http://www.microsoft.com/security/malwareremove/default.mspx Silj -- siljaline MS - MVP Windows (IE/OE) 2003/04 AH-VSOP _______________________________________ |
||||||||
|
![]() |
1/11/2005 8:55:32 PM |
Is this in addition to Microsoft AntiSpyware Beta 1? doug |
||||||||
|
![]() |
1/11/2005 9:12:38 PM |
Doug wrote in grc.news.latestversions: > Is this in addition to Microsoft AntiSpyware Beta 1? yes -- Kayode Okeyode http://del.icio.us/kayodeok http://www.kayodeok.co.uk/weblog/ |
||||||||
|
![]() |
1/11/2005 9:20:03 PM |
"kayodeok" wrote: > Doug wrote in grc.news.latestversions: > >> Is this in addition to Microsoft AntiSpyware Beta 1? > > yes I beg to differ, it's a 'stand-alone' tool which is not a plug-in the MS anti-spyware (MSAS). http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en Or, http://snipurl.com/bxw7 Silj -- siljaline MS - MVP Windows (IE/OE) 2003/04 AH-VSOP _______________________________________ |
||||||||
|
![]() |
1/11/2005 10:25:27 PM |
siljaline wrote in grc.news.latestversions: > "kayodeok" wrote: >> Doug wrote in grc.news.latestversions: >> >>> Is this in addition to Microsoft AntiSpyware Beta 1? >> >> yes > > I beg to differ, it's a 'stand-alone' tool which is not a plug-in > the MS anti-spyware (MSAS). Isn't that what I said? "Is this in addition to Microsoft AntiSpyware Beta 1?" "yes" In other words, we have Microsoft AntiSpyware Beta 1 and then we have another utility - Microsoft Malicious Software Removal Tool. We now have *two* utilities; (1) Microsoft AntiSpyware Beta 1 and (2) Microsoft Malicious Software Removal Tool Am I missing something here? "Is this in addition to Microsoft AntiSpyware Beta 1?" "yes" I don't see anything wrong in my answer except that it perhaps needs fleshing out. -- Kayode Okeyode http://del.icio.us/kayodeok http://www.kayodeok.co.uk/weblog/ |
||||||||
|
![]() |
1/11/2005 10:42:18 PM |
In grc.news.latestversions kayodeok wrote: > siljaline wrote in grc.news.latestversions: > >> "kayodeok" wrote: >>> Doug wrote in grc.news.latestversions: [ ] > > "Is this in addition to Microsoft AntiSpyware Beta 1?" > "yes" I suggest that the reader read "Is this an addition..." (ie "Add-in") |
||||||||
|
![]() |
1/11/2005 10:54:09 PM |
kayodeok wrote: > siljaline wrote in grc.news.latestversions: > > > Am I missing something here? > > "Is this in addition to Microsoft AntiSpyware Beta 1?" > "yes" > > I don't see anything wrong in my answer except that it perhaps needs > fleshing out. > looked like substance was merely lost in translation ... -- poo .... the sound of inevitability |
||||||||
|
![]() |
1/12/2005 1:03:47 AM |
siljaline wrote: > http://www.microsoft.com/security/malwareremove/default.mspx > > Silj > > Impression is that this is a "Stinger" like program, targeting only specific viruses... |
||||||||
|
![]() |
1/12/2005 1:20:27 AM |
siljaline wrote: > http://www.microsoft.com/security/malwareremove/default.mspx > > Silj > > Wait a **** minute here! This tool just showed up on my Windows Update! It's probably a good thing that it came out, and maybe after it is out for a while and is proven to do no harm it would be OK for it to be automatic, but to set me up to download it on the first day? I think not! At least I am setup to get notices only so I got to see what it wanted to do first... (This is my first, shocked, reaction. I'm sure (almost) that it won't run, but I'll bet it installs. Arrogant pukes) |
||||||||
|
![]() |
1/12/2005 1:50:00 AM |
While parsing 'grc.security.software', I found "Nobody" stating: > siljaline wrote: > > > http://www.microsoft.com/security/malwareremove/default.mspx > > > > Silj > Wait a **** minute here! This tool just showed up on my Windows Update! > > It's probably a good thing that it came out, and maybe after it is out for a while and is proven to do no harm it would be OK for it to be automatic, but to set me up to download it on the first day? I think not! At least I am setup to get notices only so I got to see what it wanted to do first... > > (This is my first, shocked, reaction. I'm sure (almost) that it won't run, but I'll bet it installs. Arrogant pukes) LOL -- I know what you mean. I came here first and read up on it before I clicked that purdy yellow systray icon! There's more info in earlier threads by kayodeok -- lots of good links... :) |
||||||||
|
![]() |
1/12/2005 1:58:32 AM |
>There's more info in earlier > threads by kayodeok -- lots of good links... :) Message-ID: |
||||||||
|
![]() |
1/12/2005 2:00:51 AM |
http://forum.aumha.org/viewtopic.php?t=10865 Silj -- siljaline MS - MVP Windows (IE/OE) 2003/04 AH-VSOP _______________________________________ |
||||||||
|
![]() |
1/12/2005 2:08:18 AM |
Nobody wrote: > siljaline wrote: > >> http://www.microsoft.com/security/malwareremove/default.mspx >> >> Silj >> >> > Wait a **** minute here! This tool just showed up on my Windows Update! > > but I'll bet it installs. Arrogant pukes) MS said it shows up in XP windows update but not w2k or 2003. I ran *mst* -- MS says it does not install, merely scans for several malcodes and removes. scan is quick and just starts, less than 1 min, found nothing here. DLs as exe (cab) I think it puts mst in temp folder and runs. when it's done, MS says the temp folder will delete after reboot. they say they will update this tool every month... -- poo .... the sound of inevitability |
||||||||
|
![]() |
1/12/2005 2:26:35 AM |
Wandering aimlessly about grc.news.latestversions,grc.security.software, I heard Nobody say: > siljaline wrote: > >> http://www.microsoft.com/security/malwareremove/default.mspx >> >> Silj >> > Wait a **** minute here! This tool just showed up on my Windows Update! > > It's probably a good thing that it came out, and maybe after it is out > for a while and is proven to do no harm it would be OK for it to be > automatic, but to set me up to download it on the first day? I think > not! At least I am setup to get notices only so I got to see what it > wanted to do first... > > (This is my first, shocked, reaction. I'm sure (almost) that it won't > run, but I'll bet it installs. Arrogant pukes) You'd lose the bet, since there is no "installation" involved. The "arrogant pukes" are offering a tool via the update process that does *not* install anything, does *not* even download unless you accept the displayed EULA, even on automatic updates, and if the EULA is accepted, downloads and runs, and then deletes itself. Still "shocked"? -- Dutch GRC Newsgroups/Guidelines/No Regrets http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863 |
||||||||
|
![]() |
1/12/2005 3:39:16 AM |
> siljaline scribbled: > http://www.microsoft.com/security/malwareremove/default.mspx I allowed WU to install it, but also manually downloaded it. I went back to WU after rebooting, but there is nothing on that page that allows me to run the tool.... The only way I have found to run it is by manually downloading the install file from: http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en ....and double clicking on it. It means you have to agree to the EULA each time.... :-( No way of automating it's scan through task scheduler when that has to be done by the user... This webpage http://support.microsoft.com/?kbid=890830 says:When the Malicious Software Removal Tool runs, it performs the following functions. Except where noted, the tool has the same behavior independent of what command-line switches you use or how you download and run the tool. Note that the tool is not actually installed on a computer. Therefore, no entry is created for it in the Programs folder or in Add/Remove Programs. |
||||||||
|
![]() |
1/12/2005 6:05:30 AM |
I understood ... thanks for the info doug |
||||||||
|
![]() |
1/12/2005 10:55:28 AM |
In grc.news.latestversions Nobody wrote: > siljaline wrote: > >> http://www.microsoft.com/security/malwareremove/default.mspx >> > > Impression is that this is a "Stinger" like program, targeting only > specific viruses... Except that the MSRT *only* scans for selected *active* malware. Stinger scans files on disk as well. http://support.microsoft.com/?kbid=890830 "Q16: Why does my antivirus product take longer to scan my computer than this tool? A16: Unlike an antivirus product, the Malicious Software Removal Tool scans only for "active" malicious software. Specifically, the tool does not scan the whole hard disk. ..." |
||||||||
|
![]() |
1/12/2005 2:16:05 PM |
In grc.news.latestversions Max Burke wrote: >> siljaline scribbled: >> http://www.microsoft.com/security/malwareremove/default.mspx > > I allowed WU to install it, but also manually downloaded it. I > went back to WU after rebooting, but there is nothing on that page > that allows me to run the tool.... [ ] > ...and double clicking on it. It means you have to agree to the > EULA each time.... :-( > No way of automating it's scan through task scheduler when that > has to be done by the user... > > This webpage http://support.microsoft.com/?kbid=890830 says: > >> When the Malicious Software Removal Tool runs, it performs the > following functions. Except where noted, the tool has the same [ ] > ...which appears to say that it doesn't actually install an > 'executable' on the hard drive that users can run. AFAICT the executable is "stand-alone" with the possibility of skipping the EULA each time *only* if it is "installed" via WU and if XP. Likely a registry setting somewhere. > Still looking CLOSELY at what it reports back to Microsoft each > time it's run. Dont know how that's going to work if I'm not > online when I run it. http://support.microsoft.com/?kbid=890830 "EULA display" "Reporting infection information" "Reporting component" and others... |
||||||||
|
![]() |
1/12/2005 2:25:04 PM |
Mark V wrote: > In grc.news.latestversions Max Burke wrote: > > AFAICT the executable is "stand-alone" with the possibility of > skipping the EULA each time *only* if it is "installed" via WU and if > XP. Likely a registry setting somewhere. > even directly running just the mrt.exe GUI from temp dir opens EULA here, "accept" and it starts immediately, no trace that it phoned home but it also reported as clean so nothing to report ... -- poo .... the sound of inevitability |
||||||||
|
![]() |
1/12/2005 7:52:52 PM |
"Max Burke" |
||||||||
|
![]() |
1/12/2005 8:07:15 PM |
Mark V wrote: > In grc.news.latestversions kayodeok wrote: > > >>siljaline wrote in grc.news.latestversions: >> >> >>>"kayodeok" wrote: >>> >>>>Doug wrote in grc.news.latestversions: > > [ ] > >>"Is this in addition to Microsoft AntiSpyware Beta 1?" >>"yes" > > > I suggest that the reader read "Is this an addition..." > (ie "Add-in") Absolutely. "Silj" read "an" rather than "in". Oh!, the joys of English :-) -- Tony.P |
||||||||
|
![]() |
1/12/2005 8:10:01 PM |
Daniel Bragg wrote: > "Max Burke" |
||||||||
|
![]() |
1/12/2005 8:24:38 PM |
Daniel Bragg wrote: > "Max Burke" |
||||||||
|
![]() |
1/12/2005 8:28:46 PM |
Wandering aimlessly about grc.news.latestversions, I heard TCM say: > Daniel Bragg wrote: >> "Max Burke" |
||||||||
|
![]() |
1/12/2005 8:39:18 PM |
TCM wrote, in post news:cs4[email protected] : > Daniel Bragg wrote: >> "Max Burke" |
||||||||
|
![]() |
1/12/2005 10:24:25 PM |
PrivacyZealot wrote: > TCM wrote, > in post news:[email protected] : > > I downloaded the tool during a WU session but couldn't find hide nor > hair of it when the session was through, so I just moved on over > to the MS download site and DL'd it to a folder. It's named > Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet, > size 255KB. You click it, a wizard-like screen appears, you click > "Accept all terms yada...", click Next, and maybe 3 seconds later > you get the results. Is it just scanning RAM or what? I guess it's > better to have than not to have. A quick second opinion sorta. > PZ > - when you run windows-kb..-enu.exe it creates a new 'temp' directory where it deposits mrt.exe. I renamed mrt and moved it to a new location, still runs ok, and appends to debug .log. -- poo .... the sound of inevitability |
||||||||
|
![]() |
1/12/2005 11:48:09 PM |
> poo0gimmal scribbled: > when you run windows-kb..-enu.exe it creates a new 'temp' directory > where it deposits mrt.exe. I renamed mrt and moved it to a > new location, still runs ok, and appends to debug .log. Two command line switches for this tool.... /Q runs in quiet mode. Does NOT prompt user to accept the EULA. (So it can be a scheduled task after all) /? displays version, language, etc.... The only 'annoyance' I have know is that it renames a temp file that GRR warns about, and asks if the change should be allowed.... -- [email protected] Replace the obvious with paradise.net to email me Found Images http://homepages.paradise.net.nz/~mlvburke |
||||||||
|
![]() |
1/13/2005 4:50:06 AM |
On Wed, 12 Jan 2005 17:48:09 -0600, poo0gimmal wrote: > PrivacyZealot wrote: >> TCM wrote, >> in post news:[email protected] : >> >> I downloaded the tool during a WU session but couldn't find hide nor >> hair of it when the session was through, so I just moved on over >> to the MS download site and DL'd it to a folder. It's named >> Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet, >> size 255KB. You click it, a wizard-like screen appears, you click >> "Accept all terms yada...", click Next, and maybe 3 seconds later >> you get the results. Is it just scanning RAM or what? I guess it's >> better to have than not to have. A quick second opinion sorta. >> PZ >> - > > when you run windows-kb..-enu.exe it creates a new 'temp' directory > where it deposits mrt.exe. I renamed mrt and moved it to a > new location, still runs ok, and appends to debug .log. According to FileAlyzer it's a self extracting cab file (internal name SFXCAB.EXE), so each time it is run, it acts like a patch, except that it searches and reports, rather than replacing system files and crocking your box..... Fits on floppy disk too. -- Parker Molin |
||||||||
|
![]() |
1/13/2005 5:56:30 PM |
Parker Molin wrote: > crocking your box..... Haven't heard this one... ?? :-) |
||||||||
|
![]() |
1/13/2005 7:34:08 PM |
Dutch wrote: > Wandering aimlessly about grc.news.latestversions,grc.security.software, > I heard Nobody say: > >>siljaline wrote: >> >> >>>http://www.microsoft.com/security/malwareremove/default.mspx >>> >>>Silj >>> >> >>Wait a **** minute here! This tool just showed up on my Windows Update! >> >>It's probably a good thing that it came out, and maybe after it is out >>for a while and is proven to do no harm it would be OK for it to be >>automatic, but to set me up to download it on the first day? I think >>not! At least I am setup to get notices only so I got to see what it >>wanted to do first... >> >>(This is my first, shocked, reaction. I'm sure (almost) that it won't >>run, but I'll bet it installs. Arrogant pukes) > > You'd lose the bet, since there is no "installation" involved. The > "arrogant pukes" are offering a tool via the update process that does > *not* install anything, does *not* even download unless you accept the > displayed EULA, even on automatic updates, and if the EULA is accepted, > downloads and runs, and then deletes itself. Still "shocked"? Yeah, sorry. Independent of their motives, I think it is totally inappropriate, even with a eula (that most will not read), for MS to (as part of their patching service) download an executable, run it, and delete it without ANY visible indication of what just took place (unless it finds something). They haven't even publicly indicated (that I have seen at least) that there is a log file left on the system with the results of the scan. This makes them "arrogant pukes", IMO, because this is the typical "we know what's best for you" attitude that they seem to always apply to us "stupid customers". If I may paraphrase Steve, 'This is my (****) computer', and they are not entitled to treat it like it was theirs. This is NOT MS bashing. It wouldn't matter a **** to me what company did this, it would still be unacceptable. |
||||||||
|
![]() |
1/13/2005 9:42:48 PM |
Wandering aimlessly about grc.security.software, I heard Nobody say: > Dutch wrote: > >> Wandering aimlessly about grc.news.latestversions,grc.security.software, >> I heard Nobody say: [...] >>>Wait a **** minute here! This tool just showed up on my Windows Update! >[...] >>>(This is my first, shocked, reaction. I'm sure (almost) that it won't >>>run, but I'll bet it installs. Arrogant pukes) > >> You'd lose the bet, since there is no "installation" involved. The >> "arrogant pukes" are offering a tool via the update process that does >> *not* install anything, does *not* even download unless you accept the >> displayed EULA, even on automatic updates, and if the EULA is accepted, >> downloads and runs, and then deletes itself. Still "shocked"? > > Yeah, sorry. Independent of their motives, I think it is totally > inappropriate, even with a eula (that most will not read), for MS to (as > part of their patching service) download an executable, run it, and > delete it without ANY visible indication of what just took place (unless > it finds something). They haven't even publicly indicated (that I have > seen at least) that there is a log file left on the system with the > results of the scan. > This makes them "arrogant pukes", IMO, because this is the typical "we > know what's best for you" attitude that they seem to always apply to us > "stupid customers". > If I may paraphrase Steve, 'This is my (****) computer', and they are > not entitled to treat it like it was theirs. This is NOT MS bashing. > It wouldn't matter a **** to me what company did this, it would still be > unacceptable. Whatever, but isn't that pretty much what many of the updates also do? They download, run some not so obvious process to fix "you know not what", and then exit, leaving nothing behind except an indication that the patch has been installed. Why is this tool seen any differently? -- Dutch GRC Newsgroups/Guidelines/No Regrets http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863 |
||||||||
|
![]() |
1/13/2005 10:21:53 PM |
Dutch wrote: > > Whatever, but isn't that pretty much what many of the updates also do? > They download, run some not so obvious process to fix "you know not > what", and then exit, leaving nothing behind except an indication that > the patch has been installed. Why is this tool seen any differently? Definitely! I've got an XPH laptop and the MSRT shows just like another update. And the other EXEs are gone too unless they persist in a temp folder somewhere. |
||||||||
|
![]() |
1/13/2005 11:55:54 PM |
Dutch wrote: > Wandering aimlessly about grc.security.software, I heard Nobody say: > > >>Dutch wrote: >> >> >>>Wandering aimlessly about grc.news.latestversions,grc.security.software, >>>I heard Nobody say: > > >>Yeah, sorry. Independent of their motives, I think it is totally >>inappropriate, even with a eula (that most will not read), for MS to (as >>part of their patching service) download an executable, run it, and >>delete it without ANY visible indication of what just took place (unless >>it finds something). They haven't even publicly indicated (that I have >>seen at least) that there is a log file left on the system with the >>results of the scan. >>This makes them "arrogant pukes", IMO, because this is the typical "we >>know what's best for you" attitude that they seem to always apply to us >>"stupid customers". >>If I may paraphrase Steve, 'This is my (****) computer', and they are >>not entitled to treat it like it was theirs. This is NOT MS bashing. >>It wouldn't matter a **** to me what company did this, it would still be >>unacceptable. > > > Whatever, but isn't that pretty much what many of the updates also do? > They download, run some not so obvious process to fix "you know not > what", and then exit, leaving nothing behind except an indication that > the patch has been installed. Why is this tool seen any differently? Because it is NOT a patch, and it is NOT fixing something that is broken (or flawed, unless you consider the OS flawed because it doesn't include AV). It is a new, separate (albeit free) product. As far as I'm concerned, they could allay my objection by adding at the top of the EULA, in red type, "Warning, accepting this EULA will result the downloading and running of a simple AV program that will only report results if it finds a problem". I understand that the EULA may already say something to this effect, but since this particular tool does something different than one would expect from an "Update" I think it needs to be more clear. The red text would draw more attention to the fact that this is different. |
||||||||
|
![]() |
1/14/2005 12:25:27 AM |
Wandering aimlessly about grc.security.software, I heard Nobody say: > Dutch wrote: > >> Wandering aimlessly about grc.security.software, I heard Nobody say: >> [...] >>>Yeah, sorry. Independent of their motives, I think it is totally >>>inappropriate, even with a eula (that most will not read), for MS to (as >>>part of their patching service) download an executable, run it, and >>>delete it without ANY visible indication of what just took place (unless >>>it finds something). They haven't even publicly indicated (that I have >>>seen at least) that there is a log file left on the system with the >>>results of the scan. >>>This makes them "arrogant pukes", IMO, because this is the typical "we >>>know what's best for you" attitude that they seem to always apply to us >>>"stupid customers". >>>If I may paraphrase Steve, 'This is my (****) computer', and they are >>>not entitled to treat it like it was theirs. This is NOT MS bashing. >>>It wouldn't matter a **** to me what company did this, it would still be >>>unacceptable. < > >> Whatever, but isn't that pretty much what many of the updates also do? >> They download, run some not so obvious process to fix "you know not >> what", and then exit, leaving nothing behind except an indication that >> the patch has been installed. Why is this tool seen any differently? > > Because it is NOT a patch, and it is NOT fixing something that is broken > (or flawed, unless you consider the OS flawed because it doesn't include > AV). It is a new, separate (albeit free) product. Removing trojans if they exist is not "fixing" anything? > As far as I'm concerned, they could allay my objection by adding at the > top of the EULA, in red type, "Warning, accepting this EULA will result > the downloading and running of a simple AV program that will only report > results if it finds a problem". I understand that the EULA may already > say something to this effect, but since this particular tool does > something different than one would expect from an "Update" I think it > needs to be more clear. The red text would draw more attention to the > fact that this is different. Ok, I'll accept that having the EULA text in red would likely catch the attention of a few more people long enough to read the very first paragraph of section 1, where exactly what the tool does is clearly spelled out. IMHO, most would still just "click-n-go", which is exactly why having the tool run "automagically", as it does for auto updates, is a good thing. Those are the very same people most likely to be infected... -- Dutch GRC Newsgroups/Guidelines/No Regrets http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863 |
||||||||
|
![]() |
1/14/2005 1:37:47 AM |
While parsing 'grc.security.software', I found "Dutch" stating: > Wandering aimlessly about grc.security.software, I heard Nobody say: > > > Dutch wrote: > > > >> Wandering aimlessly about grc.security.software, I heard Nobody say: > >> > [...] > > > > Yeah, sorry. Independent of their motives, I think it is totally > > > > inappropriate, even with a eula (that most will not read), for MS to (as > > > > part of their patching service) download an executable, run it, and > > > > delete it without ANY visible indication of what just took place (unless > > > > it finds something). They haven't even publicly indicated (that I have > > > > seen at least) that there is a log file left on the system with the > > > > results of the scan. > > > > This makes them "arrogant pukes", IMO, because this is the typical "we > > > > know what's best for you" attitude that they seem to always apply to us > > > > "stupid customers". > > > > If I may paraphrase Steve, 'This is my (****) computer', and they are > > > > not entitled to treat it like it was theirs. This is NOT MS bashing. > > > > It wouldn't matter a **** to me what company did this, it would still be > > > > unacceptable. > < > > >> Whatever, but isn't that pretty much what many of the updates also do? > >> They download, run some not so obvious process to fix "you know not > >> what", and then exit, leaving nothing behind except an indication that > >> the patch has been installed. Why is this tool seen any differently? > > > > Because it is NOT a patch, and it is NOT fixing something that is broken > > (or flawed, unless you consider the OS flawed because it doesn't include > > AV). It is a new, separate (albeit free) product. > > Removing trojans if they exist is not "fixing" anything? > > > As far as I'm concerned, they could allay my objection by adding at the > > top of the EULA, in red type, "Warning, accepting this EULA will result > > the downloading and running of a simple AV program that will only report > > results if it finds a problem". I understand that the EULA may already > > say something to this effect, but since this particular tool does > > something different than one would expect from an "Update" I think it > > needs to be more clear. The red text would draw more attention to the > > fact that this is different. > Ok, I'll accept that having the EULA text in red would likely catch the > attention of a few more people long enough to read the very first > paragraph of section 1, where exactly what the tool does is clearly > spelled out. IMHO, most would still just "click-n-go", which is exactly > why having the tool run "automagically", as it does for auto updates, is > a good thing. Those are the very same people most likely to be > infected... Am I allowed to agree with both of you? I like AVG's method of notification with their updates, but OTOH, I rarely read them and usually just click through anyway... |
||||||||
|
![]() |
1/14/2005 2:57:24 AM |
On article |
||||||||
|
![]() |
1/22/2005 12:31:07 PM |
"Euler German" wrote: > On article |
||||||||
|
![]() |
1/22/2005 4:26:16 PM |