As part of their involvement at the Black Hat security conference in virginia the microsoft security team has released a new beta of a tool to assist security analysts in understanding the security impacts and effects that result from installation of software that performs unknown installation features. The Attack Surface Analyzer or ASA for short is based on a slightly dated, but still very relevant Carnegie Mellon paper on measuring attack surfaces - link . The beta product implements a few of the methodologies discussed by creating baselines of system information before and after the installation of the target software, then analyzing the differences noted and providing an analysis based on a predefined set of security properties (set by Microsoft). This approach is not new, however Microsoft's product makes the work of baselining, analyzing and reporting extremely easy, with a easy to read browser readable report generated for the analyst. I decided to test this tool out with