Topic: Cloud

Microsoft Safety Scanner

Summary: Think you got a virus? Microsoft to the rescue!A few weeks ago, with little fanfare, Microsoft released a new downloadable on-demand security scanner to help techies deal with malware outbreaks

By Adrian Kingsley-Hughes for Hardware 2.0 | May 11, 2011 -- 07:53 GMT (00:53 PDT)

Follow @the_pc_doc

Think you got a virus? Microsoft to the rescue!

A few weeks ago, with little fanfare, Microsoft released a new downloadable on-demand security scanner to help techies deal with malware outbreaks

The tool, called Microsoft SafetyScanner, is a 70+MB, self-contained security scanner package that you download and run.

On running the tool (and being told that this tool is not a replacement for a proper anti-malware solution) you're given three options:

Quick scan - Likely spots that malware might be lurking
Full scan - Whole system ... just in case
Customized scan - Scan a specific folder

And that's it.

I had to throw a little something in the scanner's way (just the simple EICAR test file):

Some drawbacks:

There are not updates provided for the tool - you have to redownload the package
The download is only valid for 10 days, after which you have to redownload the package
The progress bar seems to mean nothing

Handy if you want a quick anti-malware scanner.

Topics: Cloud, Data Centers, Hardware, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments

Log in or register to join the discussion

RE: Microsoft Safety Scanner

Makes sense for it to be non-updateable, it's designed to go on read-only media. Why put it on writeable media when that could get infected also and just help to spread it?

As far as the progress bar is concerned, do they ever mean anything?

jmiller1978
11 May, 2011 08:04

Reply Vote
- I was thinking the same thing
 
 @jmiller1978
 
 [i]As far as the progress bar is concerned, do they ever mean anything?[/i]
 
 John Zern
 11 May, 2011 08:11
 
 Reply Vote
 - RE: Microsoft Safety Scanner
 
 @John Zern
 This looks interesting, though MSRT was a big let down for its footprint. How would this compare to the current industry standard MBAM?
 <a rel="dofollow" title="Cannabis Seed" href="http://original-ssc.com/">cannabis seed</a>
 
 Cannabis Seed
 27 October, 2011 12:20
 
 Reply Vote
- RE: Microsoft Safety Scanner
 
 @jmiller1978
 Also ,Isn't this The Malicious software removal tool rebranded as Safety Scanner? I've used it a couple of times
 
 g@...
 11 May, 2011 10:32
 
 Reply Vote
 - RE: Microsoft Safety Scanner
 
 @g@...it has the components of the malicious software removal tool in addition to a virus scanner (presumably Security Essentials engine?). It looks like MRT, but has bits of Security Essentials added on top.
 
 newkansan
 11 May, 2011 14:28
 
 Reply Vote
Actually Used this last night

Customer got one of those Fake Antivirus Scareware apps installed. Had expired A/V and no other protection and only on XP Sp1. Found lots of stuff. I also used a couple other Anti-Malware applications to clean it all out.

Now time to patch up and install MSE and other updates. I am pretty positive had the computer been up to date and had proper AV he would have been OK. Of course I did find quite a bit of questionable content in his internet history.

bobiroc
11 May, 2011 08:47

Reply Vote
- RE: Microsoft Safety Scanner
 
 @bobiroc
 
 I'd like to know how that machine sat online all this time and was only up to date circa Sept. 9th 2002.
 
 Poor machine.
 
 The one and only, Cylon Centurion
 11 May, 2011 09:12
 
 Reply Vote
 - RE: Microsoft Safety Scanner
 
 @Cylon Centurion 0005
 
 I have no idea to be honest. The customer insisted that I do my best to not just format the whole thing as he has software he no longer has the installs for that he "needs" Told him I cannot make that guarantee and it will cost extra to do it this way. So far I think it is OK. I have to do some other checks this evening when I get off of work.
 
 I guess I am still surprised that basic computer care like updates and patching are still so widely overlooked. Not just on Windows either. I have taken in a few Macs that are way behind on their patching. I have had a few people say that they purposely cancel it sometimes because they cannot be bothered with that to which I ask well do you just not bother with changing the oil in your car and other car maintenance. They always reply No way that is stupid. Well so is not patching your computer.
 
 bobiroc
 11 May, 2011 09:47
 
 Reply Vote
 - RE: Microsoft Safety Scanner
 
 @bibiroc To be fair, Windows XP was always funny with updates, only because it never had a baked in system that Vista and 7 have, but even with AU turned on, they would still install and prompt a reboot. The only way your customer would be that out of date would be if AU was turned off. That's going to be a tough repair without nuking it from orbit. I can almost picture what kind of machine it is too. Dell Dimension desktop running with 256MB of RAM, and most likely filled with dust. A lot of dust. Lol
 
 But, what I think it boils down to is laziness. Which is surprising as most updates can silently install, and when finished wait for a reboot at a later time if one is needed. Maybe on the days of dial up would it be OK to cancel them, but not with today's high speed Internet.
 
 The one and only, Cylon Centurion
 11 May, 2011 10:02
 
 Reply Vote
 - RE: To Be Fair
 
 @Cylon Centurion 0005
 
 It is an eMachine Celeron 2.2Ghz with 512MB ram. He said he always told it to shut down without installing the updates and a friend eventually showed him how to shut it off because they were only needed if you were having a problem with the computer. So Autoupdates was not set to automatic. It would download them but not install them automatically and he purposely ignored them because it would take too much time.
 
 It is rather dusty too so there will be a charge for that clean out as well.
 
 bobiroc
 11 May, 2011 10:29
 
 Reply Vote
- RE: Microsoft Safety Scanner
 
 @bobiroc said "I am pretty positive had the computer been up to date and had proper AV he would have been OK"
 
 I had a customer's pc that was fully up-to-date (Avast A/V, SuperAntiSpyware; both paid versions)
 
 He clicked on a scareware pop-up and the machine was promptly infected with one of the rogue security scanner variants.
 
 pc_techs_ct@...
 12 May, 2011 06:45
 
 Reply Vote
 - Nothing stops the user from saying
 
 @pc_techs_ct@...
 "Sure, Go ahead!"
 
 Will Pharaoh
 12 May, 2011 09:08
 
 Reply Vote
 - Ah, the oldest vulnerability in existence ..
 
 @pc_techs_ct@ ... the sure to get PWNED vulnerability ..
 
 .. the bit at the end of the keyboard.
 
 thx-1138_
 19 May, 2011 05:48
 
 Reply Vote
Self Contained Pros & Cons

I like the idea it is "Self-Contained" if that means it will run from a USB Flash Drive with no Registry modification. I have removed close to 100 Malware infections on client computers over the last year or so. I have noticed that some infected computer prevent the installation of MALWARE Scanners, so I always try to install one to have on hand if the machine gets infected. I have seen some malicious behavior prevent known scanners executables from running (some require using RENAMED .EXE files, does not always work). This may be the drawback to this approach. Other issues I have noticed is Malware installs a PROXY preventing infected computer from visiting sights that contain MALWARE scanners, so the danger here is unless you have another machine, you have no-way access a site that allows you to download a scanner. If only good for 10 days, then I can't keep it in my arsenal of tools (I keep my flash drive with me all the time with a compliment of scanners I rely on). Don't get me wrong, I will try this but I have had to run resident scanners to kill TSR programs that prevent me from running known Malware Scanners. I think a Self-contained on a USB that can be updated is a better approach. Anyone use this tool yet to get rid of Fake Anti-Virus (looks like bobiroc answered that question while I was typing....I will grab a copy to mess with in my spare time, of course that might be 2-weeks from now and it won't run after 10 days).

robertr@...
11 May, 2011 08:55

Reply Vote
- RE: Microsoft Safety Scanner
 
 @robertr@...
 
 In that case, don't install it till you need to. I'm pretty sure that 10 days begins when the software is installed and not downloaded.
 
 The one and only, Cylon Centurion
 11 May, 2011 09:42
 
 Reply Vote
 - From download date
 
 @Cylon Centurion 0005
 
 I expect it IS from date of download.
 The whole idea is that you download the latest version right when you need it so that it has the latest signatures.
 
 VBJackson
 12 May, 2011 06:50
 
 Reply Vote
 - 10 days...
 
 @Cylon Centurion 0005 Isn't that basically the "upgrade" method? The 10 day limit is so you won't keep using a tool with outdated databases.
 
 At least that's the way I read it. I don't think they are enforcing licensing so much as having a way to keep the tool up to date 'in the wild.'
 
 pgit
 12 May, 2011 08:26
 
 Reply Vote
- RE: Microsoft Safety Scanner
 
 @robertr@...
 If you find that the computer is rerouting you to other sites when you try to download malware scanners, try using TOR with firefox running off a flash drive. That has gotten me past the blocked stuff and let me download whatever software I needed.
 
 orenkuhn@...
 12 May, 2011 12:23
 
 Reply Vote
Message has been deleted.

maoim
11 May, 2011 09:57

Reply Vote
Allow me to say it

But what about the attack vectors? The DLLs will be injected and there is no LSM.

There. job done.

Your Non Advocate
11 May, 2011 13:59

Reply Vote