MVP Jubo Security Blog : Tools

Microsoft Launches Malware Protection Center

jubo — Wed, 11 Jul 2007 19:28:00 GMT

Get the latest information about malware and potentially unwanted software on the Microsoft Malware Protection Center Portal. Browse the MMPC's malware encyclopedia, download the latest virus/spyware definitions, submit malware samples, and find links to additional content.

See: Microsoft Malware Protection Center

Malware Removal Starter Kit

jubo — Wed, 11 Jul 2007 11:59:00 GMT

Many small- and medium-sized organizations use antivirus software, and yet new viruses, worms, and other forms of malicious software (malware) continue to infect large numbers of computers in these organizations. Malware proliferates at alarming speed and in many different ways, which makes it particularly widespread today.

This guide is intended for IT Generalists who want information and recommendations that they can use to effectively address and limit malware that infects computers in small- and medium-sized organizations. This guidance provides a set of tasks that licensed Windows® users can perform at no cost to create the Malware Removal Starter Kit. Recommendations for free malware-scanning tools are included. You can use these tools in combination with the kit to conduct scans, detect problems, and remove malware from your computer.

More information at: TechNet

Download at: Download Center

Cool new tool: Windows Vista Hardware Assessment

jubo — Wed, 21 Feb 2007 20:39:00 GMT

A few days ago, Microsoft released a very nice tool that finds and determine if computers on a network are ready to run Windows Vista. The good news is that this tool does not require deployement of agent software on computers being inventoried and accessed. The tool can scan computers on a network that are running an operating system that supports Windows Management Instrumentation (WMI). This includes the following operating systems:

Windows Vista
Windows XP® Professional (SP2)
Windows Server 2003™ or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server

Read the documentation first because it also installs, if necessary, the SQL Server 2005 Express edition.

More information at: TechNet and you can download it at: Download Center.

MBSA 2.1 available

jubo — Fri, 16 Feb 2007 22:35:00 GMT

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

In order to ensure compatibility with Windows Vista, MBSA 2.1 Beta 1 is now available. Beta 1 maintains the current MBSA 2.0.x functionality but adds Windows Vista support.More information at: MBSA 2.1 page.

You can download the MBSA 2.1 installer from the Microsoft Download Center.

New Version: RootkitRevealer v1.6

jubo — Thu, 22 Dec 2005 08:57:00 GMT

This version runs from Windows XP remote desktop sessions, includes a number of bug fixes and reduces the number of false positive descrepancies.

What is RootkitRevealer v1.6?
"RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior."

Source and download at: Sysinternals

Office 2003 Add-in: Word Redaction

jubo — Fri, 05 Aug 2005 10:30:00 GMT

Redaction is the careful editing of a document to remove confidential information.

The Microsoft Office Word 2003 Redaction Add-in makes it easy for you to mark sections of a document for redaction. You can then redact the document so that the sections you specified are blacked out. You can either print the redacted document or use it electronically.

Sensitive government documents, confidential legal documents, insurance contracts, and other sensitive documents are often redacted before being made available to the public. With the Word 2003 Redaction Add-in, users of Microsoft Office Word 2003 now have an effective, user-friendly tool to help them redact confidential text in Word documents.

Download: Word Redaction

Microsoft Baseline Security Analyzer (MBSA)

jubo — Tue, 05 Jul 2005 11:10:00 GMT

MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

New Features found in MBSA 2.0:

Severity Ratings
Locally and remotely scan for Office XP or later security updates
Added guidance for locating updates and necessary actions
CVE-IDs for supported updates
Improved help content
Windows Server Update Services compatibility
Automatic Microsoft Update registration and agent update
Support for detection of updates on 64bit Windows and Windows XP Embedded

Source: Microsoft Baseline Security Analyzer 2.0
More information: Microsoft TechNet

Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer (MBSA)

jubo — Thu, 05 May 2005 21:18:00 GMT

Do you know the security status of your network? Get a visual. The Visio Connector for MBSA lets you view the results of a Microsoft Baseline Security Analyzer scan in a clear, comprehensive Microsoft Office Visio 2003 network diagram. You must have both Visio 2003 and the Microsoft Baseline Security Analyzer — a free security tool from Microsoft — for this connector to function.

At a glance, you'll be able to:

Pinpoint vulnerabilities on the color-coded diagram
Identify solutions in the detailed network diagram scan results
Prioritize actions based on the results presented in the network diagram

Downloads The Visio Connector for MBSA lets you visualize Microsoft Baseline Security Analyzer scan results on a Visio network diagram. Download Visio Connector for MBSA by following the links below.

More Information: TechNet

Log Parser 2.2

jubo — Sun, 24 Apr 2005 09:46:00 GMT

Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®. You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart. Most software is designed to accomplish a limited number of specific tasks. Log Parser is different... the number of ways it can be used is limited only by the needs and imagination of the user. The world is your database with Log Parser.

Related Links:

Download at: Microsoft Download Center.

Source: Microsoft TechNet

Promqry & PromqryUI: New Tools to Detect Network Sniffers

jubo — Sun, 06 Feb 2005 15:55:00 GMT

Microsoft's Tim Rains has released two new tools to detect network sniffers. There are two versions of this tool: command line and a GUI version.

Both of these tools essentially have the same functionality:

Query the local system’s network interfaces
Query a single remote system’s interfaces
Query a range of remote system’s interfaces

System Requirements:

Supported Operating Systems: Windows 2000, Windows Server 2003, Windows XP
Microsoft .Net Framework

For more information see: Description of Promqry 1.0 and PromqryUI 1.0

Source: Tim Rains' WebLog

Malicious Software Removal Tool

jubo — Wed, 12 Jan 2005 14:08:00 GMT

Microsoft® Windows® Malicious Software Removal Tool

The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

Virus and Worm Families Cleaned
This tool scans for and cleans malicious software associated with the following security threats:

Source: Malicious Software Removal Tool.

Related Links

Online scan for Microsoft Windows XP, Windows 2000, and Windows Server 2003: Scan and Clean Your PC.

Microsoft Baseline Security Analyzer

jubo — Sun, 15 Aug 2004 10:56:00 GMT

New version, MBSA 1.2.1, needed for Windows XP SP2 compatibility: Users of Windows XP Service Pack 2 will need to update their MBSA to version 1.2.1 for compatibility and deeper integration with SP2 security improvements. When MBSA version 1.2.1 is available later this month, Windows XP SP2 users who are running MBSA 1.2 will be automatically notified when they run the tool from the Start menu with an Internet connection.

It seems that Microsoft is releasing this new tool on August 16th. Check the MBSA website for more information.

Microsoft Baseline Security Analyzer V1.2

jubo — Sun, 30 May 2004 08:55:00 GMT

As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).

MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, and Office. MBSA 1.2 will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL Server, IE, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine, Commerce Server, Content Management Server, BizTalk Server, Host Integration Server, and Office.

Source: TechNet Security

Enterprise Security Tools

jubo — Sat, 29 May 2004 10:44:00 GMT

Take advantage of tools designed to help your organization keep apprised of security risks, so you can react quickly and effectively to potential threats. Assess vulnerabilities and strengthen security with tools and technologies like the Microsoft Baseline Security Analyzer (MBSA) and Software Update Services (SUS).

How-To Articles

Source: Microsoft Security