SecurityGarden

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, April 18, 2011

Understanding Microsoft Anti-Malware Software

Posted on 12:57 PM by Unknown

Please see the updated document which includes changes made in Microsoft Anti-Malware products since 2011:
Understanding Microsoft Anti-Malware Software 2012


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

The release of the Microsoft Safety Scanner has resulted in confusion about the available anti-malware tools provided by Microsoft and questions about when they should be used. 

Before answering the questions, let's take a closer look at the products available from Microsoft.


Microsoft Security Essentials


Microsoft Security Essentials (MSE) is an antivirus, anti-malware, anti-spyware software providing real-time protection for your computer.  Microsoft Security Essentials is free for home users as well as small and medium businesses with up to ten (10) PC's.

MSE works on Windows 7, Windows Vista and Windows XP, however, your PC must run genuine Windows to install Microsoft Security Essentials.  Beware of rogue/scam offerings.  MSE can be downloaded from the Microsoft Safety & Security Center.

Definition updates for MSE are obtained automatically through the program or downloaded directly from the Microsoft Malware Protection Center (MMPC) Portal.  You may also be offered updates through Windows Update. 

Microsoft Safety Scanner


The Microsoft Safety Scanner is a no-frills scanner to help remove viruses, spyware, and other malicious software. The Microsoft Security Scanner will work with your existing antivirus software but it is not a replacement for a resident antivirus software program.

The Microsoft Safety Scanner works on Windows 7, Windows Vista and Windows XP.  There is no charge to use the Microsoft Safety Scanner and there is no requirement to prove Windows is genuine.

The Microsoft Safety Scanner expires ten (10) days after being downloaded. The reason for the expiration time is at the point of downloading the Microsoft Safety Scanner, it installs the most recent definitions from the MMPC Portal. Due to the frequency of definition updates, even after one day, the definitions are outdated.  The Microsoft Safety Scanner uses the same definitions that are used for Microsoft Security Essentials and Microsoft Forefront.

For instructions on the use of the Microsoft Safety Scanner, you may be interested in this brief tutorial:   How to Use the New Microsoft Safety Scanner


Malicious Software Removal Tool


The Malicious Software Removal Tool (MSRT) scans for select malware only. Microsoft releases an updated version of the MSRT on the second Tuesday of each month along with security updates.  Additional updates are added as needed to respond to security incidents.  The current list of targets for removal is available at Families Cleaned by the Malicious Software Removal Tool.  

The MSRT works on Windows 7, Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008 and is available from Microsoft Update, Windows Update and the Microsoft Download Center.

As explained in Microsoft KB Article 890830, the Microsoft Malicious Software Removal Tool is not a substitute for an antivirus software.  There is no real-time protection and, as shown in the above-referenced list of families cleaned, the MSRT is targeting specific prevalent malicious software that is actively running on the computer.

Microsoft Standalone System Sweeper Beta

Edit Note: *The Microsoft Standalone System Sweeper Beta has been renamed to "Windows Defender Offline Beta".

Microsoft Standalone System Sweeper Beta is a recovery tool currently available from Microsoft Connect.  The tool is not a general, all-purpose scanner.  Rather, it is to help help start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware.

The Microsoft Standalone System Sweeper Beta can also be used in situations where an antivirus software fails to install or the program that is installed is unable to detect or remove malware from the computer. The Microsoft Standalone System Sweeper Beta uses the same definitions that are used for Microsoft Security Essentials and Microsoft Forefront.

For additional information on the Standalone System Sweeper see Setting Up the Microsoft Standalone System Sweeper Beta.

*See Windows Defender Offline Beta, formerly Standalone System Sweeper.

Windows Defender


Windows Defender is not an anti-malware software.  It is a free active system monitor that provides real-time protection against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. Windows Defender can be installed on Windows XP and Windows Server 2003.  It was pre-installed on Windows Vista, Windows 7 and Windows Server 2008 (enabled if the Desktop Experience feature is installed).

Windows Defender can be downloaded from the Windows Download Center.  Note:  Microsoft Security Essentials includes the anti-spyware engine of Windows Defender.  Thus, when installing MSE, Windows Defender is deactivated.

Microsoft Forefront


Microsoft Forefront comprises a product line of security products for business customers.  It is designed to be centrally managed and integrated into IT infrastructure products, such as Active Directory.  If your business has more than 10 PCs and, therefore, against the license terms to use MSE, consider Forefront.  Microsoft Forefront is intended to scale to many thousands of users.  It uses the same definitions as Microsoft Security Essentials and the Microsoft Safety Scanner.

Windows Intune


Windows Intune is an Enterprise Solution that provides PC Management and Security in the Cloud.  It is an end-to-end Microsoft solution that brings together Windows cloud services for PC management and endpoint protection with a Windows 7 Enterprise upgrade subscription.  Through the web-based console, IT Staff can centrally manage and secure all the company PCs.

Included in the numerous features of Windows Intune is malware protection, using the same definitions Microsoft Forefront and Microsoft Security Essentials.

Questions and Answers


Q.  Does the Microsoft Safety Scanner include all of the definitions included in the Malicious Software Removal Tool?
A.  Yes, at the time of download, the Microsoft Safety Scanner will include the same target families as the Malicious Software Removal Tool.  However, the Microsoft Safety Scanner includes more than specifically targeted prevalent malicious software.

Q.  Does the Malicious Software Removal Tool include definitions that are not included in the Microsoft Safety Scanner?
A.  No, although if the timing is such that additional targeted families or variants were added to the Malicious Software Removal Tool after the download of the Microsoft Safety Scanner, those families or variants would obviously not be in the already downloaded Microsoft Safety Scanner.

Q.  In terms of detection and removal, does the Microsoft Safety Scanner offer what the Malicious Software Removal Tool offers?
A.  The Malicious Software Removal Tool has specific malicious targets whereas the Microsoft Safety Scanner targets not only the same specifically targeted malicious programs as the Malicious Software Removal Tool, but also targets the same viruses, spyware, and other malicious software included in Microsoft Security Essentials and Microsoft Forefront.

Q.  Do users need both the Microsoft Safety Scanner and Malicious Software Removal Tool?
A.  The simple answer is No.  In point of fact, if you are using Microsoft Security Essentials as your antivirus product, you theoretically do not need either the Microsoft Safety Scanner or the Malicious Software Removal Tool.  However, there are instances where, for one reason or another, there is a problem updating MSE or the need to clean a computer that does not have Internet access.  Another valuable use of these tools is if your computer has a virus that your current antivirus software missed or is unable to remove.

Q.  Is their any point in running both the Microsoft Safety Scanner and Microsoft Security Essentials?
A.  No.  The Microsoft Safety Scanner uses the same definitions as Microsoft Security Essentials.  

Q.  How do I know if I have the latest definitions installed in Microsoft Security Essentials?
A.  The change log for the latest definitions for not only Microsoft Security Essentials but also Microsoft Forefront and Windows Defender is available from the Microsoft Malware Protection Center (MMPC) Portal.

Q.  Can I download both the 32 bit and the 64 bit versions of the Microsoft Safety Scanner to a USB stick and take to another computer to run the correct version for the destination machine?
A.  I suggest that you create a separate folder for each version of the download as both the 32-bit and 64-bit versions are named the same, as msert.exe.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Email ThisBlogThis!Share to XShare to Facebook
Posted in AntiVirus, Microsoft, Security, tutorial | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Security Bulletin Advance Notice for August, 2013
    On Tuesday, August 13, 2013, Microsoft is planning to release eight (8) bulletins.  Three of the bulletins are identified as Critical with f...
  • Critical Out-of-Band Update Released for MS10-046
    Microsoft released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. The security update is identified as crit...
  • Hotmail Security to Protect and Recover Your Account
    Time and time again I see reports from Hotmail users who have lost control of their e-mail account.  As explained by Walter Harp, Director o...
  • Long Awaited Outlook.com Calendar Refresh Rollout
    The long-awaited Outlook.com calendar refresh has been released and is in the process of being rolled out. Because the servers are grouped i...
  • Microsoft Security Advisory 2269637 Released
    Microsoft released Security Advisory 2269637 which relates to a remote attack vector to a class of vulnerabilities affecting applications t...
  • Oracle Java Update
    Oracle released the Java SE 7u40 today.  In addition to bug fixes and enhancements, the update includes the following: advanced monitoring ...
  • Adobe Reader Security Updates
    Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. Adobe identif...
  • Advance Notice: Security Updates for Java SE
    The Sun Security Blog published the following update announcement: "On November 3, 2009, Sun will release the following security update...
  • Adobe Flash Player and Adobe Air Security Updates
    Adobe released updates to both Adobe Flash Player and Adobe AIR to correct a critical vulnerability in both products. From the Adobe Securi...
  • Waledac Botnet Takedown
    The Waledac botnet had the capability of sending 1.5 billion spam e-mails per day. During a three-week period in December, 2009, approximat...

Categories

  • Adobe
  • Advisory
  • Amero
  • AntiVirus
  • Apple
  • Ask
  • AVG
  • Bing
  • Browser
  • Child Safety
  • email
  • ESET
  • Ethics
  • Facebook
  • Firefox
  • Firewall
  • FixIt
  • Fraud
  • General
  • Google
  • Hotmail
  • IE10
  • IE6
  • IE7
  • IE8
  • IE9
  • Java
  • Lavasoft
  • malware
  • Microsoft
  • Microsoft Apps
  • Mozilla
  • MVP
  • NCSAM
  • Office
  • Office 2007
  • Office 2010
  • Opera
  • Outlook.com
  • Phishing
  • Privacy
  • safety
  • Search
  • Security
  • Service Pack
  • SkyDrive
  • Skype
  • Software
  • SP1
  • sp2
  • SP3
  • Spotlight
  • Sumatra
  • tutorial
  • UAC
  • Updates
  • Vulnerabilities
  • Windows
  • Windows 7
  • Windows 8
  • Windows Live
  • Windows Live OneCare
  • Windows Vista
  • Windows XP
  • WinPatrol

Blog Archive

  • ►  2013 (93)
    • ►  October (2)
    • ►  September (8)
    • ►  August (9)
    • ►  July (5)
    • ►  June (8)
    • ►  May (7)
    • ►  April (15)
    • ►  March (9)
    • ►  February (16)
    • ►  January (14)
  • ►  2012 (98)
    • ►  December (7)
    • ►  November (6)
    • ►  October (11)
    • ►  September (5)
    • ►  August (10)
    • ►  July (8)
    • ►  June (12)
    • ►  May (7)
    • ►  April (12)
    • ►  March (6)
    • ►  February (6)
    • ►  January (8)
  • ▼  2011 (130)
    • ►  December (8)
    • ►  November (10)
    • ►  October (7)
    • ►  September (12)
    • ►  August (9)
    • ►  July (6)
    • ►  June (13)
    • ►  May (14)
    • ▼  April (13)
      • Critical Updates for Firefox Versions 3.6 and 4.0
      • MSRT Update Includes Additional Coreflood (Afcore)...
      • Insecure Wi-Fi Results in Police Raid
      • Happy Easter - "Khrystos Voskres!"
      • Non-Security Update for Oracle Java
      • Adobe Releases Critical Update for Reader/Acrobat ...
      • Understanding Microsoft Anti-Malware Software
      • How to Use the New Microsoft Safety Scanner
      • Support Ended for Windows Live OneCare and Safety ...
      • Another Critical Update for Adobe Flash Player
      • Security Bulletin Release for April, 2011
      • Security Advisory for Adobe Flash Player, Adobe Re...
      • Security Bulletin Advance Notification for April, ...
    • ►  March (15)
    • ►  February (10)
    • ►  January (13)
  • ►  2010 (146)
    • ►  December (10)
    • ►  November (15)
    • ►  October (19)
    • ►  September (15)
    • ►  August (14)
    • ►  July (8)
    • ►  June (19)
    • ►  May (5)
    • ►  April (11)
    • ►  March (6)
    • ►  February (14)
    • ►  January (10)
  • ►  2009 (33)
    • ►  December (11)
    • ►  November (11)
    • ►  October (11)
Powered by Blogger.

About Me

Unknown
View my complete profile