Some months back, Microsoft announced the purchase of an antivirus company.
For those in malware research, this appeared to be an indicator that Microsoft
would be getting back into the field. Apparently, very few of us are old
enough to
recall the first time Microsoft "produced" an antivirus product, but those who
are
remember that the kindest way to describe the attempt would be "not fully
thought through." Therefore, we did not look forward to this event with any
great enthusiasm.
Subsequently, Microsoft announced it had acquired an anti-spyware company.
Then it announced a beta test version of an anti-spyware product. Then there
was
a flurry of announcements about legalities, copyright infringements, products
that
would be free, settlements of copyright infringement suits, products that would
be
charged for, and so forth, so I hope I can be forgiven for not recalling
exactly
where in that timeline came the announcement of a beta version of an antivirus
product.
I viewed the antivirus beta with some trepidation. The announcement was not
particularly clear about the capabilities of the product. It did indicate that
the
antivirus would be a) limited to specific malware programs, b) concentrate on
"worms," and c) there seemed to be hints that the program would run in the
background. With apprehension I downloaded the beta antivirus and installed it
on
one machine.
Nothing happened.
Nothing appeared in the Start menu programs list. Nothing appeared in the
"Program Files" directory. Nothing appeared in the "Remove Programs" list.
Nothing disappeared from my malware samples directory.
Subsequently, I have been receiving announcements from "Auto Update" that the
"Windows Malicious Software Removal Tool" was ready for installation.
Previously I found this completely bewildering. In the latest instance, if you
choose "Custom Install," it does inform you that the tool will run once, and
then
be deleted from your computer. This makes a bit more sense.
According to Microsoft, more information for this update can be found at
http://www.microsoft.com/malwareremove. This page states the same "run and
then disappear" process, along with the assertion that the program will
generate a
report on the status of your computer. (So far, in my experience, this hasn't
happened.)
The page lists seventeen pieces of malware that the program "cleans." The
mention of "background" operation now seems to be tied to the Auto Update
process, although it isn't completely clear that the antivirus itself doesn't
run in
the background. (The "run and delete" description would seem to indicate that
the
antivirus doesn't run in the background.)
I am interested in results from any others who have studied the program in more
detail, including issues related to where the program looks for infections,
what is
cleaned, removal of malware from memory, cleanup of the Registry, scanning of
mail files (many of the malware items listed are spread via email attachments),
and so forth.
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
Freedom is not worth having if it does not connote freedom to
err. It passes my comprehension how human beings, be they ever so
experienced and able, can delight in depriving other human beings
of that precious right. - Mahatma Gandhi, (1869-1948)
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
