Many programs alter the operating system during installation. Some of these changes can be hidden security threats and can lead to devastating effects for your system. Microsoft’s Attack Security Analyzer is a program specially designed to identify such issues. It is the same tool that is used by Microsoft’s internal product teams to identify alterations made by to the operating system by the installation of a software. This can be helpful for developers to identify the attack surface result due to the addition of their codes. It can also assist IT professionals to analyze changes to the operating system as a result of corporate software usage, to help Security Auditors to examine the risk of a a specified software and allow IT security responders to asses the state of a security system.
To get started, select a destination to save the scan report to and start the scanning process.
This will thoroughly scan the system for and generate a report in XML format in a .cab file which can be obtained from the pre-selected destination path. Attack Surface Analyzer takes a snapshot of the system after and prior to the installation of a software and displays the changes (if any) after the scan result.
You can then extract the .cab file with a de-compression software (e.g. with winrar) and view it in XML format in your browser. The baseline or first scan should be run on a clean system without the product (under scrutiny) to be installed. Whereas, the product scan should be run after installing the software under review.
MS Attack Security Analyzer works on Windows Vista, Windows 7, and Windows Server 2008 R1/R2, provided you have .Net 3.5 Sp1 installed. It was tested on Windows 7 64-bit system.