Microsoft (NASDAQ: MSFT) has released a free, beta version of a security assessment tool that the Redmond-based software company says it's been using internally for five years. The Attack Surface Analyzer tracks changes made in the process of installing a new application, highlighting aspects that increase the attack surface on the host computer. The idea is to create a greater awareness on the part of IT managers and auditors of the security risks produced by any client software produced by the company.

David Ladd, Microsoft's principal security program manager wrote about the tool in a blog: "Some of the checks performed by the tool include analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters that affect a computer's attack surface." 

Installation of Attack Surface Analyzer has to take place on a fresh copy of the Windows operating system, which will proceed to take a snapshot of the baseline state. When run again after installing the target application, the analyzer software produces a report for further action in accordance to the areas that Microsoft deems to be important.

For more on this story:
- check out this article at InfoWorld
- check out this article at InformationWeek
- check out this article at The Register

Related Articles:
New Trojan stymies cloud-based antivirus security tech 
Researchers bring attention to USB attack via Android phone 
Microsoft proposes public health approach to curb botnets 
Antivirus defenses shaky, claims new report