Slashdot Mirror
Microsoft Releases Malicious Software Removal Tool
DaHat writes "Hot on the heels of their release last week of Microsoft AntiSpyware, Microsoft today released their very own Malicious Software Removal Tool with the claim that it will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier, and Zindos from your Windows 2000, XP or 2003 machine. Microsoft also promises to release an updated version of the tool on the second Tuesday of each month."
A feeling of having made the same mistake before: Deja Foobar
Will it remove firefox also?
and some already are but lets face it, to currently reach the masses this sort of stuff needs to be pushed out through windows update.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
So I installed this via Windows Update a little while ago today... Here's what I had to do just now to scan:
1. Install via Windows Update
2. Go to tool website
3. Go to website again in IE, cause it doesn't like firefox
4. Temporarily allow popups from SP2
5. Go to website again to allow the popup for the scan tool to open
6. Accept the license agreement
7. Go to website again after I accepted agreement
8. Open the tool and have IE block the ActiveX control
9. Allow the ActiveX control
10. Go to website AGAIN to install the ActiveX control
11. Allow it to scan and tell me nothing is infected...
I sure hope it wasn't this difficult for anyone else. Did I miss something? I thought it was going to be a program on my PC to run and scan, but I can't find it.
And all other software made by vendors that have sued MS.... It also comes with a custom icon that portrays Bill Gates as Baby Jesus.
News Reporters Make Tasty Polar Bear Treats!
The malware removal tool is pretty simple. It installs, scans, gives you a clean bill of health or tells you what a dirty infected whore your PC is.
The auto-update features in both applications is nice to see too... Grandma and Grandpa Internet need something to spoonfeed them like this, and if Microsoft keeps them free then grrreat. Now if only we could get them to fix IE so it isn't such a steaming pile...
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Malicious software writers promise to release an updated version of their work on the day after the second Tuesday of each month (which may or may not be the second Wednesday).
The reason that they are only going to be doing it once a month has little to do with home users and more to do with corporate ones. Most IT people I know do not have time to search out threats to their network each day and make sure everything is up to date and properly patched... instead, they do so on a schedule. In order to facilitate that, Microsoft has done the same thing. Notice that new security bulletins came out today? Mark your calendar for a month from now and you'll see a similar thing.
Yes, such a system is potentially flawed where if a major exploit is found in the wild and is running loose, taking out systems right and left, the day after Microsoft issues their advisories/patches, things could be bad. However in such a case I have little doubt they would make a special exception for those big ones.
Help Brendan pay off his student loans
"What's this? It says it's a malicious software remover."
"I dunno. Try running it?"
"Okay." (click-click.)
"PLEASE WAIT."
"What's it doing?"
"Dunno... oh, here."
"PROGRAM COMPLETE. FIFTEEN PROGRAMS REMOVED. HAVE FUN FIGURING OUT WHICH ONES, BITCHES."
"Dammit."
Their AntiSpyware Beta app updates daily by default. This malware remover is the more grown up very of the cleaners they deployed via autoupdate last year.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Thanks for the bandaid MS. Can you work on the root of the problem now or would that interfere too much with your business plan?
Time makes more converts than reason
I have rebooted. My initial impression is that there is no immediately obvious way to run the removal program. KB890830 points out the web version of the Malicious Software Removal Tool and says that "When you download the tool from Windows Update or from Automatic Updates, the tool always runs in quiet mode." The KB also has a url to download the tool. Whee.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Well that is great and all... but that is what's known as an "alternative" to the other process. I was testing the other process. If I wanted to go download it, I would have. It's not like everyone will be like "hey, I wonder if it's a pain in IE... maybe I should just download it."
Yeah, it took me an extra second to parse as well. The funny part is that the editors could have gotten rid of one funny and twenty redundant posts simply by adding one word to the title and saying: "Microsoft Releases Tool to Remove Malicious Software"
No, wait, the funny part is I thought "editing", much less "clarifying confusing sentence structure", was something the editors here did.
The enemies of Democracy are
A summary of the next 100 Slashdot posts:
/. owners modding down anything disagreeing with the Slashbot secular, pro-Linux, uniformity.
1. Finally, a Windows XP uninstaller!
2. Finally, an IE uninstaller!
3. Jokes about the malicious/software wordplay -- is it a malicious tool to remove software or a malicious software removal tool? har har har
4. Does it run on Linux?
5. Imagine a beowulf cluster of these.
6. In Soviet Russia, software tools malice YOU!
7. In Korea, only old people run malicious tools.
8. Tin foil cap-sporting nerds complaining about WinVNC rumors.
9. ???
10. Profit!
11. Declare bankruptcy.
12. Bitch about MS.
13. Spell MS with a dollar sign.
14. Tin foil cap-sporting nerds complaining about how this is a MS chokehold attempt on the market.
15. Anonymous posters claiming they had sex with your mother.
16. Mindless slashbotting.
17. 53 offtopic posts.
18.
19. Some posts by the GNAA and/or Roland Piquepalle (one and the same)
20. One really long list of post summaries, to get modded down by angry Slashbots.
<accepting no karma bonus for this crap>
Tech, life, family, faith: Give me a visit
Yup. You're right. Lot's of subdomain possibilities there!
UNIX? They're not even circumcised! Savages!
But really, what in the world could be wrong with a web based scanning system? You trust Bill Gates, don't you? You don't think he would do anything unethical while scanning your computer across the web, do you? You don't think there's a reason that the headline of this Slashdot article used the word Malicious as the first adjective to refer to this software, do you?
I'm an American. I love this country and the freedoms that we used to have.
Do you trust MS tools to scan your PC and actually do a GOOD job of it? I think Ad-Aware and others will still be around for those of us who think that is like letting the fox guard the chicken coop. If they start to get stomped, they can always sue. I haven't seen if the tool actually lets the other tools run and if they discover things it does not,and vice versa. I did hear it doesn't tell ya what it removed, and THAT is NOT good.
When I read that headline, I thought it meant Microsoft released a malicious tool for removing (non-MS) software. I don't know if that's a result of my own prejudices or just the kind of thing I've come to expect from Slashdot headlines....
I wonder if cracks for their software would be considered malicious. I can just imagine hundreds of people running this, and then finding out that Office doesn't work anymore and they only have another 28 days in which to activate Windows XP before it'll only boot in safe mode. Don't have a cracked machine to try it on, unfortunately, but I think maybe MS missed their chance by allowing everyone to bypass windows validation before downloading the anti-spyware. Perhaps this is another chance to rid the world of a few 1,000 pirates. Or perhaps I should get more sleep and/or consider Occam's Razor a little more..
Actually I don't think there SHOULD be a market for AntiVirus software. Normally I would agree with you. I think IE and WMP are examples that could be talked about in regard to embrace/extend and stifling competition.
However, no other OS in history has had to have an Antivirus industry EXCEPT Microsoft!
The idea of an entire industry built on the fact that Microsoft can't clean up after thier shit and so third party companies make a fortune doing just that is pretty sad. I actually like the idea that MS is starting to think "maybe we should wipe our own asses" is a good thing.
I miss the Karma Whores.
i downloaded it without needing activex.. theres 3 ways to get it, windowsupdate (requires IE), the activex (requires IE) button, or the download link (works in any browser)
[an error occurred while processing this directive]
It's apparently a result of MS flunking out of their English-syntax classes. The title of their page clearly states that their software is "Malicious" (and it's refreshing to see them freely admit that). It also claims to be a tool that removes software, though the title doesn't tell you what kind. Judging from the text of the rest of the page, the title should have been this:
Malicious-Software Removal Tool
A dropped hyphen often makes a big difference in the meaning of a sentence.
..wayne..
Yeah, great. And every time I try to go visit it, I end up putting the dots in the wrong places, like deli.cio.us, or de.lic.io.us. And forget about trying to tell someone verbally how to find it...
"Yeah, go check out this site, it's called delicious."
"Delicious.com?"
"No, d-e-l-dot-i-c-i-o... argh, just frickin' Google it. Oh wait, it's not in Google...
This sig is umop apisdn.
I did hear it doesn't tell ya what it removed, and THAT is NOT good.
You heard wrong. It also doesn't stop you from using any other spyware tool. How you got modded insightful is beyond me. (note: I'm not trying to insult you, that's more a smack at the mods than anything else)
put the what in the where?
Microsoft also promises to release an updated version of the tool on the second Tuesday of each month
and every second Wednesday of each month they'll release a security patch to fix the update released the day before.
(fixed the formatting)
...Somebody may have flunked basic English grammar, but it wasn't "MS". "Malicious software" is not properly a compound word, nor does it belong to any other category of construct requiring hyphenation. Hyphenation in this case is not only unrequired, but would in fact be awkward -- and, arguably, ungrammatical.
SIERRA TANGO FOXTROT UNIFORM
This tool reports to MS when it cleans. The reporting is anonymous, it says in the EULA.
T \DontReportInfectionInformation as a DWORD, and set the value to 1.
Those of you who detest automatic vendor notifications can disable this function. I just followed a tortuous string of buried references from MS to find out how, so to save you all the hassle, here's the thing:
Using regedit, create registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MR
Interesting posts. They confirmed what first thing which came to my mind: Oh! One more pest!
Seriously. No later than yesterday I ran VNC viewer (without install) on a win box. The "pest patrol" software reported VNC as a pest. The machine was slow to death, crimped with soooo many anti-anti-plus-plus-ad-on-little-nice tools.
I don't use pest removers. I look at what starts up, which services, use safe-ish Internet browser, use my brain and I have no pests.
Zijus.