Microsoft Baseline Security Analyzer Replacement For Mac



Microsoft Baseline Security Analyzer
Screenshot of Microsoft Baseline Security Analyzer analysis result
Developer(s)Microsoft
Initial release16 August 2004[1]
Stable release
Operating systemWindows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000[2]
PlatformIA-32 and x86-64[2]
Size1.5 ~ 1.7 MB[2]
Available inEnglish, German, French and Japanese[2]
TypeComputer security
LicenseFreeware
Websitetechnet.microsoft.com/en-us/security/cc184924.aspx

Microsoft Baseline Security Analyzer (MBSA) is a discontinued software tool which is no longer available from Microsoft that determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IISweb server, and products Microsoft SQL Server, and Microsoft Office macro settings. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

Version history[edit]

Sep 03, 2020 Windows 10 Version 1507 Security Baseline.zip. 904 KB: Windows 10 Version 1607 and Windows Server 2016 Security Baseline.zip. 1.5 MB: Windows 10 Version 1709 Security Baseline.zip. 1.0 MB: Windows 10 Version 1803 Security Baseline.zip. 1.1 MB: Windows 10 Version 1809 and Windows Server 2019 Security Baseline.zip. The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations. MBSA 2.1.1 is a minor upgrade to add support for Windows 7 and Windows Server 2008 R2.

Versions 1.2.1 and below run on NT4, Windows 2000, Windows XP, and Windows Server 2003, provide support for IIS versions 5 through 6, SQL Server 7 and 2000, Internet Explorer 5.01 and 6.0 only, and Microsoft Office 2000 through 2003. Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool. MBSA 1.2.1 was localized into English, German, French and Japanese versions and supported security assessment for any locale.

Version 2.0 retained the hard-coded VA checks, but replaced the Shavlik security assessment engine with Microsoft Update technologies which adds dynamic support for all Microsoft products supported by Microsoft Update. MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB). MBSA 2.1 added Vista and Windows Server 2008 support, a new Vista-styled GUI interface, support for the latest Windows Update Agent (3.0), a new Remote Directory (/rd) feature and extended the VA checks to x64 platforms.

In the August 2012 Security Bulletin Webcast Q&A on Technet it was announced that 'The current version of MBSA (2.2) will not support Windows 8 and Microsoft currently has no plans to release an updated version of the tool.'[3]

In November 2013 MBSA 2.3 was released. This release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release.[4]

Microsoft support and updates for MBSA has ended. The current version 2.3 does not offer official support for Windows 10 or Windows Server 2016. The Microsoft MBSA webpage has been removed.[5]

Microsoft baseline security analyzer replacement for macbook pro

How MBSA differs from Microsoft Update[edit]

MBSA only scans for 3 classes of updates, security updates, service packs and update rollups. Critical and optional updates are left aside.

See also[edit]

References[edit]

  1. ^'Download Details: Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals)'. Microsoft Download Center. Microsoft Corporation. Archived from the original on 18 June 2009. Retrieved 13 October 2009.
  2. ^ abcde'Download Details: Microsoft Baseline Security Analyzer 2.2 (for IT Professionals)'. Microsoft Download Center. Microsoft Corporation. 6 August 2010. Retrieved 21 November 2009.
  3. ^'August 2012 Security Bulletin Webcast Q&A'. Microsoft. Archived from the original on 24 August 2012. Retrieved 20 August 2012.
  4. ^'Microsoft Baseline Security Analyzer (MBSA) 2.3&#124MBSA'. Microsoft. Retrieved 12 November 2013.
  5. ^'What is Microsoft Baseline Security Analyzer and its uses?'. Microsoft. Retrieved October 5, 2018.

External links[edit]

Microsoft Baseline Security Analyzer Replacement For Mac
  • Official website
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Microsoft_Baseline_Security_Analyzer&oldid=970932090'

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the NmapProject has been cataloguing the network security community'sfavorite tools. In 2011 this site became much more dynamic, offeringratings, reviews, searching, sorting, and a new tool suggestion form.This site allows open source and commercial tools on any platform,except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

11 tools

(16)★★★Nessus (#3, 2)

Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free 'Registered Feed' version in 2008. It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use.

Nessus is constantly updated, with more than 70,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Read 24 reviews.

Latest release: version 6.3.3 on March 16, 2015 (5 years, 9 months ago).

Security

(31)★★★★OpenVAS (#19, new!)

OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted. Read 38 reviews.

Latest release: version 8.0 on April 2, 2015 (5 years, 8 months ago).

(12)★★★★½Core Impact (#29, 15)

Core Impact isn't cheap (be prepared to spend at least $30,000), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. Other good options include Metasploit and Canvas. Read 21 reviews.

Latest release: version 12 on Aug. 8, 2011 (9 years, 4 months ago).

(16)★★½Nexpose (#36, new!)

Microsoft Baseline Security

Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser. There is a free but limited community edition as well as commercial versions which start at $2,000 per user per year. Read 19 reviews.

(6)★★★½GFI LanGuard (#40, 20)

GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits, and vulnerability assessments. The price is based on the number of IP addresses you wish to scan. A free trial version (up to 5 IP addresses) is available. Read 6 reviews.

Latest release: version 2011 on May 19, 2001 (19 years, 7 months ago).

(4)★★★★QualysGuard (#42, 31)

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the cloud-based system. Read 5 reviews.

Latest release: version 6.18 on Feb. 25, 2011 (9 years, 9 months ago).

Microsoft Baseline Security Analyzer Replacement For Mac

(3)★★★MBSA (#46, 54)

Microsoft baseline security analyzer replacement for mac free

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week. Read 3 reviews.

Latest release: version 2.3 on Nov. 12, 2013 (7 years, 1 month ago).

(1)★★★Retina (#54, 29)

Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research. Read 2 reviews.

(6)★★★★½Secunia PSI (#68, new!)

Secunia PSI (Personal Software Inspector) is a free security tool designed to detect vulnerable and out-dated programs and plug-ins that expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus programs. Secunia PSI checks only the machine it is running on, while its commercial sibling Secunia CSI (Corporate Software Inspector) scans multiple machines on a network. Read 6 reviews.

Latest release: version 2.0 on Jan. 10, 2011 (9 years, 11 months ago).

(3)★★★★½Nipper (#81, new!)

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the Nipper user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases (including the GPLv2 version 0.10 source tarball). Read 3 reviews.

Latest release: version 1.3.

(4)★★★★½SAINT Security Suite (#110, 19)

SAINT is a commercial vulnerability assessment and penetration system. It was originally developed in the late 1990's as free UNIX tool based on the open source SATAN scanner. Later it went commercial and broadened into a whole suite of tools for vulnerability detection, exploitation, and asset management. It is available on multiple platforms, including appliances (SAINTbox) and cloud-hosted (SAINTcloud). Top competitors include Nessus, Nexpose, and QualysGuard. Read 9 reviews.

Latest release: version 9.8 on May 1, 2020 (7 months, 2 weeks ago).

11 tools

Microsoft Baseline Analyzer

Categories