MS Anti spyware to remove Sony's root kit

[Marsden11]

The following was found on the Microsoft Anti-Malware team blog today. It clearly state that the Sony DRM Rootkit will be wiped by Microsoft's Antispyware Beta program. This is great and I for one am very happy to see Microsoft move quickly on this.I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems. We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center. blogs.technet.com

[volunteer]

Tis is really good news. I'm glad Microsoft is taking steps to help protect their customers from Rootkits. Hopefully other antispyware venders will follow.Thanks for the post!

[Guest LilBambi]

Glad to hear that MS is also taking care of this.Other antispyware programs, as well as antivirus software are also detecting this rootkit. There have been articles regarding various ones over the last week or so regarding this.Since many clients use MS Antispyware/Windows Defender, it is definitely good to know they are detecting it as well.

[littlebone]

I just loaded Microsoft's Antispyware last week to augment AdAware and Spybot. It felt a little like wearing a belt and suspenders to hold up my elastic waistband pants. But now, perhaps I can see a reason for the additional checker. One concern, though. When I loaded MS's Beta-version checker it was due to expire in December of this year. Will they then be coming out with the general release version?

[Guest LilBambi]

Q. What is the difference between Microsoft Windows AntiSpyware (Beta) and Microsoft Windows Defender (Beta 2)?A. Microsoft Windows Defender (Beta 2) is the name of the next beta version of Microsoft Windows AntiSpyware.Q. When will Microsoft Windows Defender (Beta 2) be released?A. Windows Defender (Beta 2) is targeted for release later this year. The release will include enhancements based on the feedback we’ve received on Beta 1 (Microsoft Windows AntiSpyware (Beta)).Q. How much does the beta of Windows AntiSpyware cost? How much will the final release cost?A. Windows AntiSpyware (Beta), subsequent beta versions, and the final release version will each be available at no additional charge for currently licensed Windows customers. Customers will be required to validate that their version of Windows is genuine. Get more information about the Windows Genuine Advantage program.

Q. When does the beta expire?A. The current beta (Build 1.0.615) expires December 31, 2005.Q. What is the latest beta build number?A. The latest is Build 1.0.615.

From the FAQ page for Microsoft Antispyware (Beta)It's not a specific date, but that's all the info they have released to date.I would expect the Windows Defender (Beta 2) to be available by the end of November or first of December -- at least a month before it is due to expire. But who knows for sure. I don't think Microsoft will allow it to expire before they release Windows Defender (Beta 2)... they will want to make sure that folks have plenty of time to upgrade before the expiration date.Maybe someone has heard directly from Microsoft on this and give a clearer answer.

[Marsden11]

I believe the next "Patch Tuesday" is the intended release of Windows Defender B2.

[Guest LilBambi]

Yes, from my reading it appears that may be what they are planning. I see why you said it may be. They are not being real clear on it just yet.Important note regarding the Sony DRM rootkitMS Antispyware/Windows Defender will not remove the whole Sony DRM rootkit from my reading. It will be doing what Sony's SP2 did - decloak it. OK, why do I think that? The article below on WashingtonPost.com's Brian Krebs Security Fix says the same thing I keep reading in most every article I read on this today:

Microsoft said Saturday that it is updating its anti-spyware software (now called "Windows Defender") to detect and remove the file-hiding capabilities of the anti-piracy software installed by some Sony BMG music CDs.

Microsoft: Sony Anti-Piracy Software Is SpywareIf you want it totally removed, it looks like you will have to go elsewhere? Edited November 14, 2005 by LilBambi