Microsoft anti-virus software to complement today’s beta of an anti-spyware tool


[Update for people finding this post through web searches: the anti-virus tool has been released as the Microsoft Windows Malicious Software Removal Tool (KB890830). You can use that link to download it directly, but really you should be using Windows Update so that you get an automatic update to the tool every month!]


In case you were hiding under a rock today, Microsoft released a beta of an anti-spyware tool based on the GIANT AntiSpyware codebase*. What seems to have been lost in all the general noise** is the other announcement, the one about our promise of regularly updated virus-removal tools. Rod Trent is the only guy I read who’s noticed the press release:



The new Microsoft Windows malicious software removal tool consolidates [our existing removal tools for Blaster, MyDoom, and Download.Ject] into a single solution. The tool will be updated on the second Tuesday of each month as part of Microsoft’s monthly software security update process to respond to new viruses, worms and variants.


The Microsoft Windows malicious software removal tool will be offered in the following ways:



  • As a high-priority update through Windows Update and Auto Update.
  • Through a simple, online interface.
  • For larger corporate customers, a download through the Microsoft Download Center.

Summarizing the rest of the press release:



  • It’s free
  • The first release will be next Tuesday

Oh, and the anti-spyware beta is well worth checking out – I’ve been running it for a couple of weeks. There are still plenty of fit-and-finish issues (I’ve submitted half a dozen bugs, mostly related to non-standard Windows controls and some bits that weren’t rebranded), but the core functionality is all there. Grab it from the official Microsoft Windows AntiSpyware page, where you can also find a FAQ, a list of Known Issues with the beta, and pointers to (shock horror!) newsgroups where you can get support.


*Well, technically it hit the servers last night, and several enterprising folks found the bits before the “official” news release at 9 a.m. this morning. Ahhh, what would we do without rabid fanboys? 🙂


**I believe Michael Swanson was the first on blogs.msdn.com to post about it, and gives an excellent summary of the anti-spyware tool.

Comments (14)

  1. AntiSpyware says the WinPCap is a (low) threat and reccomends not removing it, but I’d rather see it delisted as a threat. WinPCap (the library for network analysis stuff, as I understand it; I just run ethereal to capture packets) is probably not a threat.

    Overall very very nice.

  2. Hi Matt – that listing is probably left over from the original GIANT database. I imagine it’s there because WinPCap may be used by other network-sniffing malware. This is unlikely (hence the low threat), but if it’s brand-new malware then WinPCap may be the only signature that the tool would recognize. Sound plausible? If not, head on over to the microsoft.private.security.spyware.signatures newsgroup to report it 🙂

  3. RCH says:

    Dead link:…Michael Swanson was the first …

    (http://blogs.msdn.com/mswanson/archive/2005/01/06/347459.aspx)

    The entry could not be found or has been removed

    kutgw

    rch

  4. Kent Chen says:

    I ran and scanned my computer yesterday, and got the WinPCap being listed as well. It seems to be a false positive and would like not seeing it on the list at all. Other than that, it works great on my computer so far, is warning me every time when I tried running some scripts, which is what it is supposed to do.

  5. Anonymous says:

    » Microsoft Virus Removal Tool Coming Tuesday  InsideMicrosoft – part of the Blog News Channel

  6. Hi Kent – I’m glad that a knowledgebase article for Windows Server 2003 solved your problem on XP! (The corresponding one for XP looks to be http://support.microsoft.com/kb/811259, "How to determine and recover from Winsock2 corruption").

    I’m told that the other thing to have tried was "netsh winsock reset" at a command prompt.

  7. Kent Chen says:

    Thanks Jonathan,

    Acutually, after I followed the instruction, I noticed that there is a easy way to get around of this by using netsh command. I hope I can remember that next time when it happens. Well, it rarely happens and I am pretty comfortable the stability of the Windows XP.

    Cheers, Kent

  8. One thing I forgot to mention in my previous post is what to do when the Microsoft anti-spyware tool…

  9. Chris says:

    I truly believe they should extend the services of beta tools and all virus removal software to anyone when a new threat is found online. Don’t you? Chris-

  10. Chris – we already do. Keep up! 🙂