20 replies to this topic

[Temmu]

greets!

and wow, ms finally gave us a win pe environment with windows defender!!!

this means, yo pc is too trashed to run, boot the win def cd and it scans and removes the viral carp!

i yam most x-cited about this!

because i have been using linux based utilities, such as kaspersky's bootable av solution.  which is, by the way cool, and even works.

o, linkies --- http://windows.microsoft.com/en-US/windows...efender-offline

u herd it hear first!


you're thoughts?

[LilBambi]

That is great news. At least for known malware.

Windows Defender doesn't get everything. But it's an excellent start.

[Temmu]

my point is that it boots from a clean cd, which bypasses the infected hd.  i used it 2 days ago on a machine that had 5 virus/worm/whatevers that would not stop rebooting itself.

[LilBambi]

Absolutely! Great that they finally allowing it to run on liveCD to bypass hard drive.

[zlim]

Fran, Windows Defender Offline (this bootable CD or USB stick) is NOT Windows Defender. Again, MS confuses everyone by naming a different tool with some of the same words!
Will someone please hand the folks a Microsoft a dictionary and thesaurus so they can come up with new words.

[frapper]

This is discussed in this week's Windows Secrets newsletter.  WDO Article

[Corrine]

This is discussed in this week's Windows Secrets newsletter.  WDO Article

And in my blog post last month:  Windows Defender Offline Beta, formerly Standalone System Sweeper (Which points to Setting Up the Microsoft Standalone System Sweeper... that Susan Bradley linked to in her Windows Secrets article on the Standalone System Sweeper and is my most read article with over 12,500 views!)

Even the Standalone System Sweeper is not actually a new tool.  It has long been a part of the Microsoft Diagnostics and Recovery Toolset (DaRT) for Microsoft Enterprise customers.

The important thing to realize is that, regardless of the name, it uses the same definitions as Microsoft Security Essentials and Microsoft Forefront, the difference being that it provides the capability of scanning at start up.

[LilBambi]

Thanks for the further explanation, Corrine!

It is amazing why Microsoft doesn't try to make it easier to differentiate their tools. Liz is right. They need a bigger dictionary

[Corrine]

This should help:  Understanding Microsoft Anti-Malware Software.  

[LilBambi]

Thanks That's a very good article btw. As are all your articles.

[Tushman]

Antivirus companies have offered rescue CDs on their website long before this.  You can download rescue discs from companies like Fprot & Kasperksy for no charge.  A more comprehensive list can be found here.

As an alternative, you can even make customized WinPE USBs and load programs like Spybot S & D so that you can the infected PC in a preboot environment.  It takes a few steps but it is not difficult.

I'm not complaining and it's certainly nice to have choices.  But MS is late to the party on this.  I really see no reason to get excited about it.

Edited by Tushman, 05 January 2012 - 10:20 PM.

[LilBambi]

True. Nice that they finally got on the bandwagon. It has been great to have many bootable CDs for this purpose previously from other companies, who were truly forerunners in the field.

[Temmu]

...Understanding Microsoft Anti-Malware Software...

  wow!  one can understand microsoft?!

Antivirus companies have offered rescue CDs on their website long before this.  You can download rescue discs from companies like Fprot & Kasperksy ....I really see no reason to get excited about it.

(1) i pointed that out in the original post.  
(2) i'm "excited" that microsoft is actually giving something away at no charge, free and clear of its usual obfuscation.  which of you (on your own) can create a windows pe boot disk, and load it up with working and useful utilities? i laugh. ms attempts to make its products profitable, not free, so again, the freeness of it is the excitement.

ps,
apologies to corrine in particular for not having read it first on her excellent "security garden" blog!

Edited by Temmu, 06 January 2012 - 11:11 AM.

[Tushman]

(1) i pointed that out in the original post.  
(2) i'm "excited" that microsoft is actually giving something away at no charge, free and clear of its usual obfuscation.  which of you (on your own) can create a windows pe boot disk, and load it up with working and useful utilities? i laugh. ms attempts to make its products profitable, not free, so again, the freeness of it is the excitement.

ps,
apologies to corrine in particular for not having read it first on her excellent "security garden" blog!

The fact that it's offered as a free download from Microsoft may be enticing to some - doesn't do anything for me.   To each his own.  Perhaps if they were the first to market/offer this type of solution on the web, then yes I could see how you would be excited.  Secondly, there's plenty of good products out there already (Kaspersky/Fprot/etc.) and I see no clear significant benefit this has over the others, do you?

Creating a bootable WinPE USB is simple enough.  Do a google search and there are plenty of links that show you how to do it step by step.  All the required software is also free including the Windows AIK.  Nothing hard about it.

[zlim]

Creating a bootable WinPE USB is simple enough.

Not to be smart but I think you are over estimating most computer users abilities.

[Tushman]

Not to be smart but I think you are over estimating most computer users abilities.

Of course your usual 'ma & pa' users wouldn't feel comfortable trying it.  That type of user is not likely to download and use a offline scanner (utility) and attempt "fixing" their own PCs.  The vast majority of those users take their PCs to geek squad or a computer shop and pay for it.  I was referring more to the people that participate on forums such as this. And that is not to say that I believe all forum members are competent enough to do it on their own.  But most of the regular members that participate on forums are your computer hobbyists who don't mind trying something new or learn how to fix their own PC.

Edited by Tushman, 06 January 2012 - 06:52 PM.

[Temmu]

and speaking of kaspersky,
am scanning a pc now, kaspersky said, " your definitions are 15,347 days out of date, do you want to update now?"

um... you think i should?

[Corrine]

Nah, Temmu.  Just go with what you have.  

[zlim]

I used WDO on two computers. A quick on mine and a full on a computer I brought home. I was getting worried when it said it found something suspicious on the one I brought home. That computer was one I resurrected from the dead. Since I had no Dell disk, I didn't wipe it and do a clean install, I simply cleaned it the best I could using software and manually searching for things.
Well, I breathed a sigh of relief when all it found were two things: some adware (I've never seen ads on it) and something to do with Sonic's Record Now program (on the computer from new) having to do with some sort of scheduled registration.
I quarantined both items just to be sure I didn't break anything before I kill them but the problem is, I have no idea how to find what it has quarantined without running the CD again.
Does anyone know where WDO stores the quarantined items?

[Corrine]

The log files for Windows Defender Offline are stored in a C:\Windows\Windows Defender Offline\Support as a text file:  MPLog-MM/DD/YYYY-HH/MM/SS.txt

There's always System Restore.

[zlim]

Thanks. I'll have a look in there.