If you believe there are some suspicious applications on your Windows 7 PC, get Microsoft’s free Attack Surface Analyzer
Table Of Contents - Quick Links!
Installing Dot Net 4.0!
1. Step Before downloading the freeware tool make sure to install Dot Net 4.0 framework. Head over to filehippo one of our favorite download sites and grab a copy of dotnetfx45_full (download link)
After downloading, double-click the dotnetfx45_full_x86_x64.exe and install it – you have to close some apps
2. Step When you are done, head over to Microsoft’s blog at MSDN.com and download either Attack_Surface_Analyzer_x86.msi or Attack_Surface_Analyzer_x64.msi depending on your operating system. Not sure? Read our tutorial – what Windows version do I have 32-bit or 64-bit?
3. Step Installation of Net framework 4 might take a few minutes – patience – this will really take a few minutes so don’t worry if it hangs
4. Step If you did not successfully install Dot Net 4.0 you will get a warning like this
Attempting To Install Attack Surface Analyzer On A System Without Net 4
5. Step The program will be listed under “All Programs” – start it
How you should use this tool now
The next step would be to generate a simple report BEFORE you install a suspicious program. And then run another report AFTER you installed the app. Then you can compare both using the option Generate standard surface attack report
The tool will generate a CAB file to store your report e.g. C:\Users\sOliver\Attack Surface Analyzer\SOLIVER-PC_1.0.0_2012-09-04_23-29-49.cab
One of the cool things this tool does is to scan your Windows security event logs, but the most useful thing is that it can find out whether or not an app is opening ports, modifying ownership rights or modify your registry
Summary: Intended Usage
- Generate report before installation
- Generate 2nd report after installation
- Select “Generate standard surface attack report” and select 1st report as your baseline cab and the 2nd as your product cab:
This tool is an advanced tool, so it’s mostly intended for admins and developers, but I believe some security enthusiasts might appreciate it.
We’ll try to explain this tool in more detail if there is any demand for this – so let us know if you want to learn more about this