Re: Alerting - Malicious software removal tool



When the MSRT runs, if it finds what it looks for, it removes it and reports that removal to Microsoft. If it finds nothing, it exits. Neither I nor the tool nor the SIR make any claims that the MSRT completely cleans a machine. As others have pointed out, it is one element of an effective arsenal of tools to help improve security.

Here's something interesting, which might even surprise you: this month (November 2008) the single most prevalent piece of malware the tool detects is Win32/FakeSecScan (rogues that mimic the Security Center). As of 13 November, we've tracked 811,000 removals. This includes some FakeSecScan threats that were no longer active when detected -- meaning that they were incompletely cleaned manually or by other AV products, and the MSRT successfully cleaned out the remaining bits.

I have a proposal for you -- actually, for everyone reading this thread. The MSRT creates a log file in %WINDIR%\Debug. KB 890830 describes its output. If you ever encounter an instance of where the tool fails to properly clean a machine, the Microsoft Malware Protection Center is ready to help. Go to http://www.microsoft.com/security/portal, click on "Submit a Sample," and please send us your MRT.LOG file and a sample of the malware, if you can. We'd love to work with everyone to make sure the tool is as effective as possible.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
Protect Your Windows Network: http://www.amazon.com/dp/0321336437



"Leythos" <spam999free@xxxxxxxxxx> wrote in message news:MPG.239b003461fbb6ab98972d@xxxxxxxxxxxxxxxxxxxxxxx
In article <57D4615E-5548-4750-881B-FCB4AE478B12@xxxxxxxxxxxxx>,
steve.riley@xxxxxxxxxxxxx says...
[snip]
Again, the data in the SIR contradict your assertions. A chart on page 53
compares, by Windows type, the number of computers cleaned per 1000 MSRT
executions. Page 138 tabulates the numbers. Windows XP RTM shows 33.8,
Windows XP SP 3 shows 9.2, Windows Vista RTM shows 4.9, Windows Vista SP1
shows 4.5. If we "failed again" to make the OS secure, if "the same crap"
that infected XP also attacked Vista, wouldn't the numbers for Vista be
equivalent to those for XP?

How many malware were left on/in those machines? Without that number
your stat is meaningless.

What this means is that, based on my experience, that MSRT does little
to actually "Clean" a machine. By clean, lets be clear, I mean that it
removes all malware from the machine.

Claiming that a tool is good because it removes malware while leaving X
items of malware still on the system is a misrepresentation of the
quality of the tool.

Anecdotes are not data. Your few instances of machines getting infected
can't compare to the data reflecting research across tens of millions of
computers.

But it is valid - if we take the MSRT and run it on a compromised
machine, having it claim the machine is clean, then we run several other
anti-malware tools that show the machine to remain seriously
compromised, doesn't that indicate that the "Data" you are interpreting
as showing MSRT to be a good tool is seriously flawed?

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.



Relevant Pages

  • Re: Alerting - Malicious software removal tool
    ... You describe a few instances of where users have gotten themselves infected with malware, which leads you to claim that the tool is completely useless. ... A chart on page 53 compares, by Windows type, the number of computers cleaned per 1000 MSRT executions. ... yet), used MS Works, had a single account, administrator level logon ... needed to install an application that she could not install from ...
    (microsoft.public.security.virus)
  • Re: Alerting - Malicious software removal tool
    ... No program is going to remove **ALL** the malware on a machine. ... You can test this yourself - take a infected machine, something simple, ... you WILL find that the MSRT missed a LOT. ... SECURING THE OS PLATFORM instead. ...
    (microsoft.public.security.virus)
  • Re: Alerting - Malicious software removal tool
    ... Please show me a program that will do what you expect MRT to do! ... MSRT at malware removal, and that includes most FREE anti-malware apps. ... item from X number of computers, ...
    (microsoft.public.security.virus)
  • Re: Alerting - Malicious software removal tool
    ... MSRT at malware removal, and that includes most FREE anti-malware apps. ... item from X number of computers, ... removing malware that it targets, but we don't really know that to be ...
    (microsoft.public.security.virus)
  • Re: Alerting - Malicious software removal tool
    ... removes a fraction of the malware out there, ... already on the market that are free, and they get better feedback from ... MSRT is probably the biggest step Microsoft have ever taken in a bid to hit ... I've worked designing computer hardware and programming in more than ...
    (microsoft.public.security.virus)