Microsoft’s Free Security Tools – Summary
In July, we kicked off a blog series focused on “Microsoft’s Free Security Tools.” The series highlights free security tools that Microsoft provides to help make IT professionals’ and developers’ lives easier. A good tool can save a lot of work and time for those people responsible for developing and managing software. In the series we discuss many of the benefits each tool can provide and include step by step guidance on how to use each. Below is a summary of the tools covered in the series and a brief overview of each.
Anti-Cross Site Scripting Library
The Microsoft Anti-Cross Site Scripting Library V4.2.1 (AntiXSS V4.2.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique — sometimes referred to as the principle of inclusions — to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes. |
Attack Surface Analyzer
Attack Surface Analyzer can help software developers and Independent Software Vendors (ISVs) understand the changes in Windows systems’ attack surface resulting from the installation of the applications they develop. It can also help IT professionals, who are responsible for managing the deployment of applications or the security of desktops and servers, understand how the attack surface of Windows systems change as a result of installing software on the systems they manage. |
banned.h
The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development. |
BinScope Binary Analyzer
The BinScope Binary Analyzer tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying / managing. Auditing the software deployed in an environment and determining if it is making use of security mitigations can help risk managers make more meaningful assessments. |
Enhanced Mitigation Experience Toolkit (EMET)
EMET it is a free toolkit that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by allowing developers to enable some of the latest mitigation technologies already built into Windows. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied. |
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for IT professionals and helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates. |
Microsoft Safety Scanner
The Microsoft Safety Scanner is a free stand-alone virus scanner that is used to remove malware or potentially unwanted software from a system. The tool is easy to use and packaged with the latest signatures, updated multiple times daily. The application is not designed to replace your existing antimalware software, but rather act as an on demand virus removal tool in situations where you suspect your real time antimalware software might not be working correctly. |
Microsoft Security Compliance Manager
Microsoft’s Security Compliance Manager (SCM) enables organizations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications. It makes it easier for organizations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure. With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organization and export them to a number of formats for use in different scenarios. |
Portqry
Portqry is a TCP/IP connectivity test tool, port scanner, and local port monitor. Portqry is designed to help IT Professionals troubleshoot networking issues as well as verify network security related configurations. Portqry is a great lightweight port scanner regardless of what version of Windows you are running. |
Threat Modeling Tool
The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. To help make threat modeling a little easier, Microsoft offers a free SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues. |
URLScan Security Tool
URLScan is a security tool that restricts the types of HTTP requests that IIS will process. URLScan scans incoming URL requests and associated data. It uses a series of rules to determine whether the information in each request is potentially dangerous, or contains information not normally expected. To help you diagnose any potential problems and any attempts to upset your server, URLScan can also log requests—including the offending request data. By blocking specific HTTP requests, the URLScan security tool helps to prevent potentially harmful requests from reaching applications on the server.analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues. |
Windows Defender Offline
Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk. |
Please check back regularly as we continue our series focused on Microsoft’s Free Security Tools.
Tim Rains
Director
Trustworthy Computing