Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Releases Attack Surface Analyzer Tool

samzenpus posted about 2 years ago | from the how-bad-is-bad dept.

Microsoft 40

wiredmikey writes "Microsoft has released the public version of Attack Surface Analyzer, a tool designed to help software developers and independent software vendors assess the attack surface of an application or software platform. The tool was pushed out of beta with Version 1.0 released on Thursday. Since ASA doesn't require the original source code, managers and executives can also use the tool to determine how a new application or software being considered would affect the organization's overall security before deploying it. The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. A stand-alone wizard guides users through the scanning and analysis process and a command-line version is available for use with automated tools. Attack Surface Analyzer 1.0 can be downloaded from Microsoft here."

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

Attack Surface? (5, Funny)

Anonymous Coward | about 2 years ago | (#40894031)

Geez, they haven't even shipped the thing yet.

Re:Attack Surface? (1)

K. S. Kyosuke (729550) | about 2 years ago | (#40896825)

The question is, is the current one a Bomber Surface, a Fighter Surface, or a Reconnaissance Surface?

New Naming Convention? (2)

jrumney (197329) | about 2 years ago | (#40894039)

My first thought on seeing the title was WTF...Microsoft are releasing their own 0-day exploits ahead of a product launch?

I guess marketing should be careful next time to write some exclusions into their company-wide email requesting staff to spread the word Surface as widely as possible to get it into peoples' subconscious.

Surface sucks! (0)

Anonymous Coward | about 2 years ago | (#40894271)

Yes, be careful people. This is the tool that will detect bad comments about Micro$oft's upcoming tablet. It will then extract your Google credentials and bombard your Android devices with adverts about making the Big Switch.

Re:New Naming Convention? (1)

UnknowingFool (672806) | about 2 years ago | (#40894989)

No they would have named it Surface Professional Security Intrusion Live Edition 2012.

Sounds a bit like Xandora (0)

Anonymous Coward | about 2 years ago | (#40894043)

Sounds like something some guy I know is doing:
http://home.xandora.net/index.php/ourtechnology [xandora.net]

LOL (1, Funny)

Anonymous Coward | about 2 years ago | (#40894049)

if they have been using it then it must not work well

Attack Surface's attack surface? (0)

Anonymous Coward | about 2 years ago | (#40894107)

I wonder what the attack surface of Attack Surface will be

Re:Attack Surface's attack surface? (2)

A10Mechanic (1056868) | about 2 years ago | (#40894503)

It's basically a divide-by-zero, implode the Internet kind of event. Don't do it.

First impression (3, Insightful)

Sarten-X (1102295) | about 2 years ago | (#40894115)

So I haven't yet tested it, but it sounds like a fancy interface to netstat, diff, and a wee bit of HijackThis thrown in for good measure. From the download site:

Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other parameters that affect a computer's attack surface.

The actual assessment of an attack surface is far more complex than any single system, and there's a heavy user-education component that no automated tool can test. While I'm sure this will have some use for admins who don't run firewalls or are under typically-asinine requirements to describe in detail the impact of a package, it looks more useful for ensuring programs actually uninstall completely.

Re:First impression (1)

fuzzyfuzzyfungus (1223518) | about 2 years ago | (#40894347)

No safe and legal automated tool can test the user-education component...

Re:First impression (0)

Sarten-X (1102295) | about 2 years ago | (#40894383)

Fair point. A few cruise missiles will automatically expose a significant denial-of-service attack surface.

Re:First impression (1)

fuzzyfuzzyfungus (1223518) | about 2 years ago | (#40894409)

Industrial robots without suitable safety interlocks are also pretty hard on careless or inattentive users, and much more productive!

Re:First impression (1)

Keith111 (1862190) | about 2 years ago | (#40896933)

It's not simply just some scans like that. It takes a snapshot before and after the installation of your product to show you any escalation opportunities you may have accidentally introduced. It is not intended to tell you an end users computer is safe, but rather that by installing your product you probably haven't made it any less safe.

For Windows (2)

roman_mir (125474) | about 2 years ago | (#40894149)

IT Security Auditors can use the tool to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews ...
The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. ...
The tool also gives an overview of changes to the system that Microsoft considers important ...
The tool analyzes changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters.

Analyzer does not appear to rely on signatures or try to exploit known vulnerabilities. Instead, it just looks at classes of security weaknesses where programs commonly fall short, or are exposed to attack vectors.

This is for Windows only and it does not test applications for security problems, it looks at the entire system and how it is affected by the installation.

Re:For Windows (4, Informative)

benjymouse (756774) | about 2 years ago | (#40894199)

This is for Windows only and it does not test applications for security problems, it looks at the entire system and how it is affected by the installation.

Hence, attack surface analyzer.

The tool looks at the surface of a system (not an application) and analyzes how observable changes to that surface could impact security. For instance it will report that a new port is listening after an application has been installed, or it reports that a certain application phones home, or that the application relies on configuration files/installation/registry keys which may not have proper permissions set.

Re:For Windows (1)

fuzzyfuzzyfungus (1223518) | about 2 years ago | (#40894447)

This sounds like a threat to the Integrity and Security of the DRM systems that protect our precious software... Probably some kind of hacker 'circumvention device'.

Oh, you say it has a banal name and is released by a major vendor? Carry on then.

geez (1)

drwho (4190) | about 2 years ago | (#40894185)

already slashdotted. I think they need to work on scalability problems.

you can't even get surface tablets yet (-1, Troll)

hxnwix (652290) | about 2 years ago | (#40894207)

You can't even get surface tablets yet. Why would you want to attack them? And why would you need help from Microsoft? I think a pocket knife or a pair of scissors would do the job. Those surface mock-ups didn't look very robust.

(hehe)

http://LazyCash49.com (-1)

Anonymous Coward | about 2 years ago | (#40894267)

like Wayne responded I'm surprised that some people able to get paid $5962 in four weeks on the computer. did you read this link http://LazyCash49.com

http://LazyCash49.com (-1)

Anonymous Coward | about 2 years ago | (#40894283)

LazyCash49.com [slashdot.org]

Attack Surface Tablet (1)

ukemike (956477) | about 2 years ago | (#40894307)

It's the Surface Tablet Computer with Frickin' Lasers!

Here's a seemingly obvious question (0)

RogueWarrior65 (678876) | about 2 years ago | (#40894321)

Why would an application developer need this because why would an application developer need to be modifying the OS at all? That just sounds like really bad design.

Re:Here's a seemingly obvious question (2)

Dog-Cow (21281) | about 2 years ago | (#40894361)

If that's the obvious question, you must know almost nothing about computers and/or software. Or your reading comprehension is gone missing.

No one said anything about changing the OS.

Re:Here's a seemingly obvious question (1)

RogueWarrior65 (678876) | about 2 years ago | (#40901261)

Missed my point apparently, so let me clarify: why would any app (not a system extension) need to modify the system registry in Windows? Sounds like bad design to me.

Re:Here's a seemingly obvious question (0)

Anonymous Coward | about 2 years ago | (#40902053)

To store settings. To register a COM server. Lots of reasons. You don't sound like you know much about Windows.

Re:Here's a seemingly obvious question (0)

Anonymous Coward | about 2 years ago | (#40894379)

Are you stupid or are you just unable to read? This will let you know, for instance, what files were added by the setup, whether they be in Program Files, or for some odd reason (like you said) system32. Hence, attack surface.

Re:Here's a seemingly obvious question (0)

Anonymous Coward | about 2 years ago | (#40894461)

Do you have emotional problems, or are you just a bad person?

Re:Here's a seemingly obvious question (0)

Anonymous Coward | about 2 years ago | (#40895229)

Nice false dichotomy. Neither. It gets annoying when idiots criticize things they don't even take half a second to understand.

Re:Here's a seemingly obvious question (1)

luis_a_espinal (1810296) | about 2 years ago | (#40897317)

Do you have emotional problems, or are you just a bad person?

Maybe he has had to deal with code written by application developers who can't bother themselves to know how their apps affect (or depend on) their running environments. I would not blame him since that kind of experience is never pleasant.

Re:Here's a seemingly obvious question (0)

Anonymous Coward | about 2 years ago | (#40899035)

Right, although this tool's usage can expand to much more.

Interesting (1)

Waffle Iron (339739) | about 2 years ago | (#40894579)

I've seen lots of stuff about Microsoft's upcoming Surface, but it didn't look different enough from normal tablets to get me interested. But an Attack Surface could be exciting. Does anybody have a link to a picture of this thing?

I imagine that it might be shaped something like a cricket bat with a shock resistant display on its blade. If so, that would be cool.

Is it just me.... (1)

CheshireDragon (1183095) | about 2 years ago | (#40894693)

...or when a security hole comes up, aside from it being Adobe or Java; isn't it a hole found by compromising the OS itself? This may be desktop/laptop only, but in my experience, when a flaw is discovered, it is usually the OS that is compromised and not a separate program. Yes, I am aware that there have been programs out there that are exploited. I am just saying that MOST of the time it is the OS. By most of the time, I mean like 90% or more. I could be wrong...correct me if I am.

Re:Is it just me.... (1)

Hatta (162192) | about 2 years ago | (#40895141)

If it's a privilege escalation exploit, it's *always* the OS's fault. By definition.

Re:Is it just me.... (0)

Anonymous Coward | about 2 years ago | (#40895843)

Unless it's exploiting another application that happens to always run with high privileges, of course...

After All (1, Funny)

TheSpoom (715771) | about 2 years ago | (#40895265)

If anyone's going to know exploitable software, it's Microsoft.

Thinking the Worst (0)

Anonymous Coward | about 2 years ago | (#40895819)

Maybe I am thinking the worst, but my first thought about this was that it was an attempt to attack standards by adding visibility to standards compliant applications. Most businesses don't really have much insight into when apps are opening up ports and using a new protocol (for example Adobe). The problem is, many apps on Windows do this because they want to use standard protocols that are cross platform alternatives to Windows proprietary solutions. This tool is now telling Admins that installing Adobe CS is greatly increasing their security problems by opening up a port to use a standard protocol instead of sticking with the one that only works with Windows. Sure it doubles the attack surface, but only because Windows refuses to support standard protocols in the first place and relies upon having nonstandard ports open for their proprietary protocols.

Typical /. fashion (0)

Anonymous Coward | about 2 years ago | (#40897679)

Slam Microsoft.

They are actually trying to work with software vendors and develop tools to show what is impacted on the OS when you install their applications and it is Microsoft's fault they have a crappy OS.

Can M$ do anything right (according to /.)

no matter it is,,,it's only a market strategy (1)

Furniture Jepara (2700751) | about 2 years ago | (#40898495)

I believe that whatever created even the most recently advanced one, finally It only focuses on how dominant they can play a rule in technology and others should raise their hats to show their respects on how they dominate this technology market..this is written as a salutation on how it inspires us on competing our business world on Furniture Jepara [tokojepara.com] ...cheers....
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>