Almost a month after the first outbreak of the Code Red worm spread across the Internet by attacking vulnerable Microsoft servers, Microsoft announced Wednesday the release of two new security tools aimed at helping systems administrators and users keep their systems up to date and protected.
Code Red was able to exploit systems and cause the trouble it did because hundreds of thousands of servers had not been patched with a security fix for a flaw Microsoft had alerted users to in June, a month before Code Red hit the scene. The large number of vulnerable servers showed that users weren't keeping their security patches up to date. To that end, Microsoft and Shavlik Technologies LLC partnered to create two free tools, HFNetChk and Microsoft Personal Security Advisor (MPSA), aimed at helping users identify and obtain the patches they need to install.
HFNetChk is a command-line tool that runs on Windows NT 4.0 and higher and Windows 2000. The application can scan the status of all machines on a network, check their patches against an XML (Extensible Markup Language) database of patches maintained by Microsoft, and deliver a report on which patches need to be applied to what machines, Microsoft said.
While HFNetChk is a tool for corporate networks, MPSA is aimed at home users and small businesses. MPSA is also a scanning tool, but one that resides on a Web site, rather than needing to be downloaded. In order to check for security patches for their machines, users simply go to the MPSA Web site and click the "Scan Now" button. After that, a list of available patches, as well as recommendations on how to improve security, is presented to them. MPSA is also available Windows NT 4.0 and higher and Windows 2000 systems.
The tools represent "a down payment on an initiative that's been under way for quite awhile at Microsoft," according to Scott Culp, security program manager at the Microsoft security response center. HFNetChk and MPSA are the first in a series of tools aimed at helping users secure their systems, he said, adding that new tools related to IIS (Internet Information Server) and other software will be released in the next few weeks.
While saying that there is no direct relationship between the initiative to create these tools and the Code Red worm, Culp did say that "customers have been telling us for a while that security maintenance needs to be easier." By trying to make it easier with these tools, Microsoft hopes to increase the rate that systems are patched, thus leading to a decrease in the spread of worms like Code Red, he said.
"Tools like this will go a long way towards preventing things like Code Red in the future," he said.
Additionally, Microsoft will publish the XML files and the database schema for the patch and security information database. Microsoft will encourage other companies to write their own tools to work with the database, but will not charge a licensing fee for the information or for access to it, he said.