Microsoft Anti Virus

Discussion in 'other anti-virus software' started by gerardwil, Jan 9, 2005.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Microsoft will announce her AV coming tuesday. There will be a download which will be a bit like Stinger AV. It's certainly not the AV that MS will launch later this year.
    Not any confirmation or links from me. (yet)

    Gerard
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Next tuesday... oh my, I hope it's in one of the critical security patches *puppy*
     
  3. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Just another source, that says the same:

    http://www.vnunet.com/news/1160338

     
  4. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Interesting...Hmmm does this mean there will be no conflicts with existing AV's running in realtime... :doubt: I guess the key is that it will be a removal tool not really a prevention. Did I just answer my own question or does some body know different o_O :oops: Sorry, do not mean to sound so stupid just thinking as I type and it's getting late and I have been flying around the web; getting kind of tired.

    Side question: do you think some at Micro$oft are burning midnight oil to get it out or do you think we will see the seemingly endless delays? :p
     
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I'll never understand why Microsoft does what it does. They could have simply renamed RAV and put it out for us, like they did Giant. Then, they could have made changes and offered their 'improved' version later.
     
  6. Ga1tar

    Ga1tar Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    118
    Location:
    U.K
    I think we could all just be in for a shock when Ms finally do release their Av. They are aware everyone is looking for them to fail, and by releasing little feelers onto the market, it allows them to make all the tweaks required for the big launch.
     
  7. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California

    I just asked the same question about conflicts in post #3 here...........

    https://www.wilderssecurity.com/showthread.php?t=61602

    I wish I would have read your post first before asking the same question. :) I see no one has come up with an answer yet. Maybe it's too new and no one knows for sure.
     
  8. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    The AV market is also a whole lot bigger, with more "powerful" and long established competitors.
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  10. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
    Okay, downloaded it via Updates and...

    Where is it? I can't find an executable to run. I then did the manual download which gave me an EXE file which asked for a EULA every time you run it.

    No threats found (not surprising), but could be an interesting tool. If I have to download a new exe that I have to enable in ProcessGuard I'm thinking this tool isn't going to do it for me unless I'm looking to remove something specific.

    Either I'm missing something (most likely) or this is one user hostile tool (possible).

    Any idea?
     
  11. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    I did too and can't find it anywhere a normal person would look. There is the mrt.log in the \windows\debug folder and the installer (KB890830-enu.exe)in the \WINDOWS\SoftwareDistribution\Download\Install folder so its there but how do you run the damn thing. According to the mrt log it ran at update...

    Microsoft Malicious Software Removal Tool v1.0, January 2005
    Started On Tue Jan 11 19:42:19 2005
    Removal Tool Results:
    No infection found.
    Microsoft Malicious Software Removal Tool Finished On Tue Jan 11 19:42:20 2005

    ...but I see no way to run it on demand.
     
  12. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Well here:

    Immediately after the EULA has been accepted, the tool scans computer memory for known malicious software and stops any malicious processes that are found. It also deletes files and registry keys that are associated with processes that are identified as malicious.

    But here:

    • If the tool detects malicious software or if an error occurs while the tool is running, the tool sends a report to Microsoft that contains basic information about the malicious software or about the error. No identifiable personal information that is related to you or to your computer is sent together with this report.

    Reporting component

    As noted in the "Usage information" section, the Malicious Software Removal Tool will send information back to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence. The specific information that is sent to Microsoft includes the following items:

    • The name of the malicious software that is detected
    • The result of malicious software removal
    • The operating system version
    • The operating system locale
    • The processor architecture

    I don't like that.

    All can be found here.

    http://support.microsoft.com/?kbid=890830
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    just a little more info here


    the online scanner is here
     

    Attached Files:

    Last edited: Jan 11, 2005
  14. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
    Thanks DJS - I'm feeling better about not being able to find it. So I guess it will run automatically as a result of the next Windows Update that updates its definitions?

    And Microsoft gets a report and I don't get to see the report or choose if I want it sent?

    Odd that it would have no GUI component at all in Windows.
     
  15. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12
    Q2: What installer does this tool use?

    A2: The tool does not install or update files on a computer. Therefore the tool does not use an installer, such as Windows Installer or Update.exe. It is packaged within a self-extracting CAB executable to reduce the size of the package.

    Q3: How do I remove this tool?

    A3: The tool does not have to be removed because the tool is never installed. No Programs folder entry or Add/Remove Programs entry is created when the tool is run. However, there may be a temporary folder left in the root of one of your disks. This folder will be removed on next restart.

    • Q11: What is the difference between this tool and an antivirus product?

    A11: There are three key differences between the Malicious Software Removal tool and an antivirus product:

    • The tool provides postinfection removal of malicious software. It can only remove malicious software from an already-infected computer. Antivirus products are also able to block malicious software from running on a computer. It is significantly more desirable for malicious software to be blocked from running on a computer than being removed postinfection.

    • The tool removes only specific, prevalent malicious software. See "Release information" for the specific list. Specific, prevalent malicious software is a small subset of all the malicious software in the wild today. An antivirus product can remove significantly more-malicious software.

    • The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running. The tool cannot remove malicious software that is not running. An antivirus product can perform this task.
     
  16. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    these are the malware that it detects
     

    Attached Files:

  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    If you download the program to your disk, you can run it from a gui.

    If you get it from windows update, you can set it not to report back to Microsoft.

    http://support.microsoft.com/kb/891716

    Q3. How can I block this update from being sent to my computers through Automatic Updates?

    A3. You can set the registry key described in Q2, and the tool will not appear on Windows Update or on Automatic Updates.

    Q4. How can I disable the infection reporting component of the tool so that the report is not sent back to Microsoft?

    A4. An administrator can choose to disable the infection reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT\DontReportInfectionInformation with the value of "1". Note that this value should be of type REG_DWORD.

    This functionality is automatically disabled if the following registry key value exists: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServerback to the topThis registry key value indicates that the computer is connected to a SUS server.
     
    Last edited: Jan 11, 2005
  18. djs17404

    djs17404 Registered Member

    Joined:
    Nov 15, 2004
    Posts:
    12

    Hey, if they clean up a few machines maybe I'll actually get to see my modem receive light blink again like it did in old worm free days instead of "always on". :D
     
  19. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I saw that later, sorry about that.. :oops:
     
  20. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
    So my understanding is that basically this is an AV scanner/cleaner that is intended to run behind the scenes after Windows Update. It is intended to catch a limitied set of very common viruses to eliminate about 80% ~ 90% of the common stuff. For the typical user, only alerts them if it finds something nasty, otherwise they won't even see it working.

    Interesting idea, actually I think its a good one given that MS has to worry about millions of non-technical users. One question is whether ProcessGuard will see the AV scanner as a new process every time it updates - I suspect it will.
     
  21. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Sorry to say but if MS were serious about security, they would be proactive and not reactive, i mean having to have tools to get rid of junk caused by their own insecurities, why not fix the system, instead of bolting on more junk/bloat to clean up.

    MS and security, I would'nt like to put all my eggs in the same basket.

    MS is good at some things, good at certain aspects of others, but not security (insecurity by poor design and implementation).
    MS development guys, who are decent (my boss was one, also the server guys are quite cool) are unfortunatly driven by the grand scheme of the marketing machine of MS, who really dont care for quality products (just look how they bummed us off with win me), they just want things that look good and sell, regaurdless of how well they do. Unfortunatly no matter how rosy their security efforts look now, if I was a betting man I would put money on it being a marketting exercise, and in the long run, their efforts running out of fuel.
    IMHO, I think they are gearing up for Longhorn (marketting wise).

    Nick.

    PS I do like windows nt, xp 2k etc, Ive been developing with visual studio for 5 years, inc .net which im a big fan of, but I really hate MS' backwards thinking.
     
  22. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California
    I got my Microsoft Malicious Software Removal tool today thru Windows update. I also downloaded it myself. When I go to properties and click on Virus Property, it shows that it is using Trend Micro Internet Security 2005. Nice to know since I'm using TMIS 2005 as my AV. [​IMG]
     
Loading...
Thread Status:
Not open for further replies.