Microsoft Anti Virus

Microsoft will announce her AV coming tuesday. There will be a download which will be a bit like Stinger AV. It's certainly not the AV that MS will launch later this year.
Not any confirmation or links from me. (yet)

Gerard

 

Next tuesday... oh my, I hope it's in one of the critical security patches

 

Just another source, that says the same:

http://www.vnunet.com/news/1160338

 

Interesting...Hmmm does this mean there will be no conflicts with existing AV's running in realtime... I guess the key is that it will be a removal tool not really a prevention. Did I just answer my own question or does some body know different Sorry, do not mean to sound so stupid just thinking as I type and it's getting late and I have been flying around the web; getting kind of tired.

Side question: do you think some at Micro$oft are burning midnight oil to get it out or do you think we will see the seemingly endless delays?

 

I'll never understand why Microsoft does what it does. They could have simply renamed RAV and put it out for us, like they did Giant. Then, they could have made changes and offered their 'improved' version later.

 

I think we could all just be in for a shock when Ms finally do release their Av. They are aware everyone is looking for them to fail, and by releasing little feelers onto the market, it allows them to make all the tweaks required for the big launch.

 

I just asked the same question about conflicts in post #3 here...........

https://www.wilderssecurity.com/showthread.php?t=61602

I wish I would have read your post first before asking the same question. I see no one has come up with an answer yet. Maybe it's too new and no one knows for sure.

 

The AV market is also a whole lot bigger, with more "powerful" and long established competitors.

 

Is this it?

http://www.microsoft.com/downloads/...FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

 

Okay, downloaded it via Updates and...

Where is it? I can't find an executable to run. I then did the manual download which gave me an EXE file which asked for a EULA every time you run it.

No threats found (not surprising), but could be an interesting tool. If I have to download a new exe that I have to enable in ProcessGuard I'm thinking this tool isn't going to do it for me unless I'm looking to remove something specific.

Either I'm missing something (most likely) or this is one user hostile tool (possible).

Any idea?

 

I did too and can't find it anywhere a normal person would look. There is the mrt.log in the \windows\debug folder and the installer (KB890830-enu.exe)in the \WINDOWS\SoftwareDistribution\Download\Install folder so its there but how do you run the damn thing. According to the mrt log it ran at update...

Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Tue Jan 11 19:42:19 2005
Removal Tool Results:
No infection found.
Microsoft Malicious Software Removal Tool Finished On Tue Jan 11 19:42:20 2005

...but I see no way to run it on demand.

 

Well here:

Immediately after the EULA has been accepted, the tool scans computer memory for known malicious software and stops any malicious processes that are found. It also deletes files and registry keys that are associated with processes that are identified as malicious.

But here:

• If the tool detects malicious software or if an error occurs while the tool is running, the tool sends a report to Microsoft that contains basic information about the malicious software or about the error. No identifiable personal information that is related to you or to your computer is sent together with this report.•

Reporting component

As noted in the "Usage information" section, the Malicious Software Removal Tool will send information back to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence. The specific information that is sent to Microsoft includes the following items:

• The name of the malicious software that is detected
• The result of malicious software removal
• The operating system version
• The operating system locale
• The processor architecture

I don't like that.

All can be found here.

http://support.microsoft.com/?kbid=890830

 

just a little more info here


the online scanner is here

 

Thanks DJS - I'm feeling better about not being able to find it. So I guess it will run automatically as a result of the next Windows Update that updates its definitions?

And Microsoft gets a report and I don't get to see the report or choose if I want it sent?

Odd that it would have no GUI component at all in Windows.

 

• Q2: What installer does this tool use?

A2: The tool does not install or update files on a computer. Therefore the tool does not use an installer, such as Windows Installer or Update.exe. It is packaged within a self-extracting CAB executable to reduce the size of the package.

• Q3: How do I remove this tool?

A3: The tool does not have to be removed because the tool is never installed. No Programs folder entry or Add/Remove Programs entry is created when the tool is run. However, there may be a temporary folder left in the root of one of your disks. This folder will be removed on next restart.

• Q11: What is the difference between this tool and an antivirus product?

A11: There are three key differences between the Malicious Software Removal tool and an antivirus product:

• The tool provides postinfection removal of malicious software. It can only remove malicious software from an already-infected computer. Antivirus products are also able to block malicious software from running on a computer. It is significantly more desirable for malicious software to be blocked from running on a computer than being removed postinfection.

• The tool removes only specific, prevalent malicious software. See "Release information" for the specific list. Specific, prevalent malicious software is a small subset of all the malicious software in the wild today. An antivirus product can remove significantly more-malicious software.

• The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running. The tool cannot remove malicious software that is not running. An antivirus product can perform this task.

 

these are the malware that it detects

 

Hey, if they clean up a few machines maybe I'll actually get to see my modem receive light blink again like it did in old worm free days instead of "always on".

 

I saw that later, sorry about that..

 

So my understanding is that basically this is an AV scanner/cleaner that is intended to run behind the scenes after Windows Update. It is intended to catch a limitied set of very common viruses to eliminate about 80% ~ 90% of the common stuff. For the typical user, only alerts them if it finds something nasty, otherwise they won't even see it working.

Interesting idea, actually I think its a good one given that MS has to worry about millions of non-technical users. One question is whether ProcessGuard will see the AV scanner as a new process every time it updates - I suspect it will.

 

Sorry to say but if MS were serious about security, they would be proactive and not reactive, i mean having to have tools to get rid of junk caused by their own insecurities, why not fix the system, instead of bolting on more junk/bloat to clean up.

MS and security, I would'nt like to put all my eggs in the same basket.

MS is good at some things, good at certain aspects of others, but not security (insecurity by poor design and implementation).
MS development guys, who are decent (my boss was one, also the server guys are quite cool) are unfortunatly driven by the grand scheme of the marketing machine of MS, who really dont care for quality products (just look how they bummed us off with win me), they just want things that look good and sell, regaurdless of how well they do. Unfortunatly no matter how rosy their security efforts look now, if I was a betting man I would put money on it being a marketting exercise, and in the long run, their efforts running out of fuel.
IMHO, I think they are gearing up for Longhorn (marketting wise).

Nick.

PS I do like windows nt, xp 2k etc, Ive been developing with visual studio for 5 years, inc .net which im a big fan of, but I really hate MS' backwards thinking.

 

I got my Microsoft Malicious Software Removal tool today thru Windows update. I also downloaded it myself. When I go to properties and click on Virus Property, it shows that it is using Trend Micro Internet Security 2005. Nice to know since I'm using TMIS 2005 as my AV.