Results 1 to 7 of 7
  1. #1
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Baseline Security Analyser v HFNetChk

    Has anyone used these two products, and has a view on how they compare?

    Even better, does anyone know how (or if!), and how often, the Microsoft Baseline Security Analyser gets its security database updated (currently at v1.0.1.496, whatever that means!)? It doesn't seem to include the recent MS03-032/033 patches -- no great surprise since so recent. I can't find any information in places that should contain it (like Help, the Technet articles, etc).

    SMBP -- here's another chance for you to shine brilliantly!!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Baseline Security Analyser v HFNetChk

    SMBP

    As far as I'm aware the latest version of Microsoft Baseline Security Analyser is v 1.1.1, which of course makes all the difference! But I still can't find what happens about the security database update...

    It's my theory that MBSA completely replaces what Microsoft originally put out as "their" HFNetChk utility, which of course was Shavlik's. Presumably Microsoft paid for the technology, and have then gone off on their own (much like OS/2 ==> NT!!).

    Shavlik have gone on to supply their own HFNetChkLT(lite) (which allows scanning of as many computers as you like, but can patch only up to 50 of them), and the full paid-for version.

    I've been running Shavlik's HFNetChkLT against our domain for a couple of days now, and it has got about half-way through. However, over that period, some PCs will have been powered off and on several times, so it's fairly random whether they were active or not when their scan was scheduled! There doesn't seem to be a way to say: "Since this PC was found to be powered off, try the scan again in x hours to see if it's been powered on". A major flaw IMHO.

    And I got a fairly aggressive phone call from the States about "how my testing was going" a couple of days after downloading it...

    By the way, I think you're right about some of the results being "arguable"! And there are interesting differences between "what Microsoft thinks" and "what Shavlik thinks" about which patches/settings should be on a box!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Baseline Security Analyser v HFNetChk

    John--

    I didn't realize that there was a situation like that with MS "spinning off" their own tool, but everyone who follows their history since the early days the book Fire in the Valley recounts knows about scenarios like that if that's what happened. Ed Roberts hired Paul Allen to be his Software director in 1975, because Allen and a Harvard freshman named Gates had written BASIC--a software program to run on his computer the MITS Altair with Roberts' 4K memory board. Roberts was a burly Air Force Veteran, and this cheeky 18 year-old Gates told him the memory board was awful and it wouldn't work for the programs Gates was writing for the Altair or to work with a disc drive.

    Roberts ignored Gates, and the first pirated paper tape copies of Gates and Allen's programs circulated. Gates began to turn toward his own company called Microsoft and checked into an Albequerque motel with a stack of legal pads and finally wrote a disc code Allen had nagged him to finish. There was a huge fight over the software belonging to the MITS company that clearly Gates and Allen had developed; "big time" lawyers were trotted out to face the 18 year old kid in arbitration, and the kid prevailed and went to Bellevue Washington to start his own little company. Gates is still making software somewhere in Washington (and many MITS employees left to start the company with Gates and are still surviving), and Ed Roberts bought a farm and became a doctor in a country town in South Georgia.

    I wonder where the Microsoft Installer 3.0 from that same software company will fit into this--because there seems to be overlap in the premise of the Installer's abilities and HFNetChk's. I wonder how the MS Installer 3.0 would work against your domain and appreciate hearing how Shavlick's is running. You might want to see if you can Beta test the Installer whose Beta is beginning to roll.

    I also wonder if there will be overlap between the MBSA 1.1 and the MSI 3.0.? And how does Microsoft's version compare with Shavlink's? And I wonder what the relationship between the two companies and their products with the same name is? Thanks for the information on HFTNetChk.

    SMBP

  4. #4
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Baseline Security Analyser v HFNetChk

    Shining Brilliantly for me is probably way out of the question, but I appreciate the thought. I haven't used the HF NetChk tool and you wouldn't be happy if I didn't whip up a little list John:

    Dan Petri's MSCE World on HFNetChk With ScreenShots and How To Use Instructions
    303215:Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool Is Available
    305835: Frequently Asked Questions about the Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool
    Technet on HFNetChk
    Shavlik Technologies on HFNetChkPro 4.0
    Security Focus survey for HFNetChk Tool
    Security Focus thread HFNetChk

    I get the idea that the trialware from Shavlik who makes this for MS that you can buy is the more beefed up edition with the fancy impressive gui that actually improves patch management with drag and drop features--whatever that means for patches. I'm trying to figure out where you would drag and drop the patch. Microsoft's tool on a quick read seems more to check that you have the patches then to manage them. Interesting because the new Microsoft Installer 3.0 whose Beta is rolling out seems to have some of the same functions.

    I haven't felt the need, because if I understand the basic premise, it's part of the MBSA 1.1 with a number of commands and switches for checking hotfixes--and it seems easier to me just to go to the registry keys for this and check if they're in there if they don't show up at Add/Remove. It does though advertise to be able to check several machines through the command line, and that may be a useful timesaver on a network or in some setting with a number of linked machines. Maybe I'm missing some advantage there.

    I have downloaded, run a few times, and updated the MBSA (1.1 is the current version) and with a couple exceptions, it said I was updated--it had a couple issues with the way I had something set and when I ran it I disagreed with it's suggestion for some reason to change those couple settings. You can download it at that Technet link.

    I hope some of these links were what you are looking for. I'll have to read up more on what Shavlik's tool does, because I haven't taken a close look yet. I hope these links were some of what you were looking for.

    SMBP

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,584
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Baseline Security Analyser v HFNetChk

    John, MS ususally updates the DB within a couple days of a new security bulletin. The update locally is supposed to be automatic when you run MBSA. There are serveral informative threads in the MS MBSA newsgroup. It won't take you much time to get through as there's not a lot of traffice. BTW, MS personnel are good about answering questions in that group.

    Joe
    Joe

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,584
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Baseline Security Analyser v HFNetChk

    John, Oops forgot to answer you first question. I'm pretty sure that MBSA is an enhancement over the original HFnetchk that MS acquired rights to. MS has not kept up with Shavlik. HfnetchkLT is much more powerful. Maybe with the futures changes/enhahncements that MS has discussed they'll get closer but I don't think Shavlik will stand still.

    Joe
    Joe

  7. #7
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •