Free Microsoft Security Tools
I often get asked where someone can find a comprehensive list of Security tools from Microsoft. Many tools which may be used by an administrator are not the same set of tools used by a developer or a consumer, but its nice to have a comprehensive list.
There are four sites that a good landing points:
- Security Tools on TechNet
- Sysinternals
- Codeplex (Microsoft's open source project hosting web site)
- Microsoft’s Security Portal
All of these are good starting points to learn about these tools and how to use them to tackle IT security. I have compiled a summary of some of the most useful security tools below.
Virus and Malware Protection and Removal
Real-time protection for your home PC that guards against viruses, spyware, and other malicious software. (For Commercial Antimalware see: www.microsoft.com/forefront)
Malicious Software Removal Tool
This tool checks your computer for infection by specific, prevalent malicious software and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents.
This free program helps protect PCs from pop-ups, slow performance, and security threats caused by spyware and other unwanted software.
Windows Live OneCare Safety Scanner
This free service scans PCs for viruses, spyware, and potentially unwanted software.
Microsoft Security Intelligence Report (SIR)
Provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software
System & Network Utilities that can be used to troubleshoot security & malware
Shows you information about which handles and DLLs processes have opened or loaded. See: Advanced Malware Cleaning - Mark Russinovich
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them
Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity
A number of command-line tools that allow you to manage remote systems as well as the local one
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit
A Windows program that will show you detailed listings of all TCP and UDP endpoints on your system
A protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. See: https://connect.microsoft.com/site/sitehome.aspx?SiteID=216 for release notes and information.
Developer Tools & Threat Modeling:
Microsoft Application Verifier
Runtime Verification tool for unmanaged code
Checks .NET managed code assemblies
Code analysis tool that helps identify common variants of certain prevailing vulnerabilities
Microsoft Threat Analysis & Modeling
Threat modeling to empower application risk management
Microsoft SDL Threat Modeling Tool 3.1
Helps engineers analyze security & address design issues early in the software lifecycle
Microsoft PREfast Analysis Tool
Identifies defects in C/C++ Programs
Security Update Management
Microsoft Update consolidates updates provided by Windows Update and Office Update into one location and enables you to choose automatic delivery and installation of high-priority updates. See: The Microsoft Security Update Guide
Windows Server Update Services (WSUS)
WSUS simplifies the process of keeping Windows-based systems current with the latest updates, with minimal administrative intervention.
System Center Configuration Manager
System Center Configuration Manager 2007 enables operating system and application deployment and configuration management, enhancing system security and providing comprehensive asset management of servers, desktops, and mobile devices.
Systems Management Server 2003 Inventory Tool for Microsoft Updates
Systems Management Server administrators can use the Inventory Tool for Microsoft Updates (ITMU) to determine the update compliance of managed systems.
Security Update Detection
Microsoft Baseline Security Analyzer (MBSA)
MBSA scans for missing security updates and common security misconfigurations. It can be used in conjunction with Microsoft Update and Windows Server Update Services.
Microsoft Office Visio 2007 Connector for the Microsoft Baseline Security Analyzer
This connector lets you view the results of an MBSA scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram.
Extended Security Update Inventory Tool
The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.
Security Assessment
Microsoft Assessment and Planning (MAP) Toolkit for PC Security Assessment
This free toolkit assesses your entire IT environment for desktop and laptop vulnerabilities to viruses and malware, to determine your PC readiness for Forefront Client Security.
Microsoft Security Assessment Tool (MSAT)
MSAT provides information and recommendations to help enhance security within your information technology infrastructure.
Lockdown, Auditing, and Intrusion Detection and Remediation
Account Lockout and Management Tools
These tools can help you manage accounts and troubleshoot account lockouts.
BitLocker Active Directory Recovery Password Viewer
This tool helps to locate BitLocker Drive Encryption recovery passwords for Windows Vista- or Windows Server 2008- based computers in Active Directory Domain Services.
BitLocker Drive Preparation Tool
This tool configures the hard disk drives in your computer properly to support enabling BitLocker.
This tool can help recover data from a corrupted or damaged disk volume that was encrypted with BitLocker.
Available as part of the Security Guide Scripts Download, this is a multi-threaded tool that will parse event logs from many servers at the same time.
File Checksum Integrity Verifier
This command-line tool computes and verifies MD5 or SHA-1 cryptographic hash values of files. These values can be displayed on the screen or saved in an XML file database for later use and verification.
This tool reduces the attack surface of earlier versions of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers. (All of the default security-related configuration settings in IIS versions 6.0 and 7.0 meet or exceed the security configuration settings made by the IIS Lockdown tool.)
This tool runs as a service on computers running Windows Server 2003, Windows XP, or Windows 2000, and logs TCP and UDP port activity.
Port Reporter Parser (PR-Parser)
This tool that parses the logs that the Port Reporter service generates. The PR-Parser tool has many advanced features that can help you analyze the Port Reporter service log files. You can use the PR-Parser with the Port Reporter tool in a number of scenarios, including troubleshooting and security-related scenarios.
This command-line utility helps you troubleshoot TCP/IP connectivity issues on Windows Server 2003, Windows XP, or Windows 2000.
Promqry and PromqryUI allow you to detect network sniffers on computers that are running Windows Server 2003, Windows XP, and Windows 2000.
This command-line tool enables you to obtain security information about files, registry keys, and services. It also lets you transfer this information from user to user, from local or global group to group, and from domain to domain.
This tool helps prevent potentially harmful HTTP requests from reaching IIS Web servers. UrlScan 3.0 includes new features to help protect against SQL injection attacks, and can be used with IIS 5.1 and later.
This tool helps prevent potentially harmful HTTP requests from reaching IIS Web servers. UrlScan 2.5 can be used with IIS 4.0 and later. (Users running IIS 6.0 and later will most likely want to use UrlScan 3.0.)
Whether you manage computers in a school computer lab or an Internet cafe, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to.
There are many more useful tools on Microsoft's TechNet Security Center and Codeplex.