Microsoft has released an antivirus/antispyware live CD that runs in the Windows PE environment called Microsoft Standalone System Sweeper. I wouldn’t use it as a full replacement for a Linux-based live CD from an antivirus vendor such as Bit Defender, which I’ve written about before. It is, however, a good supplement–a second opinion. Nothing catches everything, after all.
The idea behind all of these is to boot into a sterile environment to scan a dormant hard drive for things that evade or disable your normal antivirus software. The need for this grows just about every day, as there’s a lot of really nasty stuff out there these days. It’s not a substitute for normal antivirus software–it’s what you call on if and when normal antivirus software fails and a malware infestation prevents normal use of the computer.
Second opinions are good. I’ve heard from someone in position to know that at least some U.S. government agencies use more than one antivirus program at the same time these days, probably for that reason. I don’t know how they keep two different programs from conflicting, but I suppose if anyone can go to two different vendors and tell them to make their programs work at the same time without interfering with each other, it’s the government.
So, what about MSSS? I downloaded the beta. First, you have to choose 32-bit or 64-bit. The 32-bit version fixes systems running 32-bit Windows, and the 64-bit version fixes systems running 64-bit Windows. So pick the appropriate one for the system you’re fixing. When you run the downloaded executable, it offers to create a CD/DVD or a bootable USB stick. I inserted a USB stick and chose USB, since I want to scan a system that doesn’t have an optical drive. It downloaded 207 MB worth of data and wrote it to the device.
MSSS writes current definitions right to the media. So you can scan the system off the wire. But if you have an Internet connection handy, there’s an option right in the help menu to check for updates and download them.
I grabbed a used PC off my pile of machines that I’ve bought this year, booted it off the drive, and watched what happened. It’s dead simple. Boot off the media and click a button. You can change some options if you want, but most people won’t. After about 15 minutes, it said preliminary findings suggested there might be unwanted software on the system, and it told me that when the scan finishes, I’ll be able to take action. Was I surprised at the finding? The machine had AOL on it. So, no. Not to mention most machines ship with some questionable software right from the factory.
After an hour, it presented me with its findings: Two installers for nasty Trojan horses. It looked like they hadn’t been installed, but you still don’t want that kind of stuff hanging around. It cleaned them up for me quickly and easily.
I ran it on a second system, which came back clean.
I then ran it on a system infected with the Windows XP Repair scareware. It found two infections, including what I believe was the TDSS rootkit, but when I rebooted the system, the scareware was still present and ran. I had to remove it manually. Then again, nothing else found this particular variant either, so it may have just been a case of the definitions not being up to date enough. Or maybe it’s because it’s still in beta.
I’m glad Microsoft is providing a tool like this. Microsoft has taken a beating in the security community for a long time, and, frankly, they deserve it. Recent events have humbled Apple too–nobody is immune. I give Microsoft credit for recognizing the problem and putting resources into making it better.
Download a copy and put it on a CD or a USB stick–if you have old 512MB or 1GB sticks laying around, this is an excellent use for them–and keep it in your toolbox. When it comes out of beta, download it again and make a new one.