NEW VERSION OF BINSCOPE BINARY ANALYZER

November 20, 2014 – SDL Team – Trustworthy Computing, Microsoft

We are delighted to announce the general availability of a new version of the BinScope Binary Analyzer, Microsoft BinScope version 2014. BinScope is a tool used during the Security Development Lifecycle (SDL) verification phase. It is available as a free download from the Microsoft Download Center here.

BinScope was designed to help detect potential vulnerabilities that can be introduced into Binary files. The tests it implements examine application binary files to identify coding and build practices that can potentially render the application vulnerable to attack or to being used as an exploit attack vector.

BinScope 2014 offers many new improvements over version 1.2, such as:

Improved Diagnostic Messages

A key focus for us this release was to ensure that diagnostic messages are clear and actionable for engineers when a potential vulnerability is detected. We believe that being able to quickly understand not only the potential issue but its mitigation is key.

New Minimum Compiler and Minimum Linker Version Switch

By default, BinScope 2014’s CompilerVersionCheck will adhere to the compiler and linker versions defined in the SDL guidance. However, we recognize that compiler and linker versions will evolve over time, as a result we have added two new command line switches. These switches, known as /MinimumCompilerVersion and /MinimumLinkerVersion, provide the ability to adjust the minimum linker and compiler versions that BinScope will detect when running the CompilerVersionCheck.

Increased Performance

Another important focus for us was to improve the performance of BinScope when executing a scan, particularly with large binaries. As a result, we have been able to improve the scanning performance of BinScope by up to 4 times.

Other changes include:

  • Removal of the Graphical User Interface (GUI).
  • Removal of directory scanning, instead individual binary paths should be provided.
  • General bug fixes.

For more information and additional resources, visit:

About the Author

SDL Team

Trustworthy Computing, Microsoft
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s