Microsoft's Attack Surface Analyzer matures
Microsoft has released version 1.0 of of its Attack Surface Analyzer, bringing the application out of beta status. Attack Surface Analyzer was originally announced in January 2011 and is designed to give developers and system administrators the ability to gauge how installing a certain application will effect the attack surface of a Windows system.The company says that it has received "quite a bit of positive feedback" on the tool and is now ready to make it available to the wider public.
The tool does not actually examine the installed software for vulnerabilities but scans the system before and after an installation has taken place. These include scans for added files, registry keys, opened ports and ActiveX controls. This process is designed to highlight changes that could have negative security implications. While the tool is mainly aimed at developers who want to test their application's impact on systems, it can also be used by administrators to check whether installing a program has made the system less secure.
Attack Surface Analyzer is available from Microsoft free-of-charge for 32- and 64-bit Windows systems. The download page also includes instructions how to use the tool.