More threads by David Baxter PhD

David Baxter PhD

Late Founder
Free software finds your security flaws
By Scott Dunn

Computer security covers a host of areas ? password policies, software patches, account restrictions, protection against malware and more.

Fortunately, with the right software, you can get a complete security analysis of your system for free without hiring a costly consultant.

Get an analyst's findings without the analyst
These days, no one who cares about their system and data can afford to be without a security plan. But most small business and home users are not in a position to hire a security expert to analyze their setup and tell them what to fix.

Fortunately, you can find a number of free tools online that will analyze your system and produce a detailed report of your security strengths and weaknesses. The best ones will even point you to a solution. I tested each of the following products:

? Microsoft Baseline Security Analyzer
? Belarc Advisor
? Securable
? AOL Active Security Monitor
? xp-AntiSpy

Bonus tip: None of the tools listed above check the patch status of all your software (Flash, Acrobat, Java, and so on). This means you should also use the Online Software Inspector at to learn which applications on your system need patching. I described the benefits of this free service in articles on Aug. 16 and Sept. 6.

MBSA bests Belarc for useful info
Based on my testing of the five free security-analysis tools, I recommend the Microsoft Baseline Security Analyzer as by far the best product I worked with. It covers a variety of areas important to security and provides solutions wherever a weakness is found. It's simple enough for intermediate computer users, but sophisticated enough for professionals.

Belarc Advisor won second place in my tests. This program is most useful for highly knowledgeable IT professionals who want a summary of the minutiae of their hardware and software settings.

Microsoft Security Baseline Analyzer is tops
The free MBSA program can be downloaded from or sites like File Hippo. In either case, the installation of MBSA (unfortunately, for some) requires validation via Windows Genuine Advantage.

Once installed, MBSA can analyze a single computer or multiple computers on your network. It saves each scan as a report that you can print or copy to the Clipboard. Brightly colored icons make it easy to spot safe (green), questionable (yellow) or problem (red) areas, along with additional info (blue).

Each entry in the report links to HTML help text, explaining what was scanned and (in many cases) giving details on the results. If a problem is found, a "How to correct this" link is also available. The help files, in turn, often link to additional files online, such as Microsoft Knowledge Base articles.

It's this at-a-glance approach to presenting information, combined with easy-to-access resources, that makes MBSA a winner.

Belarc Advisor provides detail without advice
Belarc Advisor is another tool chock full of information on your system ? perhaps too much. On the up side, Belarc checks whether you have the latest Windows patches and virus protection and provides a highly detailed picture of your computer hardware. It also lists all your software programs and their versions, but it fails to tell you which apps need updating.

If you have Windows 2000, XP Pro, or 2003, Belarc Advisor also rates your computer using the Center for Internet Security benchmark (providing a score from 1 to 10). This is based on an exhaustive list that covers many of the same areas as MBSA, but in mind-numbing detail. Included is a lengthy list of Registry settings relating to permission levels. These are best configured using Windows' own control panels and administrative tools, rather than dabbling in the Registry directly. Consequently, the detail level is not very helpful to the vast majority of users.

Like MBSA, Belarc Advisor's detailed reports are linked to a help file of explanations. But, unlike MBSA, the program's explanations are often inadequate and have no further links to online resources.

Although Belarc's level of detail might be useful for IT pros, the free version is intended only for noncommercial use. You can find its licensed, commercial version at the Belarc site.

Other analyzers don't match the competition
The other programs I tested didn't match the results obtained from MBSA or Belarc Advisor.

SecurAble is a free tool from Gibson Research that doesn't try to do very much and succeeds at that very well. Its only purpose is to check for three security features common to computer processors and tell you the status of those features on your machine. Explanatory info is provided at the SecurAble Web site. Unfortunately, the program doesn't look at any other security aspects of your computer.

Active Security Monitor (ASM) from AOL has the most attractive interface of all the products I considered. Unfortunately, its recommendations are somewhat suspect.

ASM gives you a security score from 1 to 100 based on your firewall; virus and spyware protection; whether Windows and IE are fully patched; and more. Unlike many such scanners, it also looks at wireless security (if your system has a Wi-Fi connection) as well as file-sharing software.

The product looks for utilities, such as backup software, but it failed to detect Windows own built-in backup application. Instead, it suggested I try AOL's backup service, suggesting that the entire utility is nothing more than a sales gimmick. Fortunately, the link to "other file backup solutions" did send me to non-AOL products, but did little more than open a search page for backup utilities at CNET's site.

Like SecurAble, xp-AntiSpy doesn't pretend to analyze your whole system, only those settings specific to Windows XP that may affect your security. The program presents a list of checkboxes showing the state of these settings (for example, whether Automatic Updates is on or off) and lets you change the setting immediately without opening any other control panel or Windows tool.

As you hover over each setting in the list, text in the bottom pane provides you with brief but usually helpful information. Especially useful are the modes available via the Preview menu. For example, you can choose the System Defaults profile to color-code the controls by their default setting (green for on, red for off). Or you can choose the Suggested profile to see color codes for the product's own recommended settings for maximum security.

The nice thing about free software is that you don't have to choose just one product. As long as you're using tools that mainly diagnose and don't change settings on their own (which describes all the applications here), you're not out of pocket if you want to run several different system analyses. But if you're short on time and serious about security, Microsoft Baseline Security Analyzer is the best tool, providing serious scanning and smart solutions.
Replying is not possible. This forum is only available as an archive.