Re: Alerting - Malicious software removal tool
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Mon, 1 Dec 2008 14:15:34 -0800
When the MSRT runs, if it finds what it looks for, it removes it and reports that removal to Microsoft. If it finds nothing, it exits. Neither I nor the tool nor the SIR make any claims that the MSRT completely cleans a machine. As others have pointed out, it is one element of an effective arsenal of tools to help improve security.
Here's something interesting, which might even surprise you: this month (November 2008) the single most prevalent piece of malware the tool detects is Win32/FakeSecScan (rogues that mimic the Security Center). As of 13 November, we've tracked 811,000 removals. This includes some FakeSecScan threats that were no longer active when detected -- meaning that they were incompletely cleaned manually or by other AV products, and the MSRT successfully cleaned out the remaining bits.
I have a proposal for you -- actually, for everyone reading this thread. The MSRT creates a log file in %WINDIR%\Debug. KB 890830 describes its output. If you ever encounter an instance of where the tool fails to properly clean a machine, the Microsoft Malware Protection Center is ready to help. Go to http://www.microsoft.com/security/portal, click on "Submit a Sample," and please send us your MRT.LOG file and a sample of the malware, if you can. We'd love to work with everyone to make sure the tool is as effective as possible.
Protect Your Windows Network: http://www.amazon.com/dp/0321336437
"Leythos" <spam999free@xxxxxxxxxx> wrote in message news:MPG.239b003461fbb6ab98972d@xxxxxxxxxxxxxxxxxxxxxxx
In article <57D4615E-5548-4750-881B-FCB4AE478B12@xxxxxxxxxxxxx>,
Again, the data in the SIR contradict your assertions. A chart on page 53
compares, by Windows type, the number of computers cleaned per 1000 MSRT
executions. Page 138 tabulates the numbers. Windows XP RTM shows 33.8,
Windows XP SP 3 shows 9.2, Windows Vista RTM shows 4.9, Windows Vista SP1
shows 4.5. If we "failed again" to make the OS secure, if "the same crap"
that infected XP also attacked Vista, wouldn't the numbers for Vista be
equivalent to those for XP?
How many malware were left on/in those machines? Without that number
your stat is meaningless.
What this means is that, based on my experience, that MSRT does little
to actually "Clean" a machine. By clean, lets be clear, I mean that it
removes all malware from the machine.
Claiming that a tool is good because it removes malware while leaving X
items of malware still on the system is a misrepresentation of the
quality of the tool.
Anecdotes are not data. Your few instances of machines getting infected
can't compare to the data reflecting research across tens of millions of
But it is valid - if we take the MSRT and run it on a compromised
machine, having it claim the machine is clean, then we run several other
anti-malware tools that show the machine to remain seriously
compromised, doesn't that indicate that the "Data" you are interpreting
as showing MSRT to be a good tool is seriously flawed?
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)