Microsoft Malicious Software Removal Tool

http://www.microsoft.com/security/malwareremove/default.mspx

Silj


-- 
siljaline 

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP    
_______________________________________
0
siljaline 1/11/2005 8:55:32 PM
📁 grc.news.latestversions
📃 8022 articles.
⭐ 1 followers.

💬 36 Replies
👁️‍🗨️ 29 Views
Is this in addition to Microsoft AntiSpyware Beta 1?

doug
0
Doug 1/11/2005 9:12:38 PM
Doug wrote in grc.news.latestversions:

> Is this in addition to Microsoft AntiSpyware Beta 1? 

yes

-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok 1/11/2005 9:20:03 PM
"kayodeok" wrote:
> Doug wrote in grc.news.latestversions:
>
>> Is this in addition to Microsoft AntiSpyware Beta 1?
>
> yes

I beg to differ, it's a 'stand-alone' tool which is not a plug-in the
MS anti-spyware (MSAS).
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Or, http://snipurl.com/bxw7

Silj

-- 
siljaline

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP
_______________________________________
0
siljaline 1/11/2005 10:25:27 PM
siljaline wrote in grc.news.latestversions:

> "kayodeok" wrote:
>> Doug wrote in grc.news.latestversions:
>>
>>> Is this in addition to Microsoft AntiSpyware Beta 1?
>>
>> yes
> 
> I beg to differ, it's a 'stand-alone' tool which is not a plug-in
> the MS anti-spyware (MSAS).

Isn't that what I said?

"Is this in addition to Microsoft AntiSpyware Beta 1?"
"yes"

In other words, we have Microsoft AntiSpyware Beta 1 and then we have 
another utility - Microsoft Malicious Software Removal Tool.  

We now have *two* utilities; 
(1) Microsoft AntiSpyware Beta 1 and 
(2) Microsoft Malicious Software Removal Tool

Am I missing something here?

"Is this in addition to Microsoft AntiSpyware Beta 1?"
"yes"

I don't see anything wrong in my answer except that it perhaps needs 
fleshing out.


-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok 1/11/2005 10:42:18 PM
In grc.news.latestversions kayodeok wrote:

> siljaline wrote in grc.news.latestversions:
> 
>> "kayodeok" wrote:
>>> Doug wrote in grc.news.latestversions:
[ ]
> 
> "Is this in addition to Microsoft AntiSpyware Beta 1?"
> "yes"

I suggest that the reader read "Is this an addition..." 
(ie "Add-in")
0
Mark 1/11/2005 10:54:09 PM
kayodeok wrote:
> siljaline wrote in grc.news.latestversions:
> 
> 
> Am I missing something here?
> 
> "Is this in addition to Microsoft AntiSpyware Beta 1?"
> "yes"
> 
> I don't see anything wrong in my answer except that it perhaps needs 
> fleshing out.
> 

looked like substance was merely lost in translation ...
-- 
poo
.... the sound of inevitability
0
poo0gimmal 1/12/2005 1:03:47 AM
siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 

Impression is that this is a "Stinger" like program, targeting only 
specific viruses...
0
Nobody 1/12/2005 1:20:27 AM
siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 
Wait a **** minute here!  This tool just showed up on my Windows Update!

It's probably a good thing that it came out, and maybe after it is out 
for a while and is proven to do no harm it would be OK for it to be 
automatic, but to set me up to download it on the first day?  I think 
not!  At least I am setup to get notices only so I got to see what it 
wanted to do first...

(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
run, but I'll bet it installs.  Arrogant pukes)
0
Nobody 1/12/2005 1:50:00 AM
While parsing 'grc.security.software', I found "Nobody" stating:

> siljaline wrote:
> 
> > http://www.microsoft.com/security/malwareremove/default.mspx
> > 
> > Silj

> Wait a **** minute here!  This tool just showed up on my Windows Update!
> 
> It's probably a good thing that it came out, and maybe after it is out for a while and is proven to do no harm it would be OK for it to be automatic, but to set me up to download it on the first day?  I think not!  At least I am setup to get notices only so I got to see what it wanted to do first...
> 
> (This is my first, shocked, reaction.  I'm sure (almost) that it won't run, but I'll bet it installs.  Arrogant pukes)

LOL -- I know what you mean. I came here first and read up on it before
I clicked that purdy yellow systray icon! There's more info in earlier
threads by kayodeok -- lots of good links... :)
0
Axn 1/12/2005 1:58:32 AM
>There's more info in earlier
> threads by kayodeok -- lots of good links... :)

Message-ID: 
Date: Tue, 11 Jan 2005 18:41:26 +0000 (UTC)
0
Axn 1/12/2005 2:00:51 AM
http://forum.aumha.org/viewtopic.php?t=10865

Silj

-- 
siljaline 

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP    
_______________________________________
0
siljaline 1/12/2005 2:08:18 AM
Nobody wrote:
> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>>
>> Silj
>>
>>
> Wait a **** minute here!  This tool just showed up on my Windows Update!
> 
> but I'll bet it installs.  Arrogant pukes)

MS said it shows up in XP windows update but not w2k
or 2003.  I ran *mst* -- MS says it does not install,
merely scans for several malcodes and removes.  scan is
quick and just starts, less than 1 min, found nothing here.
DLs as exe (cab) I think it puts mst in temp folder and
runs.  when it's done, MS says the temp folder will
delete after reboot.  they say they will update this
tool every month...


-- 
poo
.... the sound of inevitability
0
poo0gimmal 1/12/2005 2:26:35 AM
Wandering aimlessly about grc.news.latestversions,grc.security.software,
I heard Nobody say:

> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 
>> Silj
>> 
> Wait a **** minute here!  This tool just showed up on my Windows Update!
> 
> It's probably a good thing that it came out, and maybe after it is out 
> for a while and is proven to do no harm it would be OK for it to be 
> automatic, but to set me up to download it on the first day?  I think 
> not!  At least I am setup to get notices only so I got to see what it 
> wanted to do first...
> 
> (This is my first, shocked, reaction.  I'm sure (almost) that it won't 
> run, but I'll bet it installs.  Arrogant pukes)

You'd lose the bet, since there is no "installation" involved. The
"arrogant pukes" are offering a tool via the update process that does
*not* install anything, does *not* even download unless you accept the
displayed EULA, even on automatic updates, and if the EULA is accepted,
downloads and runs, and then deletes itself. Still "shocked"?



-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch 1/12/2005 3:39:16 AM
> siljaline scribbled: 
> http://www.microsoft.com/security/malwareremove/default.mspx

I allowed WU to install it, but also manually downloaded it. I went back to 
WU after rebooting, but there is nothing on that page that allows me to run 
the tool....

The only way I have found to run it is by manually downloading the install 
file from:

http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

....and double clicking on it. It means you have to agree to the EULA each 
time....   :-(
No way of automating it's scan through task scheduler when that has to be 
done by the user...

This webpage http://support.microsoft.com/?kbid=890830 says:


When the Malicious Software Removal Tool runs, it performs the following 
functions. Except where noted, the tool has the same behavior independent of 
what command-line switches you use or how you download and run the tool. 
Note that the tool is not actually installed on a computer. Therefore, no 
entry is created for it in the Programs folder or in Add/Remove Programs.


....which appears to say that it doesn't actually install an 'executable' on 
the hard drive that users can run.

Still looking CLOSELY at what it reports back to Microsoft each time it's 
run.  Dont know how that's going to work if I'm not online when I run it.

-- 
[email protected]
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke 
0
Max 1/12/2005 6:05:30 AM
I understood ... thanks for the info

doug
0
Doug 1/12/2005 10:55:28 AM
In grc.news.latestversions Nobody wrote:

> siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 

> 
> Impression is that this is a "Stinger" like program, targeting only 
> specific viruses...

Except that the MSRT *only* scans for selected *active* malware.  
Stinger scans files on disk as well.

http://support.microsoft.com/?kbid=890830
 "Q16: Why does my antivirus product take longer to scan my 
       computer than this tool?
  A16: Unlike an antivirus product, the Malicious Software Removal Tool
  scans only for "active" malicious software. Specifically, the tool
  does not scan the whole hard disk. ..."
0
Mark 1/12/2005 2:16:05 PM
In grc.news.latestversions Max Burke wrote:

>> siljaline scribbled: 
>> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> I allowed WU to install it, but also manually downloaded it. I
> went back to WU after rebooting, but there is nothing on that page
> that allows me to run the tool....
[ ]

> ...and double clicking on it. It means you have to agree to the
> EULA each time....   :-(
> No way of automating it's scan through task scheduler when that
> has to be done by the user...
> 
> This webpage http://support.microsoft.com/?kbid=890830 says:
> 
> 
> When the Malicious Software Removal Tool runs, it performs the
> following functions. Except where noted, the tool has the same
[ ]

> ...which appears to say that it doesn't actually install an
> 'executable' on the hard drive that users can run.

AFAICT the executable is "stand-alone" with the possibility of 
skipping the EULA each time *only* if it is "installed" via WU and if 
XP.  Likely a registry setting somewhere.

> Still looking CLOSELY at what it reports back to Microsoft each
> time it's run.  Dont know how that's going to work if I'm not
> online when I run it. 

http://support.microsoft.com/?kbid=890830
 "EULA display"
 "Reporting infection information"
 "Reporting component"
and others...
0
Mark 1/12/2005 2:25:04 PM
Mark V wrote:
> In grc.news.latestversions Max Burke wrote:
> 
> AFAICT the executable is "stand-alone" with the possibility of 
> skipping the EULA each time *only* if it is "installed" via WU and if 
> XP.  Likely a registry setting somewhere.
> 

even directly running just the mrt.exe GUI from temp dir
opens EULA here, "accept" and it starts immediately, no
trace that it phoned home but it also reported as clean
so nothing to report ...


-- 
poo
.... the sound of inevitability
0
poo0gimmal 1/12/2005 7:52:52 PM
"Max Burke"  wrote in
news:[email protected]: 

>> siljaline scribbled: 
>> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> I allowed WU to install it, but also manually downloaded it. I went
> back to WU after rebooting, but there is nothing on that page that
> allows me to run the tool....

I also "downloaded" it using the Windows update, and saw nothing different 
on my screen.  However, after doing some digging, I found a new file, 
MRT.LOG, in my C:\Windows\Debug folder with the following content:


Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Wed Jan 12 08:35:11 2005


Removal Tool Results:
No infection found.

Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
2005


So, I'm guessing that users will only be made aware of it running if 
something is found.

I've always been critical of M$ "minimal information" policy.  In this 
case, if a user has "asked" for it, M$ should be considerate enough to tell 
you what happened...

Daniel Bragg
0
Daniel 1/12/2005 8:07:15 PM
Mark V wrote:
> In grc.news.latestversions kayodeok wrote:
> 
> 
>>siljaline wrote in grc.news.latestversions:
>>
>>
>>>"kayodeok" wrote:
>>>
>>>>Doug wrote in grc.news.latestversions:
> 
> [ ]
> 
>>"Is this in addition to Microsoft AntiSpyware Beta 1?"
>>"yes"
> 
> 
> I suggest that the reader read "Is this an addition..." 
> (ie "Add-in")

Absolutely.

"Silj" read "an" rather than "in".

Oh!, the joys of English :-)

-- 
Tony.P
0
Tony 1/12/2005 8:10:01 PM
Daniel Bragg wrote:
> "Max Burke"  wrote in
> news:[email protected]: 

> after doing some digging, I found a new file, 
> MRT.LOG, in my C:\Windows\Debug folder with the following content:

same here on w2k_****:\winnt\debug\mrt.log
it appends newer info to old.
I did not use WUP but rather did a download.


-- 
poo
.... the sound of inevitability
0
poo0gimmal 1/12/2005 8:24:38 PM
Daniel Bragg wrote:
> "Max Burke"  wrote in

> I also "downloaded" it using the Windows update, and saw nothing different 
> on my screen.  However, after doing some digging, I found a new file, 
> MRT.LOG, in my C:\Windows\Debug folder with the following content:
> 
> 
> Microsoft Malicious Software Removal Tool v1.0, January 2005
> Started On Wed Jan 12 08:35:11 2005
> 
> 
> Removal Tool Results:
> No infection found.
> 
> Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
> 2005
> 
> 
> So, I'm guessing that users will only be made aware of it running if 
> something is found.
> 
> I've always been critical of M$ "minimal information" policy.  In this 
> case, if a user has "asked" for it, M$ should be considerate enough to tell 
> you what happened...
> 
> Daniel Bragg
Same here. I put a shortcut to the file on my desktop so I can look in 
it occasionally. There's gotta be a file somewhere that runs it though 
.... wouldn't you think?

-- 
Get Firefox! Rediscover the web.
http://www.mozilla.org/products/firefox/
0
TCM 1/12/2005 8:28:46 PM
Wandering aimlessly about grc.news.latestversions, I heard TCM say:

> Daniel Bragg wrote:
>> "Max Burke"  wrote in
> 
>> I also "downloaded" it using the Windows update, and saw nothing different 
>> on my screen.  However, after doing some digging, I found a new file, 
>> MRT.LOG, in my C:\Windows\Debug folder with the following content:
>> 
>> Microsoft Malicious Software Removal Tool v1.0, January 2005
>> Started On Wed Jan 12 08:35:11 2005
>> 
>> Removal Tool Results:
>> No infection found.
<> 
>> Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 08:35:13 
>> 2005
>> 
>> So, I'm guessing that users will only be made aware of it running if 
>> something is found.
>> 
>> I've always been critical of M$ "minimal information" policy.  In this 
>> case, if a user has "asked" for it, M$ should be considerate enough to tell 
>> you what happened...
>> 
> Same here. I put a shortcut to the file on my desktop so I can look in 
> it occasionally. There's gotta be a file somewhere that runs it though 
> ... wouldn't you think?

If you got the MSRT from WU, it ran in "quiet" mode, and was then
deleted on completion of the run.

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch 1/12/2005 8:39:18 PM
     TCM wrote,
     in post  news:cs4[email protected] :
> Daniel Bragg wrote:
>> "Max Burke"  wrote in
>
>> I also "downloaded" it using the Windows update, and saw nothing
>> different on my screen.  However, after doing some digging, I found
>> a new file, MRT.LOG, in my C:\Windows\Debug folder with the
>> following content:
[...]
>> So, I'm guessing that users will only be made aware of it running if
>> something is found.
>>
>> I've always been critical of M$ "minimal information" policy.  In
>> this case, if a user has "asked" for it, M$ should be considerate
>> enough to tell you what happened...
>>
>> Daniel Bragg
> Same here. I put a shortcut to the file on my desktop so I can look in
> it occasionally. There's gotta be a file somewhere that runs it though
> ... wouldn't you think?


I downloaded the tool during a WU session but couldn't find hide nor
hair of it when the session was through, so I just moved on over
to the MS download site and DL'd it to a folder. It's named
Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
size 255KB. You click it, a wizard-like screen appears, you click
"Accept all terms yada...", click Next, and maybe 3 seconds later
you get the results. Is it just scanning RAM or what? I guess it's
better to have than not to have. A quick second opinion sorta.
 PZ
-
0
PrivacyZealot 1/12/2005 10:24:25 PM
PrivacyZealot wrote:
>      TCM wrote,
>      in post  news:[email protected] :
> 
> I downloaded the tool during a WU session but couldn't find hide nor
> hair of it when the session was through, so I just moved on over
> to the MS download site and DL'd it to a folder. It's named
> Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
> size 255KB. You click it, a wizard-like screen appears, you click
> "Accept all terms yada...", click Next, and maybe 3 seconds later
> you get the results. Is it just scanning RAM or what? I guess it's
> better to have than not to have. A quick second opinion sorta.
>  PZ
> -

when you run windows-kb..-enu.exe it creates a new 'temp' directory
where it deposits mrt.exe.  I renamed mrt and moved it to a
new location, still runs ok, and appends to debug .log.


-- 
poo
.... the sound of inevitability
0
poo0gimmal 1/12/2005 11:48:09 PM
> poo0gimmal scribbled:
> when you run windows-kb..-enu.exe it creates a new 'temp' directory
> where it deposits mrt.exe.  I renamed mrt and moved it to a
> new location, still runs ok, and appends to debug .log.

Two command line switches for this tool....

/Q    runs in quiet mode. Does NOT prompt user to accept the EULA.  (So it 
can be a scheduled task after all)

/?  displays version, language, etc....

The only 'annoyance' I have know is that it renames a temp file that GRR 
warns about, and asks if the change should be allowed....



-- 
[email protected]
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke 
0
Max 1/13/2005 4:50:06 AM
On Wed, 12 Jan 2005 17:48:09 -0600, poo0gimmal wrote:

> PrivacyZealot wrote:
>>      TCM wrote,
>>      in post  news:[email protected] :
>> 
>> I downloaded the tool during a WU session but couldn't find hide nor
>> hair of it when the session was through, so I just moved on over
>> to the MS download site and DL'd it to a folder. It's named
>> Windows-KB890830-ENU.exe. Description:Self-Extracting Cabinet,
>> size 255KB. You click it, a wizard-like screen appears, you click
>> "Accept all terms yada...", click Next, and maybe 3 seconds later
>> you get the results. Is it just scanning RAM or what? I guess it's
>> better to have than not to have. A quick second opinion sorta.
>>  PZ
>> -
> 
> when you run windows-kb..-enu.exe it creates a new 'temp' directory
> where it deposits mrt.exe.  I renamed mrt and moved it to a
> new location, still runs ok, and appends to debug .log.

According to FileAlyzer it's a self extracting cab file (internal name
SFXCAB.EXE), so each time it is run, it acts like a patch, except that it
searches and reports, rather than replacing system files and crocking your
box.....
Fits on floppy disk too.
-- 
Parker Molin
0
Parker 1/13/2005 5:56:30 PM
Parker Molin wrote:
> crocking your box.....

Haven't heard this one... ??  :-)
0
Nobody 1/13/2005 7:34:08 PM
Dutch wrote:

> Wandering aimlessly about grc.news.latestversions,grc.security.software,
> I heard Nobody say:
> 

>>siljaline wrote:
>>
>>
>>>http://www.microsoft.com/security/malwareremove/default.mspx
>>>
>>>Silj
>>>
>>
>>Wait a **** minute here!  This tool just showed up on my Windows Update!
>>
>>It's probably a good thing that it came out, and maybe after it is out 
>>for a while and is proven to do no harm it would be OK for it to be 
>>automatic, but to set me up to download it on the first day?  I think 
>>not!  At least I am setup to get notices only so I got to see what it 
>>wanted to do first...
>>
>>(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
>>run, but I'll bet it installs.  Arrogant pukes)
> 

> You'd lose the bet, since there is no "installation" involved. The
> "arrogant pukes" are offering a tool via the update process that does
> *not* install anything, does *not* even download unless you accept the
> displayed EULA, even on automatic updates, and if the EULA is accepted,
> downloads and runs, and then deletes itself. Still "shocked"?

Yeah, sorry.  Independent of their motives, I think it is totally 
inappropriate, even with a eula (that most will not read), for MS to (as 
part of their patching service) download an executable, run it, and 
delete it without ANY visible indication of what just took place (unless 
it finds something).  They haven't even publicly indicated (that I have 
seen at least) that there is a log file left on the system with the 
results of the scan.
This makes them "arrogant pukes", IMO, because this is the typical "we 
know what's best for you" attitude that they seem to always apply to us 
"stupid customers".
If I may paraphrase Steve, 'This is my (****) computer', and they are 
not entitled to treat it like it was theirs.  This is NOT MS bashing. 
It wouldn't matter a **** to me what company did this, it would still be 
unacceptable.
0
Nobody 1/13/2005 9:42:48 PM
Wandering aimlessly about grc.security.software, I heard Nobody say:

> Dutch wrote:
> 
>> Wandering aimlessly about grc.news.latestversions,grc.security.software,
>> I heard Nobody say:
[...]
>>>Wait a **** minute here!  This tool just showed up on my Windows Update!
>[...]
>>>(This is my first, shocked, reaction.  I'm sure (almost) that it won't 
>>>run, but I'll bet it installs.  Arrogant pukes)
> 
>> You'd lose the bet, since there is no "installation" involved. The
>> "arrogant pukes" are offering a tool via the update process that does
>> *not* install anything, does *not* even download unless you accept the
>> displayed EULA, even on automatic updates, and if the EULA is accepted,
>> downloads and runs, and then deletes itself. Still "shocked"?
 >  
> Yeah, sorry.  Independent of their motives, I think it is totally 
> inappropriate, even with a eula (that most will not read), for MS to (as 
> part of their patching service) download an executable, run it, and 
> delete it without ANY visible indication of what just took place (unless 
> it finds something).  They haven't even publicly indicated (that I have 
> seen at least) that there is a log file left on the system with the 
> results of the scan.
> This makes them "arrogant pukes", IMO, because this is the typical "we 
> know what's best for you" attitude that they seem to always apply to us 
> "stupid customers".
> If I may paraphrase Steve, 'This is my (****) computer', and they are 
> not entitled to treat it like it was theirs.  This is NOT MS bashing. 
> It wouldn't matter a **** to me what company did this, it would still be 
> unacceptable.

Whatever, but isn't that pretty much what many of the updates also do? 
They download, run some not so obvious process to fix "you know not 
what", and then exit, leaving nothing behind except an indication that 
the patch has been installed. Why is this tool seen any differently?

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch 1/13/2005 10:21:53 PM
Dutch wrote:
> 
> Whatever, but isn't that pretty much what many of the updates also do? 
> They download, run some not so obvious process to fix "you know not 
> what", and then exit, leaving nothing behind except an indication that 
> the patch has been installed. Why is this tool seen any differently?

Definitely!

I've got an XPH laptop and the MSRT shows just like another update. And 
the other EXEs are gone too unless they persist in a temp folder somewhere.
0
Kerry 1/13/2005 11:55:54 PM
Dutch wrote:

> Wandering aimlessly about grc.security.software, I heard Nobody say:
> 
> 
>>Dutch wrote:
>>
>>
>>>Wandering aimlessly about grc.news.latestversions,grc.security.software,
>>>I heard Nobody say:
> 

> 
>>Yeah, sorry.  Independent of their motives, I think it is totally 
>>inappropriate, even with a eula (that most will not read), for MS to (as 
>>part of their patching service) download an executable, run it, and 
>>delete it without ANY visible indication of what just took place (unless 
>>it finds something).  They haven't even publicly indicated (that I have 
>>seen at least) that there is a log file left on the system with the 
>>results of the scan.
>>This makes them "arrogant pukes", IMO, because this is the typical "we 
>>know what's best for you" attitude that they seem to always apply to us 
>>"stupid customers".
>>If I may paraphrase Steve, 'This is my (****) computer', and they are 
>>not entitled to treat it like it was theirs.  This is NOT MS bashing. 
>>It wouldn't matter a **** to me what company did this, it would still be 
>>unacceptable.
> 
> 
> Whatever, but isn't that pretty much what many of the updates also do? 
> They download, run some not so obvious process to fix "you know not 
> what", and then exit, leaving nothing behind except an indication that 
> the patch has been installed. Why is this tool seen any differently?

Because it is NOT a patch, and it is NOT fixing something that is broken 
(or flawed, unless you consider the OS flawed because it doesn't include 
AV).  It is a new, separate (albeit free) product.

As far as I'm concerned, they could allay my objection by adding at the 
top of the EULA, in red type, "Warning, accepting this EULA will result 
the downloading and running of a simple AV program that will only report 
results if it finds a problem".  I understand that the EULA may already 
say something to this effect, but since this particular tool does 
something different than one would expect from an "Update" I think it 
needs to be more clear.  The red text would draw more attention to the 
fact that this is different.
0
Nobody 1/14/2005 12:25:27 AM
Wandering aimlessly about grc.security.software, I heard Nobody say:

> Dutch wrote:
> 
>> Wandering aimlessly about grc.security.software, I heard Nobody say:
>> 
[...]
>>>Yeah, sorry.  Independent of their motives, I think it is totally 
>>>inappropriate, even with a eula (that most will not read), for MS to (as 
>>>part of their patching service) download an executable, run it, and 
>>>delete it without ANY visible indication of what just took place (unless 
>>>it finds something).  They haven't even publicly indicated (that I have 
>>>seen at least) that there is a log file left on the system with the 
>>>results of the scan.
>>>This makes them "arrogant pukes", IMO, because this is the typical "we 
>>>know what's best for you" attitude that they seem to always apply to us 
>>>"stupid customers".
>>>If I may paraphrase Steve, 'This is my (****) computer', and they are 
>>>not entitled to treat it like it was theirs.  This is NOT MS bashing. 
>>>It wouldn't matter a **** to me what company did this, it would still be 
>>>unacceptable.
< > 
>> Whatever, but isn't that pretty much what many of the updates also do? 
>> They download, run some not so obvious process to fix "you know not 
>> what", and then exit, leaving nothing behind except an indication that 
>> the patch has been installed. Why is this tool seen any differently?
> 
> Because it is NOT a patch, and it is NOT fixing something that is broken 
> (or flawed, unless you consider the OS flawed because it doesn't include 
> AV).  It is a new, separate (albeit free) product.

Removing trojans if they exist is not "fixing" anything?
 
> As far as I'm concerned, they could allay my objection by adding at the 
> top of the EULA, in red type, "Warning, accepting this EULA will result 
> the downloading and running of a simple AV program that will only report 
> results if it finds a problem".  I understand that the EULA may already 
> say something to this effect, but since this particular tool does 
> something different than one would expect from an "Update" I think it 
> needs to be more clear.  The red text would draw more attention to the 
> fact that this is different.

Ok, I'll accept that having the EULA text in red would likely catch the
attention of a few more people long enough to read the very first
paragraph of section 1, where exactly what the tool does is clearly
spelled out. IMHO, most would still just "click-n-go", which is exactly
why having the tool run "automagically", as it does for auto updates, is
a good thing. Those are the very same people most likely to be
infected...

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://client.grc.com/news.exe?cmd=article&group=grc.techtalk&item=124863
0
Dutch 1/14/2005 1:37:47 AM
While parsing 'grc.security.software', I found "Dutch" stating:

> Wandering aimlessly about grc.security.software, I heard Nobody say:
> 
> > Dutch wrote:
> > 
> >> Wandering aimlessly about grc.security.software, I heard Nobody say:
> >> 
> [...]
> > > > Yeah, sorry.  Independent of their motives, I think it is totally 
> > > > inappropriate, even with a eula (that most will not read), for MS to (as 
> > > > part of their patching service) download an executable, run it, and 
> > > > delete it without ANY visible indication of what just took place (unless 
> > > > it finds something).  They haven't even publicly indicated (that I have 
> > > > seen at least) that there is a log file left on the system with the 
> > > > results of the scan.
> > > > This makes them "arrogant pukes", IMO, because this is the typical "we 
> > > > know what's best for you" attitude that they seem to always apply to us 
> > > > "stupid customers".
> > > > If I may paraphrase Steve, 'This is my (****) computer', and they are 
> > > > not entitled to treat it like it was theirs.  This is NOT MS bashing. 
> > > > It wouldn't matter a **** to me what company did this, it would still be 
> > > > unacceptable.
> < > 
> >> Whatever, but isn't that pretty much what many of the updates also do? 
> >> They download, run some not so obvious process to fix "you know not 
> >> what", and then exit, leaving nothing behind except an indication that 
> >> the patch has been installed. Why is this tool seen any differently?
> > 
> > Because it is NOT a patch, and it is NOT fixing something that is broken 
> > (or flawed, unless you consider the OS flawed because it doesn't include 
> > AV).  It is a new, separate (albeit free) product.
> 
> Removing trojans if they exist is not "fixing" anything?
>  
> > As far as I'm concerned, they could allay my objection by adding at the 
> > top of the EULA, in red type, "Warning, accepting this EULA will result 
> > the downloading and running of a simple AV program that will only report 
> > results if it finds a problem".  I understand that the EULA may already 
> > say something to this effect, but since this particular tool does 
> > something different than one would expect from an "Update" I think it 
> > needs to be more clear.  The red text would draw more attention to the 
> > fact that this is different.

> Ok, I'll accept that having the EULA text in red would likely catch the
> attention of a few more people long enough to read the very first
> paragraph of section 1, where exactly what the tool does is clearly
> spelled out. IMHO, most would still just "click-n-go", which is exactly
> why having the tool run "automagically", as it does for auto updates, is
> a good thing. Those are the very same people most likely to be
> infected...

Am I allowed to agree with both of you? I like AVG's method of
notification with their updates, but OTOH, I rarely read them
and usually just click through anyway... 
0
Axn 1/14/2005 2:57:24 AM
On article , siljaline wrote:

> http://www.microsoft.com/security/malwareremove/default.mspx
> 
> Silj
> 
> 
> 
Silj, do you think this tool could be used as (a replacement to) 
McAfee's Stinger?

-- 
Kind regards,
Euler German

Note that my eMail address is useless. Please, reply to the list
0
Euler 1/22/2005 12:31:07 PM
"Euler German" wrote: 
 
> On article , siljaline wrote:
> 
>> http://www.microsoft.com/security/malwareremove/default.mspx
>> 
>> Silj
>> 
>> 
>> 
> Silj, do you think this tool could be used as (a replacement to) 
> McAfee's Stinger?

I wouldn't use it as a replacement, not for the time being at least.
This may help >  
http://forum.aumha.org/viewtopic.php?t=10865

McAfee's Stinger is a "proven" stand-alone virus remover.
http://vil.nai.com/vil/stinger/
http://download.nai.com/products/mcafee-avert/stinger.exe

Regards,
Silj

-- 
siljaline 

MS - MVP Windows (IE/OE) & Security (AH-VSOP)     
__________________________________________
Security Tools Updates
http://forum.aumha.org/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
0
siljaline 1/22/2005 4:26:16 PM