I often get asked where someone can find a comprehensive list of Security tools from Microsoft. Many tools which may be used by an administrator are not the same set of tools used by a developer or a consumer, but its nice to have a comprehensive list.
There are four sites that a good landing points:
- Security Tools on TechNet
- Codeplex (Microsoft’s open source project hosting web site)
- Microsoft’s Security Portal
All of these are good starting points to learn about these tools and how to use them to tackle IT security. I have compiled a summary of some of the most useful security tools below.
Virus and Malware Protection and Removal
Real-time protection for your home PC that guards against viruses, spyware, and other malicious software. (For Commercial Antimalware see: www.microsoft.com/forefront)
This tool checks your computer for infection by specific, prevalent malicious software and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents.
This free program helps protect PCs from pop-ups, slow performance, and security threats caused by spyware and other unwanted software.
This free service scans PCs for viruses, spyware, and potentially unwanted software.
Provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software
System & Network Utilities that can be used to troubleshoot security & malware
Shows you information about which handles and DLLs processes have opened or loaded. See: Advanced Malware Cleaning - Mark Russinovich
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them
Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity
A number of command-line tools that allow you to manage remote systems as well as the local one
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit
A Windows program that will show you detailed listings of all TCP and UDP endpoints on your system
A protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. See: https://connect.microsoft.com/site/sitehome.aspx?SiteID=216 for release notes and information.
Developer Tools & Threat Modeling:
Runtime Verification tool for unmanaged code
Checks .NET managed code assemblies
Code analysis tool that helps identify common variants of certain prevailing vulnerabilities
Threat modeling to empower application risk management
Helps engineers analyze security & address design issues early in the software lifecycle
Identifies defects in C/C++ Programs
Security Update Management
Microsoft Update consolidates updates provided by Windows Update and Office Update into one location and enables you to choose automatic delivery and installation of high-priority updates. See: The Microsoft Security Update Guide
WSUS simplifies the process of keeping Windows-based systems current with the latest updates, with minimal administrative intervention.
System Center Configuration Manager 2007 enables operating system and application deployment and configuration management, enhancing system security and providing comprehensive asset management of servers, desktops, and mobile devices.
Systems Management Server administrators can use the Inventory Tool for Microsoft Updates (ITMU) to determine the update compliance of managed systems.
Security Update Detection
MBSA scans for missing security updates and common security misconfigurations. It can be used in conjunction with Microsoft Update and Windows Server Update Services.
This connector lets you view the results of an MBSA scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram.
The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.
This free toolkit assesses your entire IT environment for desktop and laptop vulnerabilities to viruses and malware, to determine your PC readiness for Forefront Client Security.
MSAT provides information and recommendations to help enhance security within your information technology infrastructure.
Lockdown, Auditing, and Intrusion Detection and Remediation
These tools can help you manage accounts and troubleshoot account lockouts.
This tool helps to locate BitLocker Drive Encryption recovery passwords for Windows Vista- or Windows Server 2008- based computers in Active Directory Domain Services.
This tool configures the hard disk drives in your computer properly to support enabling BitLocker.
This tool can help recover data from a corrupted or damaged disk volume that was encrypted with BitLocker.
Available as part of the Security Guide Scripts Download, this is a multi-threaded tool that will parse event logs from many servers at the same time.
This command-line tool computes and verifies MD5 or SHA-1 cryptographic hash values of files. These values can be displayed on the screen or saved in an XML file database for later use and verification.
This tool reduces the attack surface of earlier versions of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers. (All of the default security-related configuration settings in IIS versions 6.0 and 7.0 meet or exceed the security configuration settings made by the IIS Lockdown tool.)
This tool runs as a service on computers running Windows Server 2003, Windows XP, or Windows 2000, and logs TCP and UDP port activity.
This tool that parses the logs that the Port Reporter service generates. The PR-Parser tool has many advanced features that can help you analyze the Port Reporter service log files. You can use the PR-Parser with the Port Reporter tool in a number of scenarios, including troubleshooting and security-related scenarios.
This command-line utility helps you troubleshoot TCP/IP connectivity issues on Windows Server 2003, Windows XP, or Windows 2000.
Promqry and PromqryUI allow you to detect network sniffers on computers that are running Windows Server 2003, Windows XP, and Windows 2000.
This command-line tool enables you to obtain security information about files, registry keys, and services. It also lets you transfer this information from user to user, from local or global group to group, and from domain to domain.
This tool helps prevent potentially harmful HTTP requests from reaching IIS Web servers. UrlScan 3.0 includes new features to help protect against SQL injection attacks, and can be used with IIS 5.1 and later.
This tool helps prevent potentially harmful HTTP requests from reaching IIS Web servers. UrlScan 2.5 can be used with IIS 4.0 and later. (Users running IIS 6.0 and later will most likely want to use UrlScan 3.0.)
Whether you manage computers in a school computer lab or an Internet cafe, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to.