You are exactly right about the old DOS anti-virus product. It was a
stripped down version of Central Point AV. I remember that product well.
As usual with a lot of free programs from Microsoft, you got what you paid
for. Of course, I didn't consider the full CPAV product to be much
better.......
Steve Fletcher
MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
safletcher@insightbb.com
-----Original Message-----
From: Steve [mailto:securityfocus@delahunty.com]
Sent: Thursday, March 17, 2005 10:42 PM
To: rslade@sprint.ca; focus-virus@securityfocus.com
Subject: Re: Microsoft antivirus - is it beta?
I don't recall any notices about a desktop anti-virus app but I do for the
anti-spyware app. I have installed it on a few machines, the anti-spyware
app, and find it to be quite useful as compared to the other half dozen or
so similar apps with which I have experience.
On this page it refers to Malware, not anti-virus.
http://www.microsoft.com/security/default.mspx
I do remember the days of Microsoft providing anti-virus software, and even
a DOS version. If I recall correctly they acquired the app from Central
Point or it at least looked like it.
Microsoft has recently purchased Sybari, a company that makes some great
products but mostly oriented on the corporate level.
STEVE
----- Original Message -----
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@sprint.ca>
To: <focus-virus@securityfocus.com>
Sent: Wednesday, March 16, 2005 1:03 PM
Subject: Microsoft antivirus - is it beta?
Some months back, Microsoft announced the purchase of an antivirus company.
For those in malware research, this appeared to be an indicator that
Microsoft
would be getting back into the field. Apparently, very few of us are old
enough to
recall the first time Microsoft "produced" an antivirus product, but those
who are
remember that the kindest way to describe the attempt would be "not fully
thought through." Therefore, we did not look forward to this event with any
great enthusiasm.
Subsequently, Microsoft announced it had acquired an anti-spyware company.
Then it announced a beta test version of an anti-spyware product. Then
there was
a flurry of announcements about legalities, copyright infringements,
products that
would be free, settlements of copyright infringement suits, products that
would be
charged for, and so forth, so I hope I can be forgiven for not recalling
exactly
where in that timeline came the announcement of a beta version of an
antivirus
product.
I viewed the antivirus beta with some trepidation. The announcement was not
particularly clear about the capabilities of the product. It did indicate
that the
antivirus would be a) limited to specific malware programs, b) concentrate
on
"worms," and c) there seemed to be hints that the program would run in the
background. With apprehension I downloaded the beta antivirus and installed
it on
one machine.
Nothing happened.
Nothing appeared in the Start menu programs list. Nothing appeared in the
"Program Files" directory. Nothing appeared in the "Remove Programs" list.
Nothing disappeared from my malware samples directory.
Subsequently, I have been receiving announcements from "Auto Update" that
the
"Windows Malicious Software Removal Tool" was ready for installation.
Previously I found this completely bewildering. In the latest instance, if
you
choose "Custom Install," it does inform you that the tool will run once, and
then
be deleted from your computer. This makes a bit more sense.
According to Microsoft, more information for this update can be found at
http://www.microsoft.com/malwareremove. This page states the same "run and
then disappear" process, along with the assertion that the program will
generate a
report on the status of your computer. (So far, in my experience, this
hasn't
happened.)
The page lists seventeen pieces of malware that the program "cleans." The
mention of "background" operation now seems to be tied to the Auto Update
process, although it isn't completely clear that the antivirus itself
doesn't run in
the background. (The "run and delete" description would seem to indicate
that the
antivirus doesn't run in the background.)
I am interested in results from any others who have studied the program in
more
detail, including issues related to where the program looks for infections,
what is
cleaned, removal of malware from memory, cleanup of the Registry, scanning
of
mail files (many of the malware items listed are spread via email
attachments),
and so forth.
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
Freedom is not worth having if it does not connote freedom to
err. It passes my comprehension how human beings, be they ever so
experienced and able, can delight in depriving other human beings
of that precious right. - Mahatma Gandhi, (1869-1948)
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
