A Review of Microsoft Baseline Security Analyzer: A Free Tool to Examine the Security Settings of a Computer

Page content


Microsoft Baseline Security Analyzer is a tool intended for IT administrators, managing small to medium sized networks. The application scans a specified computer or group of computers for security vulnerabilities. It measures the parameters of the system or systems against the guidelines set down by Microsoft.

The advantage of using the MBSA, apart from accurately assessing and discovering potential security lapses, is the coordination it has with the other Microsoft security tools. For example, MBSA has been designed with Windows Update Agent, using the Microsoft Update infrastructure as a base. Other Microsoft products are checked for consistency and regular updates, like Systems Management Server, Windows Server Update Services, Microsoft Update, System Center Configuration Manager 2007, among others.

The latest version, MBSA 2.1, adds Windows Server 2008 and Windows Vista functionality to the list of supported operating systems. MBSA is designed to be used by IT pros and is best suited for use in small and medium sized business environments.

Test Machine

• Compaq Presario CQ50 Notebook PC

• AMD Athlon Dual-Core QL 1.90 GHz

• 2.00 GB RAM

• 160 GB Hard Disk

• Microsoft Vista Home Basic

• Google Chrome/Mozilla Firefox Browsers

Installation (5 out of 5)


The Microsoft Baseline Security Analyzer Review took approximately five minutes to download and install. The installation is the same regardless of which version of the Windows operating system is running on the system.

The installation requires no extra information, nor does the system need to be restarted for any of the settings to take effect.

It is simple, straightforward and fast.

Operation (4 out of 5)

Running the scans is straightforward, as MBSA takes care of all the required information. There are essentially two options for

side pane

scanning: one is for single systems, and the other for a group of machines.

For single machines, the application will detect the requisite information, like the IP address, in case it is a


remote machine; the name of the workstation; and its parameters for the scan. The user can select from the list of options, although for the first time round, it is probably best to let the application scan everything.

Microsoft Baseline Security Analyzer will first check for updates for itself, before moving on to the others. At the end of the scan, it presents a report to the user with a list of recommended actions.

MBSA has both a graphical and a command line interface. The graphical interface is useful for first time users, and as the user becomes more familiar with the system, they can slowly graduate to the command line interface. The advantage of the command line interface is the ability to specify exactly what needs to be scanned, giving the user greater control over the functions.

Product Features (4 out of 5)

• Microsoft Baseline Security Analyzer detects many more updates, across a wider spectrum of Windows products than Windows

report 1


• The report at the end of the scan gives a detailed assessment of all the aspects of the system, including a list of recommended actions, the level of current security and the lapses that could potentially be exploited. In addition to this information, the report also contains step-by-step instructions on how to rectify security lapses, or at least links to the relevant reference material.

• MBSA can scan multiple computers, as well computers that are at a remote location, making the tool easy

report 2

to use for network administrators.

• Examines systems for best practices like strong passwords, password expiry, among other factors.

• It also has the ability to scan servers that run IIS and SQL Server for discrepancies and incorrect settings

• MBSA also scans commonly used products like Internet Explorer and Outlook for adequate security settings.


Microsoft Baseline Security Analyzer is a quick and efficient way to explore all the vulnerabilities in a system. There is no requirement for any sort of specialist knowledge, and it manages to look in a number of places that would ordinarily be overlooked entirely.

The program does not run for very long, nor does it utilize too much memory. It is possible to have it running whilst other tasks are being performed. There is one flaw to the scan; it does not pick up on any workarounds to certain problems. Not all of the software bugs are fixed using patches, some use a workaround which is equally effective. MBSA, however, cannot detect that at all.