Microsoft defends Analyser tool

Microsoft has reacted to criticism about its Baseline Security Analyser tool (MBSA), claiming that users who are having...

Microsoft has reacted to criticism about its Baseline Security Analyser tool (MBSA), claiming that users who are having difficulty may be misinterpreting the results of the freeware product's findings.

MBSA is designed to unearth Microsoft product holes and provide simplified controls for correction in the form of a Web-based XML file containing a list of up-to-date security bulletins with corresponding registry key version number.

The tool, which was released last week, is a more user friendly version of HFNetChk built around a new GUI, and has come under attack by some users claiming that it uncovers holes that may have already been discovered and corrected by HFNetChk.

Although both tools use the same XML database of patches and patch attributes from which to pool fixes, users should be aware that differences occur in the manner notes - an advisory indicating no patch is present - and warnings are posted by each, said Steve Lipner, director of security assurance at Microsoft.

"MBSA displays everything it sees, but it attempts to colour code to give [a user] an indication of what's happening, where HFNetcheck allows you to suppress some of the warnings," Lipner said.

"[MBSA] warns you there was this [security] bulletin, you ought to have applied it, [Microsoft] ought to remind you. People may be missing that, saying it's a warning they already got."

Lipner said hotfixes could also lead to MBSA misinterpretation. If a hotfix was applied to plug a code exploit that did not come directly from a Microsoft security bulletin, MBSA will "guess" a system update has occurred since the new patch was released and offer an end-user a standard warning, he added.

Lipner said once a patch is installed and the system is scanned again immediately thereafter, MBSA vulnerability results should change.

He added that the XML file on the Web, employed by both MBSA and HFNetChk, is usually updated in hours from the time a new security bulletin is released by Microsoft.

Unlike HFNetChk, MBSA performs additional checks for common misconfigurations of passwords and account permissions for Microsoft Windows components, as well as Microsoft SQL and other Microsoft office products. The tool scans Windows NT, 2000, and XP systems, but can only be installed on either 2000 or XP platforms.

Users finding any types of incongruities or faults within MBSA are advised to offer feedback to Microsoft at [email protected]

Read more on Microsoft Windows software