[real-eyes] Microsoft Safety Scanner
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Thu, 28 Apr 2011 15:49:03 -0500
The following is from:
ANDREW TECH HELP
http://andrewtechhelp.com
Microsoft Safety Scanner
Monday, 25 April 2011 23:32
Administrator Andrew
Microsoft Safety Scanner
One of the worst things computer manufacturers have done for computer
security is
to include trials of commercial anti-virus software on computers they
sell. This
may sound strange, because having these computers going out of the
factory with commercial
anti-virus software means that they have protection as soon as they
leave the factory,
but it also means the user thinks they're protected, well after the
software expires.
The user doesn't have to pay for this software when they buy the
computer and yet
it's pre-installed and working, so most users assume the computer
manufacturer sorted
that out for them and that they will be protected for a long time. I
often have to
go out to people's computers and remove viruses that get onto people's
systems because
the anti-virus software that was supposed to be protecting them had
expired (and
therefore deactivated) rendering it useless. The process of resolving
the problem
is normally a 2 step process. Firstly I needed to remove the virus that
managed to
get on there (normally a virus pretending to be an anti-virus client
which is actually
trying to extort money out of the victim by holding their computer at
ransom until
they pay to "fix" the problem) using a program such as Malwarebytes and
then remove
the trial anti-virus, replacing it with a working anti-virus program. On
April 15,
2011, Microsoft added a new tool to my toolkit which is designed to be
much more
effective than Malwarebytes and therefore replace it. The best bit is,
it's absolutely
free. This tool is called the Microsoft Safety Scanner.
Microsoft Safety Scanner is NOT an anti-virus program and therefore does
not replace
a proper real time anti-virus client such as Microsoft Security
Essentials. What
it is though, is a tool that you can use to remove viruses on computers
that don't
have anti-virus software or where the regular anti-virus software was
disabled by
the virus (it does happen, which is why anti-virus software is only a
second defence
and not an excuse for bad security practice). So quite commonly the
virus you get
infected with will render your computer useless and will block the use
of most tools
that it believes you could use to remove it (Task Manager, Command
Prompt, Internet
Explorer etc) and the only way to gain some type of control of the
computer is to
reboot it into Safe Mode which will cripple the virus in some ways
(because Safe
Mode only loads the bare essentials that Windows needs to run and the
files the virus
needs to run aren't these). The problem with Safe Mode is, you can't
really install
or uninstall much software, because the services needed to do this (most
notably
the Windows Installer service) aren't enabled. Therefore you need
something that
is designed to be installed in Safe Mode (such as Malwarebytes) or
something that
is a packaged file that can be run without installation. You also need
something
that isn't dependant on connecting to the internet to check for the
latest virus
definitions, because that isn't always an option because firstly the
internet doesn't
always work in Safe Mode, but also because the virus may have damaged
files needed
to get on the internet. Microsoft Safety Scanner meets both of these
requirements.
So we should probably have a look at how Microsoft Safety Scanner works.
It's exactly
the same as the Microsoft Malicious Software Removal Tool that
automatically gets
updated and run each month during your automatic updates through Windows
Update except
for one small difference I'll cover in a second. In January 2005,
Microsoft created
this tool to scan for and remove specific common malware that was
widespread and
infecting computers everywhere. One of the key things it was searching
for was rootkits,
which were interfering with common system files, which Microsoft would
then update
through Windows Update and this would cause the rootkit to crash because
it was looking
for specific versions of these system files, which weren't there. When
the rootkit
crashed, it would bring the whole system down with it. This toolkit
would allow for
these rootkits to be removed before updates were applied. So Microsoft
Safety Scanner
is the same as this Malicious Software Removal Tool, but instead of
containing the
definitions for 20 or so widespread rootkits and viruses, it contains
exactly the
same set of definitions as the latest version of Microsoft Security
Essentials. As
it's a package of the latest virus definitions from Microsoft Security
Essentials,
but those virus definitions for Microsoft Security Essentials are
updated 3 times
per day and the Microsoft Safety Scanner doesn't update itself,
Microsoft says this
scanner will expire 10 days after downloading it, so you'll have to re
download it
after 10 days, which is fair enough. This makes it perfect for
downloading onto a
USB stick before removing viruses from a computer while in Safe Mode and
then rebooting
and installing a proper anti-virus program, which is exactly how it's
designed to
be used. Running this program on a working computer that's got a working
copy of
Microsoft Security Essentials (or other anti-virus) will not provide you
any extra
protection, this is purely for running when you've got a virus and your
normal anti-virus
program isn't working or when there is no anti-virus installed.
So when you first load it, it asks you to accept the licence agreement,
then explains
what it does and gives you 3 options (the same three you get with the
Malicious Software
Removal Tool and with Microsoft Security Essentials). You can either run
a Quick
Scan (finds most viruses and takes about 15 minutes), a Full Scan (a
more through
scan which can take several hours) or a Custom Scan (which scans the
folders of your
choice). Once you pick an option, you just wait for it to scan your
computer and
if it finds viruses, it will remove them for you! It's as simple as that.
Safety Scanner - EULA
Safety Scanner - Welcome
Safety Scanner - Mode Selection
Safety Scanner - Scanning
Safety Scanner - Complete
So that's Microsoft Safety Scanner - your Malwarebytes replacement that
you can download
from (
http://www.microsoft.com/security/scanner/en-us/default.aspx
). This tool works on Windows XP, Windows Vista and Windows 7 (and
respective Server
editions). I'll repeat this for a final time: this is NOT an anti-virus
replacement,
but rather an on demand virus removal tool with a full anti-virus
definition database
that's useful to remove malware on systems that do not have working
anti-virus software
on them before installing proper real time anti-virus software such as
Microsoft
Security Essentials. For this tool, I say well done Microsoft. Now to
try and get
computer manufacturers to pre-install Microsoft Security Essentials
instead of commercial
anti-virus trials so that we limit this problem of expired anti-virus
programs.
back to top
Last Updated on Friday, 29 April 2011 01:39
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
