From:         Patrick Douglas Crispen 
Subject:      Tourbus - 14 Oct 04 - Microsoft Baseline Security Analyzer


The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved
Microsoft Baseline Security Analyzer

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, the first national park in Norway. :P

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road week after week.

On with the show...

Today's journey of our little bus of Internet happiness is the little- anticipated fifth part in my never-ending Home Computer Security series. Much like an 8:00 AM calculus class, this series keeps going and going and going. There is no end. You're stuck.

Wait, it gets worse. Today's post focuses solely on a Windows security tool called the Microsoft Baseline Security Analyzer [MBSA]. There's no MBSA for the Mac because, well, the Mac doesn't really need one. Sorry about that, Mac-ies.

If you have a PC [or a Mac] and missed any of my previous posts, be thankful. They stunk! Seriously, though, you can find all them all online in the Tourbus archives:

Part One: Exploits and Patch Management

Part Two: Firewalls

Part Two and a half: Odds and Ends

Part Three: Testing your Firewall

Part Four: Update your Antivirus

I've also combined all of those posts into two giant presentations you are free to download and burn in effigy. Just point your web browser to

and look for Home Computer Security and Privacy parts one and two. Both presentations are available in Microsoft PowerPoint and Macromedia Flash formats.

The Microsoft Baseline Security Analyzer

You probably know by now that when Microsoft finds a security hole in Windows or Internet Explorer they [usually/eventually] release a patch called a "Critical Update." In fact, Microsoft released a new Critical Update just this past Tuesday that closes over 20 security holes.

What you may not know is that Windows Update lies. [GASP!] No, really. Windows Update frequently thinks you've installed a Critical Update you haven't, leaving your computer vulnerable.

Fortunately, Microsoft's Baseline Security Analyzer [MBSA] takes care of that little-known problem. MBSA is a free program from Microsoft that scans for over 60 common system misconfigurations and almost any Microsoft security update your computer may be missing. In particular, MBSA double-checks the security of

  • Windows (*)
  • Microsoft Office 2000 and later
  • Internet Explorer 5.01 and later
  • Windows Media Player 6.4 and later
  • A bunch of other Microsoft applications and services
  • MBSA analyzes, you fix. In other words, MBSA tells you what's wrong and points you to the solution. But YOU have to manually download and apply the solution. That's important to remember.

    Wait. There's more. Did you notice that little asterisk next to "Windows?" Well, that's because MBSA only works on Windows XP, 2000, and Server 2003. :(

    That's all of the bad news. Now for the good news. While the MBSA was designed for corporate tech support, there is no reason why you can't use it at home. Oh, and it's free.

    Yes, you read that correctly. Microsoft is actually giving something away.

    To get the latest version of Microsoft's MBSA, just go to

    Download the MBSASetup-EN.msi file to your desktop and then double- click to install it.

    Running MBSA

    Once you've downloaded and installed MBSASetup-EN.msi, double-click on the MBSA "watering can" [padlock and checkmark] icon. This opens the MBSA welcome screen.

    Click "Scan a computer."

    On the next screen, don't change anything. Just make sure you are connected to the Internet and then click "Start scan."

    MBSA calls home to Microsoft and downloads something called "" This file contains information about practically every patch Microsoft has released. MBSA scans your computer's operating system, operating system components, and Microsoft applications. MBSA then compares the version numbers of the stuff on your computer with the latest version numbers in the file. Finally, MBSA shows you which updates your computer is missing.

    Translating the security report

    Critical failures [red Xs] require you to immediately install a patch or update to ensure the strongest security of your computer. Non- critical failures [yellow Xs] happen when there is a newer version of something available, but you don't really have to upgrade...yet. Best practices [blue asterisks] could signify a problem--MBSA can't confirm that those particular security updates have been installed.

    What's important and what isn't? Well, MBSA's security report has seven sections, and in my humble opinion you only have to worry about two:

    1. Security Update Scan Results [at the top of the report]

    2. Desktop Application Scan Results [at the very bottom]

    The five sections in the middle don't really apply to home users. Don't get me wrong: Problems here are important. They're just rarely critical. You can fix the problems in the middle five sections if you want, but you don't have to.

    Fixing the critical failures

    Remember, MBSA analyzes, you fix.

    To find a fix for a critical failure in Security Update Scan Results or Desktop Application Scan Results, click on the "Result Details" link next to that critical failure. This shows you exactly what's missing or is misconfigured. Click on each link and it opens a page in Internet Explorer telling you how to download the appropriate patch. REMEMBER TO INSTALL THE PATCHES AFTER YOU DOWNLOAD THEM! MBSA won't do it for you.

    Blue Asterisks

    Sometimes MBSA gets confused and can't confirm if your computer has a particular patch. That's what the blue asterisks signify. Fixing those blue asterisks is a little more complicated.

    1. Click on Results Details.

    2. In the description for each Security Update you'll see a six
    digit number in parentheses. Write down each six digit set of numbers you see.

    3. Then go to Add/Remove Programs in your Control Panel.

    4. Scroll down towards the bottom and look for the Windows

    5. Compare those six digits you wrote down in MBSA with the last
    six digits of the various hotfixes in Add/Remove Programs.

    If you find a match, you have the patch. MBSA just got confused. If you don't find a match, go back to the MBSA Results Details page and manually download and install the missing patches.

    MBSA tips

    Run MBSA from time to time just to double-check your computer's security. I usually run MBSA every three months or so.

    Don't be surprised if MBSA still gives you blue asterisks even after you've installed all the patches. Sometimes MBSA gets confused. And there's no real way to unconfuse it.

    Finally, there's no such thing as a "clean" MBSA scan, especially in the middle five sections. MBSA is always going to find something to complain about.

    ------- Summary -------

    So, what did we learn today? Well, we learned that MBSA is a free program from Microsoft that scans for over 60 common system misconfigurations and almost any Microsoft security update your computer may be missing. You need to fix the critical failures [red Xs] and the best practices [blue asterisks] as soon as possible. Think about fixing the non-critical failures [yellow Xs] when you get the time.

    MBSA's security report has seven sections, and you only have to worry about two:

  • Security Update Scan Results [at the top of the report]
  • Desktop Application Scan Results [at the very bottom]
  • The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved

    That's it! I hope this helps! Have a safe and happy weekend, and we'll talk again soon!

               .~~~.  ))
     (\__/)  .'     )  ))       Patrick Douglas Crispen
     /o o  \/     .~
    {o_,    \    {    
      / ,  , )    \  
      `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
     _(    (   )_.'
    ---..{____}                  Warning: squirrels.

    Microsoft Baseline Security Analyzer, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search