Attack Surface Analyzer released

Attack Surface Analyzer is developed by the Microsoft Security Engineering Center (MSEC). It is the same tool used by Microsoft’s internal product groups to catalogue changes made to the operating system attack surface by the installation of new software.
Attack Surface Analyzer takes a snapshot of your system state before and after  an application was installed, and compares them to identify changes made when new applications were installed. Instead of analyzing a system based on signatures or known vulnerabilities – the app looks for classes of security weaknesses as applications are installed on the Windows operating system.
The tool also gives an overview of changes to the system that Microsoft considers important to the security of the platform, and it highlights these changes in the attack surface report. Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, Microsoft ActiveX controls, listening ports and other parameters that affect a computer’s attack surface.
The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications

Microsoft has released a free tool for 32-bit and 64-bit editions of Windows that they have been using internally only for some time. The Attack Surface Analyzer assists “both testers and IT Pros in assessing the security of an application”. It does so by highlighting “the changes in system state, runtime parameters and securable objects on the Windows operating system” after the installation of new programs.
The tool takes two snapshots of the system, one before the installation and one after the installation. It compares the two snapshots to identify the changes. It looks in particular for “classes of security weaknesses as applications are installed on the Windows operating system”.
In addition, Microsoft Attack Surface Analyzer “gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report”.

This allows:

• Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
• IT Professionals to assess the aggregate Attack Surface change by the installation of an organization’s line of business applications
• IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
• IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

The program stores the report in a cab file. The start page offers to run a new scan or to generated a report by comparing a previous scan with a new scan.

Each scan performs several tasks, like enumerating files, handles or services. Some operations may take a while or show up as pending if they have not been started by the application.
The report is launched in the default web browser, a short explanation is available as well.

Attack Surface Analyzer is available as a 32-bit and 64-bit application at Microsoft.com. Please note that the application has been released as beta. Reports can be generated on Windows Vista, Windows 7 and Windows Server 2008 R1 and R2. The analysis of the data and report generation requires the Microsoft .NET Framework 3.5 in addition.

Download :Attack Surface Analyzer 1.0 [ 32-bit]
Download : Attack Surface Analyzer 1.0 [64-bit]