Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Security Software Windows

Microsoft Releases Malicious Software Removal Tool 337

DaHat writes "Hot on the heels of their release last week of Microsoft AntiSpyware, Microsoft today released their very own Malicious Software Removal Tool with the claim that it will detect and remove infections from specific pieces of malware, including those in the families of Berbew, Doomjuice, Gaobot, Msblast, Mydoom, Nachi, Sassier, and Zindos from your Windows 2000, XP or 2003 machine. Microsoft also promises to release an updated version of the tool on the second Tuesday of each month."
This discussion has been archived. No new comments can be posted.

Microsoft Releases Malicious Software Removal Tool

Comments Filter:
  • obPost (Score:5, Funny)

    by ackthpt ( 218170 ) * on Tuesday January 11, 2005 @05:32PM (#11327307) Homepage Journal
    Microsoft Windows XP successfully uninstalled
    Dag! It works!
  • by Lindsay Lohan ( 847467 ) on Tuesday January 11, 2005 @05:32PM (#11327311) Homepage Journal
    Microsoft today released their very own Malicious Software Removal Tool
    Finally, an IE un-installer.
    • by mblase ( 200735 ) on Tuesday January 11, 2005 @06:01PM (#11327744)
      When I read that headline, I thought it meant Microsoft released a malicious tool for removing (non-MS) software. I don't know if that's a result of my own prejudices or just the kind of thing I've come to expect from Slashdot headlines....
      • by lawpoop ( 604919 ) on Tuesday January 11, 2005 @06:16PM (#11327983) Homepage Journal
        Actually, this might be seriously unfunny in the near future. If MS takes a hardline against open source or GPL licensed stuff, or make they claim that any particular app in using infringing code, a lot of slashdotters might be saying "I told you so".
        • by jc42 ( 318812 ) on Tuesday January 11, 2005 @11:42PM (#11331286) Homepage Journal
          Actually, this might be seriously unfunny in the near future.

          Actually, it has been seriously unfunny for several years.

          If you dig around for the earliest reviews of Windows Media Player, you'll find a number of reports that, after installing and testing it on their machine, the reviewers found that most or all of their other audio software was no longer working and had to be reinstalled. They also noted that, if they accidentally ran any of the pieces of WMP, the same thing would happen. And WMP couldn't be fully uninstalled.

          I have a number of friends that are developing audio and/or video software. They have been getting more and more depressed about the situation on Windows. It seems that, if you want your softwsare to be usable, you have to "license" it (i.e., sign over all rights) to Microsoft. Then they'll add it to WMP's list of Good Guys, and when WMP triggers its search-and-destroy routine, your app will be spared.

          This is really what DRM is all about. The intent is that you will only have the right to run approved software. If you have some silly idea that you can write and market your own software, well, just forget that. Hackers like you can't be trusted, y'know.

      • It's apparently a result of MS flunking out of their English-syntax classes. The title of their page clearly states that their software is "Malicious" (and it's refreshing to see them freely admit that). It also claims to be a tool that removes software, though the title doesn't tell you what kind. Judging from the text of the rest of the page, the title should have been this:

        Malicious-Software Removal Tool

        A dropped hyphen often makes a big difference in the meaning of a sentence.

      • by TheLoneIguana ( 126589 ) on Tuesday January 11, 2005 @06:32PM (#11328180)
        Hmmm..

        MS=Microsoft
        and
        MS=Malicious Software

        Coincidence?
    • No, silly! They're obviously introducing a new version of fdisk.
  • Will it remove firefox also?

    • Will it remove firefox also?

      That's sched'd for a future release, to cast aspersions on the non-standard apps you have on your system.

      todo list:

      remove any known worm/virus

      scan disk for 'BSoD' references or slashdot cookie, if found, format drive

      sneakily install microsoft DRM

      verify windows registration key and log ip address

      corrupt iTunes (1 chance in 10, so it's less suspicious)

      report all applications back to microsoft next time connecting to net under request [Get latest update?]

      ...

      Profit!!!

  • by Timesprout ( 579035 ) on Tuesday January 11, 2005 @05:34PM (#11327355)
    and some already are but lets face it, to currently reach the masses this sort of stuff needs to be pushed out through windows update.
    • We got to admit that for oil to reach the masses we have to push it through Standard Oil.

      Your analogy is flawed. A convicted monopoly cannot be excused for such behavior. The best thing they could do was to fix their flawed software and thus choke that market by actually *gasp* improving their software security.
      • I have nothing against MS giving this stuff away, or even selling it if someone will pay. If another tool does a better job, use the other tool.

        Monopolies are usually a problem because they hold all the cards, all the resources. It's impossible to compete. But there's nothing about MS's monopoly that prevents Adaware from existing. MS Antispiware, and now this tool, are both out. So if Adaware wants to continue existing, it had better to a better job or offer a better deal. If it doesn't, than what's the h
  • If they are going to stick to the once a month update schedule.

    People expect thier anti-virus and anti-spyware software to be updated at least weekly, if not daily if there is an outbreak.

    God forbid people start relying on only them for security and system utilities.
    • by DaHat ( 247651 ) on Tuesday January 11, 2005 @05:41PM (#11327466)
      The reason that they are only going to be doing it once a month has little to do with home users and more to do with corporate ones. Most IT people I know do not have time to search out threats to their network each day and make sure everything is up to date and properly patched... instead, they do so on a schedule. In order to facilitate that, Microsoft has done the same thing. Notice that new security bulletins came out today? Mark your calendar for a month from now and you'll see a similar thing.

      Yes, such a system is potentially flawed where if a major exploit is found in the wild and is running loose, taking out systems right and left, the day after Microsoft issues their advisories/patches, things could be bad. However in such a case I have little doubt they would make a special exception for those big ones.
    • "If they are going to stick to the once a month update schedule."
      • Silly consumer ... That's what the PAID version will be....
    • This isn't an AV app, its a REMOVAL TOOL. They've been very clear about its purpose, and that users should continue to use an up-to-date AV product:

      This tool will help to remove specific, prevalent malicious software from infected systems. Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. In addition to using this tool, you should use an up-to-date antivirus product to help protect your computer from other mali

    • This thing sounds more like Stinger than a general antivirus tool. Stinger is a free download from McAfee that will remove 50+ known infections from a machine. Stinger is not a resident scanner or email watchguard. It just removes the infections in it's rather small database. This works fairly well since certain things make the rounds over and over again.
  • Microsoft also promises to release an updated version of the tool on the second Tuesday of each month.

    Is that not a bit slow? Malicious Software could have nearly a month to spread before Microsoft get round to realeasing an update. Mind you, they might release them more often than that, it could be just a minimum.

    • by jd ( 1658 )
      No, there's no risk that malicious software will outpace it... provided Microsoft sticks to it's once-a-month patch plan.
  • what a process! (Score:3, Informative)

    by ack154 ( 591432 ) * on Tuesday January 11, 2005 @05:36PM (#11327387)
    So I installed this via Windows Update a little while ago today... Here's what I had to do just now to scan:

    1. Install via Windows Update
    2. Go to tool website
    3. Go to website again in IE, cause it doesn't like firefox
    4. Temporarily allow popups from SP2
    5. Go to website again to allow the popup for the scan tool to open
    6. Accept the license agreement
    7. Go to website again after I accepted agreement
    8. Open the tool and have IE block the ActiveX control
    9. Allow the ActiveX control
    10. Go to website AGAIN to install the ActiveX control
    11. Allow it to scan and tell me nothing is infected...

    I sure hope it wasn't this difficult for anyone else. Did I miss something? I thought it was going to be a program on my PC to run and scan, but I can't find it.
  • I tried this a few days ago (beta). It tried to eat ont of our developers scripts. Then in ate VNC (several different versions). The real time scan is annoying as all hell.

    Unless you love, dont use it. Your safer with... anything else (especially common sense)
  • It took long enough. But on the bright side, maybe they really are ramping up support for thier product. I know alot of you are going to rip MS but hey they didnt have to do this, its not like they are losing thier desktop OS to anyone. If thier PR campaign ends up working well for thier users, i say good show.
  • by Evil W1zard ( 832703 ) on Tuesday January 11, 2005 @05:37PM (#11327404) Journal
    And all other software made by vendors that have sued MS.... It also comes with a custom icon that portrays Bill Gates as Baby Jesus.
  • by EvilAlien ( 133134 ) on Tuesday January 11, 2005 @05:37PM (#11327412) Journal
    I'm fairly impressed with my tests of the AntiSpyware product. Its pretty slick, seems much more well-rounded than Adware Pro as a comparison. The depth is there too, its not just a mindless GUI app. The configurability and insight into the various bits of registry fiddling that spyware gets up to is cool... and good for a mostly-Windows Ignorant like me.

    The malware removal tool is pretty simple. It installs, scans, gives you a clean bill of health or tells you what a dirty infected whore your PC is.

    The auto-update features in both applications is nice to see too... Grandma and Grandpa Internet need something to spoonfeed them like this, and if Microsoft keeps them free then grrreat. Now if only we could get them to fix IE so it isn't such a steaming pile...

    • You saw that MS has removed definitions from the antispyware program already, right? WeatherBug complained and MS removed it within a few days from the list of detectable things.
  • Yes but can it remove the most evil malware of all... Windows! Inquiring minds want to know.
  • The machine was still running Windows when it completed.
  • Please start the trend of abbreviating the reference to this tool as the Microsoft Software Removal Tool.

    That way when we can offer a GPL'd, Linux-based, Microsoft Software Removal Tool for free there may be more people looking at the correct way to secure their Personal Computing systems.

  • after all cigarette makers release niccotine patches and gum
  • The virus makers will release the updated virii the 2nd Wednesday of the month.
  • by trb ( 8509 ) on Tuesday January 11, 2005 @05:41PM (#11327465)
    Microsoft also promises to release an updated version of the tool on the second Tuesday of each month.

    Malicious software writers promise to release an updated version of their work on the day after the second Tuesday of each month (which may or may not be the second Wednesday).


    • They may as well plan their updates for the first Tuesday of each month, as Microsoft will be incapable of responding to the new threat in time to roll the fix into the upcoming patch a week away anyways.
  • A what now? (Score:5, Funny)

    by sammy baby ( 14909 ) on Tuesday January 11, 2005 @05:41PM (#11327475) Journal
    "What's this? It says it's a malicious software remover."

    "I dunno. Try running it?"

    "Okay." (click-click.)

    "PLEASE WAIT."

    "What's it doing?"

    "Dunno... oh, here."

    "PROGRAM COMPLETE. FIFTEEN PROGRAMS REMOVED. HAVE FUN FIGURING OUT WHICH ONES, BITCHES."

    "Dammit."
  • The guy who started del.icio.us [del.icio.us] said that he bought the icio.us domain because it had lots of subdomain possibilities.

    mal.icio.us [mal.icio.us] is currently empty, but it would be cool to see something there!
    • by Zocalo ( 252965 ) on Tuesday January 11, 2005 @05:55PM (#11327671) Homepage
      But it might be considered somewhat capr.icio.us and not very jud.icio.us to create mal.icio.us just after Microsoft tries to get of to an ausp.icio.us start in its attempts to help us remove susp.icio.us software that is pern.icio.us in its efforts to remain on our PCs though.

      Yup. You're right. Lot's of subdomain possibilities there!

    • That's out.rag.icio.us!
    • Re:mal.icio.us ? (Score:3, Insightful)

      by rsteele19 ( 150541 )
      Yeah, great. And every time I try to go visit it, I end up putting the dots in the wrong places, like deli.cio.us, or de.lic.io.us. And forget about trying to tell someone verbally how to find it...

      "Yeah, go check out this site, it's called delicious."
      "Delicious.com?"
      "No, d-e-l-dot-i-c-i-o... argh, just frickin' Google it. Oh wait, it's not in Google... [del.icio.us]
  • by Xabraxas ( 654195 ) on Tuesday January 11, 2005 @05:45PM (#11327542)
    Thanks for the bandaid MS. Can you work on the root of the problem now or would that interfere too much with your business plan?
  • Line 'em up (Score:3, Funny)

    by Swamii ( 594522 ) on Tuesday January 11, 2005 @05:53PM (#11327644) Homepage
    A summary of the next 100 Slashdot posts:

    1. Finally, a Windows XP uninstaller!
    2. Finally, an IE uninstaller!
    3. Jokes about the malicious/software wordplay -- is it a malicious tool to remove software or a malicious software removal tool? har har har
    4. Does it run on Linux?
    5. Imagine a beowulf cluster of these.
    6. In Soviet Russia, software tools malice YOU!
    7. In Korea, only old people run malicious tools.
    8. Tin foil cap-sporting nerds complaining about WinVNC rumors.
    9. ???
    10. Profit!
    11. Declare bankruptcy.
    12. Bitch about MS.
    13. Spell MS with a dollar sign.
    14. Tin foil cap-sporting nerds complaining about how this is a MS chokehold attempt on the market.
    15. Anonymous posters claiming they had sex with your mother.
    16. Mindless slashbotting.
    17. 53 offtopic posts.
    18. /. owners modding down anything disagreeing with the Slashbot secular, pro-Linux, uniformity.
    19. Some posts by the GNAA and/or Roland Piquepalle (one and the same)
    20. One really long list of post summaries, to get modded down by angry Slashbots.

    <accepting no karma bonus for this crap>
  • It'll start removing "unsigned software" because it's not safe right? I remember that article and hence why I'm switching to Mandrake in a couple of weeks time.

    Thanks for pushing me away from Windows, MS! I'll remember to pay you back some day.
  • I was about to take the slashdot editors to task for their ambiguous use of 'Malicious' in the title. I suspected that it was a not-so-clever bash at Microsoft.

    Then I realised: that's the name Microsoft gave to it. Man, we knew couldn't write good software, but now they seem intent on proving they can't write proper English either.

    Quick, someone, explain the concept of the adjective to the MS Marketing dept.

  • by salvorHardin ( 737162 ) <adwulf@gmail.DEBIANcom minus distro> on Tuesday January 11, 2005 @06:02PM (#11327761) Journal
    I wonder if cracks for their software would be considered malicious. I can just imagine hundreds of people running this, and then finding out that Office doesn't work anymore and they only have another 28 days in which to activate Windows XP before it'll only boot in safe mode. Don't have a cracked machine to try it on, unfortunately, but I think maybe MS missed their chance by allowing everyone to bypass windows validation before downloading the anti-spyware. Perhaps this is another chance to rid the world of a few 1,000 pirates. Or perhaps I should get more sleep and/or consider Occam's Razor a little more..
  • Will this finally mean there's a realiable way to get rid of Realplayer?

    On that note, there is some software out there that lets you play Realmedia files without installing that evil tripe onto your Windoze box. Behold Real Alternative [free-codecs.com]
  • by Greyfox ( 87712 )
    Microsoft Software Removal Tool [knoppix.net]

    All joking aside, would Microsoft's marketing of a spyware removal tool constitute acknowledgement of critical design flaws in their product which they have no intention of fixing? (He asks as he fires up his LawSuitOMatic...)

  • OH NO! One the heal of the finest spyware removal tool, Microsloth comes out with YET ANOTHER top notch tool. And what do all the Slashdot Talking Heads have to say? Oh, nothing....
  • Disabling reporting (Score:5, Informative)

    by jjgm ( 663044 ) on Wednesday January 12, 2005 @02:17AM (#11332221)
    This tool reports to MS when it cleans. The reporting is anonymous, it says in the EULA.

    Those of you who detest automatic vendor notifications can disable this function. I just followed a tortuous string of buried references from MS to find out how, so to save you all the hassle, here's the thing:

    Using regedit, create registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT \DontReportInfectionInformation as a DWORD, and set the value to 1.

Measure with a micrometer. Mark with chalk. Cut with an axe.

Working...