Advanced: Use Attack Surface Analyzer Freeware To Secure Windows 7 And Find Suspicious Apps
If you believe there are some suspicious applications on your Windows 7 PC, get Microsoft’s free Attack Surface Analyzer
Installing Dot Net 4.0!
1. Before downloading the freeware tool make sure to install Dot Net 4.0 framework. Head over to filehippo one of our favorite download sites and grab a copy of dotnetfx45_full (download link)
2. When you are done, head over to Microsoft’s blog at MSDN.com and download either Attack_Surface_Analyzer_x86.msi or Attack_Surface_Analyzer_x64.msi depending on your operating system. Not sure? Read our tutorial – what Windows version do I have 32-bit or 64-bit?
3. Installation of Net framework 4 might take a few minutes – patience – this will really take a few minutes so don’t worry if it hangs
4. If you did not successfully install Dot Net 4.0 you will get a warning like this
5. The program will be listed under “All Programs” – start it
How you should use this tool now
The next step would be to generate a simple report BEFORE you install a suspicious program. And then run another report AFTER you installed the app. Then you can compare both using the option Generate standard surface attack report
The tool will generate a CAB file to store your report e.g. C:\Users\sOliver\Attack Surface Analyzer\SOLIVER-PC_1.0.0_2012-09-04_23-29-49.cab
One of the cool things this tool does is to scan your Windows security event logs, but the most useful thing is that it can find out whether or not an app is opening ports, modifying ownership rights or modify your registry
Summary: Intended Usage
- Generate report before installation
- Generate 2nd report after installation
- Select “Generate standard surface attack report” and select 1st report as your baseline cab and the 2nd as your product cab:
This tool is an advanced tool, so it’s mostly intended for admins and developers, but I believe some security enthusiasts might appreciate it.
We’ll try to explain this tool in more detail if there is any demand for this – so let us know if you want to learn more about this