A free Security Toolkit for small- and medium-sized UK businesses
has been released by Microsoft, writes Eric Doyle.
Although called a toolkit, the only real tool is an application
called Baseline Security Analyzer (MBSA) which is only applicable
to users of Windows 2000 or XP.
The rest of the package contains white papers, case studies,
security patches, Web site links and Webcasts.
MBSA first appeared last April and its prime purpose is to scan for
missing fixes and service patches for Windows NT4 (SP4 minimum),
Windows 2000, Windows XP, Internet Information Server, and SQL
Server.
The product creates an XML report for each server scanned and
therefore requires Microsoft's XML parser (MSXML version 3.0 SP2)
to function properly.
Never one to miss a trick, Microsoft has also bundled in trial
versions of Windows XP, Windows 2000 Server, and Windows Internet
Security and Acceleration Server 2000.
The release of the pack comes at a time when the Trustworthy
Computing message, started earlier this year needs a boost.
Although Microsoft has been pushing the message throughout the
year, it is seen as self-serving because of the company's poor
track record in manufacturing secure systems.
Significantly, of all the "tools" offered, the most useful is
probably the option to subscribe to the company's e-mail security
bulletin. This provides the latest news on the Microsoft bug-hunt
front and carries pointers to the latest fixes for these
vulnerabilities.