Windows

    Attack Surface Analyzer

    Language:
    English
    Analyze changes to Windows Attack Surface
    • Note:There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.
      Version:

      1.0.0.0

      File Name:

      Attack_Surface_Analyzer_x64.msi

      Attack_Surface_Analyzer_ReadMe.docx

      Attack_Surface_Analyzer_x86.msi

      Date Published:

      8/2/2012

      File Size:

      1.8 MB

      222 KB

      1.8 MB

        Attack Surface Analyzer is developed by the Trustworthy Computing Security group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software.

        Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

        This allows:
        - Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
        - IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
        - IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
        - IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
    • Supported Operating System

      Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

        Collection of Attack Surface data: Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

        Analysis of Attack Surface data and report generation: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012. Microsoft .NET Framework 4 is required.

        See the Attack Surface Analyzer ReadMe for detailed system requirements
      • Note: To run Attack Surface Analyzer, you will require Administrator privileges on the computer.

        Collecting attack surface information with .NET Framework 4 installed
        C1. Download and install Attack Surface Analyzer on a machine with a freshly installed version of a supported operating system, as listed in the System Requirements section. Attack Surface Analyzer works best with a clean (freshly built) system. Not running the Attack Surface Analyzer on a freshly built system requires more time to perform scanning and analysis.
        C2. Install any software prerequisite packages before the installation of your application.
        C3. Run Attack Surface Analyzer from the Start menu or command-line. If Attack Surface Analyzer is launched from a non-elevated process, UAC will prompt you that Attack Surface Analyzer needs to elevate to Administrative privileges.
        C4. When the Attack Surface Analyzer window is displayed, ensure the "Run new scan" action is selected, confirm the directory and filename you would like the Attack Surface data saved to and click Run Scan.
        C5. Attack Surface Analyzer then takes a snapshot of your system state and stores this information in a Microsoft Cabinet (CAB) file. This scan is known as your baseline scan.
        C6. Install your product(s), enabling as many options as possible and being sure to include options that you perceive may increase the attack surface of the machine. Examples include; if your product can install a Windows Service, includes the option to enable access through the Windows Firewall or install drivers.
        C7. Run your application.
        C8. Repeat steps C3 through C5. This scan will be known as your product scan.


        Collecting attack surface information without the .NET Framework 4 installed
        Note: The (command line) method is recommended when .NET Framework 4 is not installed. To perform analysis and report generation, a machine with .Net Framework 4 is required.
        C1. Download and install Attack Surface Analyzer on a machine with a freshly installed version of a supported operating system, as listed in the System Requirements section. Attack Surface Analyzer works best with a clean (freshly built) system. Not running the Attack Surface Analyzer on a freshly built system requires more time to perform scanning and analysis.
        C2. If your Windows installation does not have the .NET Framework 4 installed, you have an option of updating your .NET Framework installation or installing only ASA.exe and dependent components. If you choose to install .Net Framework 4, please see the above section, “Collecting attack surface information with the .Net Framework 4 installed”.
        C3. Navigate to the Attack Surface Analyzer installation directory. The default installation directory is C:\Program Files\Attack Surface Analyzer\.
        C4. Run Attack Surface Analyzer.exe from the command line. If Attack Surface Analyzer.exe is launched from a non-elevated process, UAC will prompt you that Attack Surface Analyzer needs to elevate to Administrative privileges. To view the full list of command line options execute the command: ““Attack Surface Analyzer.exe” /?” (without the surrounding quotation marks) from the console.
        C5. Attack Surface Analyzer will then take a snapshot of your system state and store this information in a CAB file, saving the results to your user profile directory - the default is: C:\Users\%username%\Attack Surface Analyzer\. This scan is known as your baseline scan.
        C6. Install your product(s), enabling as many options as possible and being sure to include options that you perceive may increase the attack surface of the machine. Examples include; if your product can install a Windows Service, includes the option to enable access through the Windows Firewall or install drivers.
        C7. Run your application.
        C8. Repeat steps C3 and C5, this scan will be known as your product scan.


        Analyzing the Results
        Note: You can either analyze the results on the computer you generated your scans from, or copy the CAB files to another computer for analysis. To perform analysis and report generation, a machine with .Net Framework 4 is required:
        A1. Run Attack Surface Analyzer from the Start menu. If Attack Surface Analyzer is launched from a non-elevated process, UAC will prompt you that Attack Surface Analyzer needs to elevate to Administrative privileges. Note: To view the full list of command line options, including generating the report from the command line, execute the command: ““Attack Surface Analyzer.exe” /?” (without the surrounding quotation marks) from the console.
        A2. Choose the "Generate Report" action and specify your baseline and product scan CAB files. Note: Make sure that you have the cab files selected for both baseline and product correctly, then generate report. Attack Surface Analyzer will inspect the contents of these files to identify changes in system state and if applicable important security issues that should be investigated. If a web browser is installed on the machine performing the analysis it should automatically load Attack Surface Analyzer's report - it is a HTML file.
        A3. Review the report to ensure the changes are the minimum required for your product to function and are consistent with your threat model.


        After addressing issues generated from the tool you should repeat the scanning process on a clean installation of Windows (that is, without the artifacts of your previous installation) and re-analyze the results. As you may need to repeat the process a number of times, we recommend using a virtual machine with "undo disks", differencing disks or the ability to revert to a prior virtual machine snapshot/configuration to perform your attack surface assessments.

        For questions and support contact us on our blog: http://social.msdn.microsoft.com/Forums/en-US/sdlprocess/

    Popular downloads

      • 01

        DirectX End-User Runtime Web Installer

        The Microsoft DirectX® End-User Runtime provides updates to 9.0c and previous versions of DirectX — the core Windows® technology that drives high-speed multimedia and games on the PC.

      • 02

        Malicious Software Removal Tool

        This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

      • 03

        Microsoft Security Essentials

        Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.

      • 04

        Windows 7 Upgrade Advisor

        Download and run the Windows 7 Upgrade Advisor to see if your PC is ready for Windows 7. It scans your hardware, devices, and installed programs for known compatibility issues, gives you guidance on how to resolve potential issues found, and recommends what to do before you upgrade.

      • 05

        Update for Windows XP (KB932823)

        Install this update to resolve an issue in which a user is unable to use Windows Internet Explorer 7 to download files on a computer that is running Windows XP with IME enabled.

    Loading your results, please wait...

    Free PC updates

    • Security patches
    • Software updates
    • Service packs
    • Hardware drivers

    Microsoft Suggests

       Shop for a new Windows PC.
    Shop for a new Windows PC
    Browse our collection of laptops, tablets, and convertibles perfect for the new Windows.
    Shop now