would honestly point out any real issues that might require more expensive work. There are also those who will apply a cosmetic coating that does nothing useful, and those who will falsely tell you that you need costly repairs that they will be happy to provide. The security audit folks have the same good guys and bad guys. Almost all of them use commercial versions of tools like this; it's the level of expertise applied while using them that matters. I'd say anyone considering spending money for an audit like that might want to take a look at this first. It could save some money and provide some talking points if you do go ahead with an outside audit.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence
The camel has evolved to be relatively self-sufficient. (On the other hand, the camel has not evolved to smell good. Neither has Perl.) (Larry Wall)