微軟基線安全分析器

维基百科,自由的百科全书
跳转至: 导航搜索
Microsoft Baseline Security Analyzer
開發者 Microsoft
初始版本 2004年8月16日;10年前 (2004-08-16)[1]
穩定版本 2.2 / 2010年8月10日;4年前 (2010-08-10)[2]
操作系统 Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000[2]
平台 IA-32 and x86-64[2]
文件大小 1.5 ~ 1.7 MB[2]
语言 English, German, French and Japanese[2]
类型 计算机安全
许可协议 免費軟體
網站 www.microsoft.com/mbsa

微軟基線安全分析器(英语Microsoft Baseline Security Analyzer ,簡稱MBSA)是微軟為旗下的操作系統而設的保安輔助系統,透過找尋電腦系統上未有安裝的安全更新及未達標之設定來評估系統的保安狀況。受檢查的部件除了有Windows本身的系統檔案以外,還包括有:Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings等各部件。 現時最新的版本是2.2。

MBSA原先的設計,其實是打算用來檢查電腦系統是否有保安上的漏洞。後來演變成為了系統更新的工具。

Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the wwwroot folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

Versions 1.2.1 and below run on NT4, Windows 2000, Windows XP, and Windows Server 2003, provide support for IIS versions 5 through 6, SQL Server 7 and 2000, Internet Explorer 5.01 and 6.0 only, and Microsoft Office 2000 through 2003. Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool. MBSA 1.2.1 was localized into English, German, French and Japanese versions and supported security assessment for any locale.

Version 2.0 retained the hard-coded VA checks, but replaced the Shavlik security assessment engine with Microsoft Update technologies which adds dynamic support for all Microsoft products supported by Microsoft Update. MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB). MBSA 2.1 added Vista and Windows Server 2008 support, a new Vista-styled GUI interface, support for the latest Windows Update Agent (3.0), a new Remote Directory (/rd) feature and extended the VA checks to x64 platforms.

參考資料[编辑]

  1. ^ Download Details: Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals). Microsoft Download Center. Microsoft Corporation. [2009-10-13]. [失效連結]
  2. ^ 2.0 2.1 2.2 2.3 2.4 Download Details: Microsoft Baseline Security Analyzer 2.2 (for IT Professionals). Microsfot Download Center. Microsoft Corporation. 2010-08-06 [2009-11-21]. 

參看[编辑]

外部連結[编辑]