Perhaps in partial atonement for the sin of distributing operating systems whose default setups are full of holes, Microsoft offers a solid tool for detecting and fixing the problems. It's not as sophisticated as some of the security software professional system administrators use, but the Microsoft Baseline Security Analyzer is easy to install and run, and, best of all, it's a free download from microsoft.com.
The security analyzer runs on Windows NT, 2000, and XP. (Security analysis on Windows 95, 98, and Me is a waste of time because these older versions are insecure by design, and no amount of tightening settings and installing patches is going to fix them.) The download is less than 3 megabytes.
JUST RELAX. Don't be alarmed if your antivirus software pops up and objects when you run the security analyzer. To perform its job, it has to do things, such as scan the security settings of other programs and the operating system itself that properly look very suspicious. Just tell the antivirus program to relax and let you run the scan.
If you have a network, you can install the analyzer on just one computer and use it to scan all the systems on the net. After a couple of minutes, it produces a report showing all the potential vulnerabilities on the system, with those ranked most severe listed first. Typically, the worst issues will be accounts with weak or no passwords and critical security updates that have not been installed.
Among the items the analyzer looks for are hard drives that use the old file allocation table (FAT) system of storing files instead of the much more secure NT File System (NTFS). As it does for most vulnerabilities, the analyzer offers a clickable link to a suggestion on how to deal with the problem -- in this case, a built-in Windows file-system conversion utility.
SECRET DOORS. Another important check is for Windows features, or "services," that are turned on but not needed. For example, many Windows 2000 and XP systems may have Internet Information Server -- a built-in Web server with many security issues -- turned on unnecessarily.
It's a good idea to print out the analyzer's report, which contains more information than can be shown on the screen. You may learn about accounts installed on the computer that you didn't even know were there. You'll also get information on every file, folder, printer, or other resource that has been shared, and who is authorized to use it over a network.
It's annoying that Microsoft has produced operating systems that have nasty security problems in their default configuration. At least it has supplied us with a good tool to clean up that mess. Wildstrom is Technology & You columnist for BusinessWeek. Follow his Flash Product Reviews, only on BusinessWeek Online