Microsoft grants reprieve to scanning tool

• Tags:
• Reaction,
• Scanning,
• Users,
• Windows

Joris Evers CNET News

Published: 31 Mar 2006 09:40 BST

• 
• 
• 
• 
• 

Microsoft at the 11th hour has extended support for a popular tool that lets users scan Windows computers for unpatched programs and other security flaws.

The software maker originally planned to end support for version 1.2 of the Microsoft Baseline Security Analyzer on Friday. However, following user feedback, the company has now extended support until an undetermined date, Doug Neal, programme manager at Microsoft, said on Thursday.

"The decision was based on a lot of customer feedback we received that said removing support at this time would create a gap in security update detection for Microsoft products," he said. The decision to extend support was made on Monday, he added.

The MBSA tool is used by organisations to determine which Microsoft security patches need to be installed on their systems. Microsoft released MBSA 2.0 last July. However, that version can't detect the need for fixes for some Microsoft products, including Office 2000, MSN Messenger and the Microsoft Works Suite.

Microsoft had nonetheless pushed customers to upgrade to 2.0, giving rise to some protest. "It would seem to me that ending support for MBSA 1.2 is an extremely ill-advised move," one user wrote recently in a Microsoft forum on MBSA. Some people also argued that MBSA lacks certain features, such as support for scripting results.

Microsoft first introduced the MBSA tool four years ago as part of its efforts to regain the public's trust in the security of its products. The software has won a loyal user base; more than three million scans are done with it each week, Neal said. "It is a popular tool, even more popular then we first thought," he said.

The major difference between MBSA 1.2 and version 2.0 of the product is the underlying scan technology. The older version is based on a scan engine Microsoft licensed from Shavlik Technologies. The newer version uses the Windows Update agent on Windows computers. Microsoft made this change to unify its patch-detection technologies.

No new end-of-life date has been set for the aging MBSA version. Instead, Microsoft is soliciting more feedback from users. "Instead of setting a new date that may be subject to change, the MBSA team is taking additional time to further assess customer needs," Neal said. An update will be provided on or before 30 June, he said.

The MBSA is free and scans for missing Microsoft patches. Alternative vulnerability scanners that can also call out missing updates from other software makers are sold by companies including McAfee, Qualys, Internet Security Systems and Shavlik.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed