figby.com

In their continuing quest to appear to care about security, Microsoft has released Personal Security Advisor, a web-based vulnerability checker for NT WKS 4 / Windows 2000 Professional. Here’s Wired Magazine’s article. I tried it myself and am somewhat impressed… The PSA runs quickly using an ActiveX control, then presents a list of security vulnerabilities. Don’t be overwhelmed – most of them are minor advisories. Look for the red icons on the ones near the top to find the critical issues.

I was actually pleasantly surprised by this tool. It didn’t find anything shocking about my machine – a few red icons, but these are things I leave unsecure because my firewall takes care of the problems. More importantly, among the other things listed I found some very good Outlook security suggestions the likes of which I’ve never seen from Microsoft.

This is really a crutch for Microsoft’s lagging security reputation – the real solution is to fix the security issues in future releases rather than make software to detect them – but in the interim, before everyone upgrades to the fabled Secure Microsoft OS, this tool will at least help spread the word about security issues.

The biggest problem is that PSA only works for NT 4 Workstation and Windows 2000 Professional, when the server-oriented OSs are at the greatest risk. The PSA page also categorically denies any knowledge of web server issues – and IIS has quite a few of those.

Nonetheless PSA seems a step in the right direction for Microsoft, and I hope it’s followed by many more.

Now I just have to overcome my fear of taking security advice from Microsoft…