Microsoft adopted the Microsoft Baseline Security Analyzer (MBSA) tool to help users determine the system security and improve the security management process. Now, Microsoft has stopped providing this tool, so users need to seek for good alternatives to Microsoft Baseline Security Analyzer. This post of MiniTool will introduce this tool and offer some alternatives.
What Is Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (short as MBSA) is actually a tool provided by Microsoft for its Windows users to determine the security state on their systems. Main functions of Baseline Security Analyzer are:
- Optimize security management process via computer analysis.
- Detect missing updates/patches, improper security configurations, and less-secure settings (often called Vulnerability Assessment checks).
- Reduce and eliminate the possible threats that are caused by the security problems it detects.
This tool works for both Windows systems and the components inside them: Internet Explorer, Microsoft Office macro settings, IIS web server, and products Microsoft SQL Server. The specific suggestions will be given to you for remediating security vulnerabilities after you run a MBSA scan on your device.
People are wondering whether the new Microsoft Edge is the same as the old Internet Explorer on a Windows computer.
How to Use Baseline Security Analyzer
- Download the Microsoft Baseline Security Analyzer from Microsoft download center.
- Save the software to a drive with enough space and install it properly after MBSA download.
- Launch Microsoft Baseline Security Analyzer and click the Scan a computer link.
- You don’t need to change the settings in the next window; just click on the Start Scan button at bottom right.
- Wait for the scan to complete. The scan results will be shown in several different sections.
- Please scan the list for any Red Xs (the red X refers to the item that needs to be fixed) under the Score column on the left side.
- Follow the instructions to finish MBSA scan and fix.
Best Alternatives to MBSA Windows 10
Since Microsoft Baseline Security Analyzer is a very old discontinued tool and is not available for some systems and devices now, users start to seek for alternatives to MBSA on Windows 10.
Alternative 1: SolarWinds Network Configuration Manager
SolarWinds is famous for its network administration tools; it enjoys high reputation among network and system administrators. Though SolarWinds Network Configuration Manager is not mainly used to scan system vulnerability, it’s still a good alternative to Microsoft Baseline Security Analyzer; there’s a vulnerability assessment feature included in the manager.
- You can use the SolarWinds Network Configuration Manager to validate whether there are errors and omissions in network equipment configurations.
- Also, it's able to check device configurations for changes at fixed periods. This is very important since some attacks could be implemented by modifying the configuration of a networking device.
Alternative 2: Open Vulnerability Assessment System
The Open Vulnerability Assessment System, also called OpenVAS is an open-source and free vulnerability detection system. It combines several services and tools together to be powerful enough for vulnerability scanning.
There are 3 main components in OpenVAS:
- OpenVAS scanner: it provides over 50,000 Network Vulnerability Tests till now and there will be regular updates to the tests.
- OpenVAS manager: it is responsible for controlling the scanner, consolidating results, and storing the results in a central SQL database.
- Network Vulnerability Tests database: it can be updated from the free Greenborne Community Feed or the paid Greenborne Security Feed in order to provide more comprehensive protection.
Alternative 3: Nexpose Community Edition
The Nexpose which is from Rapid7 is also a well-known vulnerability scanner. The Nexpose Community Edition is actually a scaled down version of Rapid7’s comprehensive vulnerability scanner. There are some limitations in this vulnerability scanning tool:
- It can be used to scan at most 32 IP addresses, so it’s only useful in the smallest networks.
- This product can be used for only one year; it will stop working when the time comes.
To break these limitations, you need to get the paid offering from Rapid7.
Alternative 4: Retina Network Community
Retina Network Community is one of the most famous vulnerability scanners; it’s the free version of the Retina Network Security Scanner which is from AboveTrust. By using it, users can perform a full vulnerability scan and assessment of the missing patches, non-secure configurations, as well as zero-day vulnerabilities. The good thing is that Retina Network Community shares the same vulnerability database with its paid sibling; while the bad thing is that Retina Network Community is only capable of scanning 256 IP addresses.
In addition, you can use Nessus, Retina CS, or other tools as the alternative to MBSA Windows 10.