InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Community //  Opinions //  Article
Print Article    Email Article
Window Manager
Brian Livingston
Patch me up, Scotty

FOR THE PAST two weeks, I've described MBSA (Microsoft Baseline Security Analyzer), a free utility available at http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp, and several competing products.

This week, I report on your experiences with the freebie. Next week, we'll see what you can reveal about the alternatives.

One of the most serious concerns about MBSA is that it might open a security hole. Reader Kevin Hobbs points out that Beyond Security, a consulting service, has posted such a criticism.

MBSA writes a list of all the security patches you need into a plain text file at a known location that the user can't change. "This means that active content (executables, scripts, ActiveX, Java, etc.) has the ability to generate a list of vulnerabilities or read a previously created list, and can then utilize these vulnerabilities to its advantage," the consultants write. (See http://www.securiteam.com/windowsntfocus/5KP0Q1P6US.html for details.)

Microsoft has an official response to this. "It's only when a user chooses to run code from an untrusted source and proceed despite the security warnings provided that this attack could succeed," says Microsoft's Security Response Center. "While it is true that MBSA stores its information in a known location ... even if the MBSA information were not present on the system, code running as the user would be able to determine the presence or absence of patches simply by consulting the time/date information contained in the publicly available MSSecure XML database."

To be on the safe side, when you run MBSA, print out a copy of the text file and then delete it.

Many other readers ran into problems, not with the security theory of MBSA, but with its behavior.

"When I ran MBSA it reported that 'Some potentially unnecessary services are installed,' " says reader Chuck Davis. "The two services that MBSA had recommended disabling were Remote Access Connection Manager (which sounded like a server process) and Telnet." He carried out the instructions. But when he later tried to dial an ISP, not only would dialing not work, but all his dialing entries were missing and new dial-up connections could not be created. Fortunately, he was able to find an old MBSA report which reminded him what he'd done. Re-enabling the service and rebooting made all his entries reappear and work.

Mark Trotter notes that MBSA wrongly flags as "missing" a few updates that are properly installed, as I reported previously. "What I found more annoying was a warning about the Guest log-in within XP Pro," he says. "I had it disabled already, but the Security Advisor seemed to indicate it should be eliminated, which XP Pro wouldn't let me do -- disabled or enabled. I was prevented from even assigning a password to Guest."

We'll continue with your comments next week.




RELATED ARTICLES

The patch that refreshes
Feel more secure yet?


RELATED SUBJECTS

Security

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Community //  Opinions //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Learn to secure your PCs from new and unknown hacker attacks.
Click here to receive a FREE Success Kit from Oracle.
SPEED, PERSONALIZATION AND INTEGRATION: THE KEY TO E-COMMERCE SUCCESS.
Protect Your Data: Get your FREE Enterprise Backup Intelligence Kit from ADIC.
New HP digital projectors — click now for limited-time introductory offers.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2002 InfoWorld Media Group, Inc.