More threads by David Baxter PhD

David Baxter PhD

Late Founder
Microsoft?s six free desktop security tools
By Fred Langa, Windows Secrets
April 3, 2013

These free utilities can prevent or cure trouble caused by viruses, worms, spyware, keyloggers, and other kinds of unwanted software.

Whether you?re keeping your PC free from malware or cleaning up a PC that?s already infected, one or more of these tools should get the job done!

Most Windows users probably don?t know that Microsoft offers an array of free security tools. Some are included with Windows, others available by download.

At one end of the spectrum is a simple, lightweight utility ? the Malicious Software Removal Tool ? that protects against some of the most common malware in circulation. At the other end of the spectrum is a heavy-duty system-scanning tool ? Windows Defender Offline ? that operates from its own bootable medium. It operates completely outside the installed Windows, allowing the scanner to find and remove some forms of malware that standard Windows-based security tools might miss.

As is all too common with Microsoft, some of these tools (and their features) are somewhat difficult to find. Some tools are poorly explained; some tools? functions overlap with those of other tools. Two of these tools even have the same name ? but are totally different products!

This article should sort out the confusion; it briefly explains what the six tools are, what types of malware they target, how they work, how to access and use them, and other important facts. You?ll also find links to more detailed information ? and, of course, links to the free downloads.

Let?s dive in!

The target: Malware, as Microsoft defines it
Microsoft divides malware into two broad loosely defined terms: malicious software and potentially unwanted software. The first category covers mostly self-replicating Trojans, viruses, worms, and similar code that infects your PC (typically for some evil purpose) and then seeks to infect other PCs.

The second category ? potentially unwanted software ? includes undesirable (and often hidden) apps such as spyware that surreptitiously tracks you, keyloggers that capture everything you type, and adware that force-feeds you popup ads. The somewhat clumsy phrase ?potentially unwanted? is meant to suggest that you might not want the software if you knew what it really did.

These two categories aren?t precisely mutually exclusive. For example, some potentially unwanted spyware is also self-propagating, like a virus. What?s more, Microsoft sometimes uses the terms interchangeably. Still, these two categories will help you understand the main purposes of Microsoft?s security tools.

The Microsoft Malicious Software Removal Tool

What it is: Microsoft?s Malicious Software Removal Tool (MSRT; more info) is a basic antivirus program. It comes in all current versions of Windows ? XP, Vista, Windows 7, and Windows 8. When you install Windows, MSRT is enabled by default.

What it does: MSRT automatically removes malicious software (viruses, worms, etc.) that, based on Microsoft?s internal research, is considered especially prevalent and dangerous to Windows users. MSRT currently targets about 200 of the most common malware types. You?ll find a list of them on the MSRT download page.

How it works: Windows Update automatically refreshes MSRT once a month (it?s always KB 890830), usually on the second Tuesday (aka Patch Tuesday). After updating, MSRT automatically runs, scanning your PC once and removing any active malware infections it finds. No user intervention is required.

One scan a month isn?t especially good malware protection, but you can also run MSRT manually any time you wish (see Figure 1). Simply enter mrt.exe in the XP/Vista/Win7 Start menu Search box or Win8′s Search window and press Enter. Once open, MSRT gives you a choice of quick, full, or custom scans. As you?d expect, the full scan is the most thorough.

W20130404-TS-MSRT.jpg
Figure 1. The Malicious Software Removal Tool is built into your copy of Windows, and provides basic protection against a selection of common malware threats.

If you want or need a fresh copy of MSRT, it?s available via download pages for the 32-bit or 64-bit versions.

Important to know: MSRT is a strictly post-infection tool. It detects and removes malicious software from already-infected computers ? and only if the malware is active and running at the time of the scan. But as MSRT Support article 890830 clearly states, the list of malware it detects represents only ?a small subset of all the malicious software that exists today.?

MSRT can?t prevent new malware infections. It also doesn?t target potentially unwanted software (again: spyware, adware, etc.).

Bottom line: MSRT is a ?better than nothing? anti-malware tool. There?s no real downside to keeping it on your system ? its footprint is small, its impact on system operations is negligible, and it can serve as a kind of last-ditch defense against some very common malware types, should they somehow make it into your system.

But you certainly shouldn?t depend on MSRT as your only or primary defense against malicious software; it?s an incomplete anti-malware solution.

Windows Defender (XP, Vista, Win7 version)

What it is: Windows Defender is a basic tool for guarding against potentially unwanted software. Windows Defender is installed by default in Vista and Win7, and it?s a free download for XP.

What it does: Windows Defender provides always-on, real-time protection against spyware, adware, keyloggers, and so on. It self-updates and runs automatically.

How it works: Windows Defender continually monitors your PC?s files and browsing activity. When it detects
potentially unwanted software, it opens a dialog box and lets you decide whether to proceed with the installation. (For more information, see the related Microsoft support article or TechNet?s Windows Defender Guide.)

You can also trigger Windows Defender (shown in Figure 2) manually whenever you want to scan your PC for spyware and other potentially unwanted software, as a Defender support article explains.

W20130404-TS-Defender.jpg
Figure 2. Windows Defender for XP, Vista, and Win7 offers real-time protection against adware, spyware, and similar potentially unwanted software.

XP users can download either 32-bit or 64-bit versions.

Important to know: Windows Defender doesn?t detect or remove viruses, worms, and similar malicious software.

Bottom line: Windows Defender complements Microsoft?s Malicious Software Removal Tool. And just like MSRT, it?s better than nothing. Together, MSRT and Defender are a sort of last line of defense ? potentially helpful if no other anti-malware tools are active. Fortunately, superior tools are readily available (see next sections).

The all-in-one Microsoft Security Essentials

What it is: Microsoft Security Essentials is Microsoft?s all-in-one, consumer-security tool. It targets both types of malware ? malicious software and potentially unwanted software. It?s a free download (site) for XP, Vista, and Windows 7.

What it does: MSE provides always-on, real-time protection for your PC. It detects and removes a wide range of malware. It?s also highly automated, operating with little or no user intervention (see Figure 3).

W20130404-TS-MSE.jpg
Figure 3. Operating almost entirely automatically, Microsoft Security Essentials (MSE) provides real-time protection against malware and potentially unwanted software.

How it works: By default, MSE runs continuously in the background whenever your system is on. It updates itself every day. Along with its real-time protection, it also runs scheduled scans of your PC?s memory and files. If you use its default settings, MSE requires almost no user input. But it?s also highly configurable, should you want to change its standard routines.

Important to know: MSE must be manually installed; it?s not built into any version of Windows. On MSE?s MS Download Center page, you?ll find 32- and 64-bit versions for XP, Vista, and Win7.

Typically, to avoid conflicts between AV products, a PC should run only one real-time, anti-malware/anti-spyware tool at a time. In other words, you can run MSE or Windows Defender, but not both at the same time. In fact, when MSE is installed, it disables Windows Defender.

In a similar vein, if you?re running some other always-on, anti-malware tool, you should disable or uninstall that tool before installing MSE. (MSE can?t disable non-Microsoft AV scanners.)

MSE?s principal weakness? It?s not especially adept at guarding against user error, as detailed in the April 7, 2011, Top Story, ?LizaM*n infection: a blow-by-blow account.? If you click past security warnings raised by Windows, your browser, and/or MSE itself, MSE will step aside and let malware install. Moreover, based on recent antivirus testing, MSE is currently not among the top-performing AV products.

All of which means that MSE is not the ideal choice for casual or inexperienced Windows users, who are often more easily tricked into installing malware.

In addition to the aforementioned Top Story, Windows Secrets has extensively covered MSE ? including its advantages and deficits ? in previous issues. Use these links if you?d like to read more:

  • ?The 120-day Microsoft security suite test drive,? May 6, 2010, Top Story
  • ?Security Essentials test drive ? month 6,? Sept. 16, 2010, LangaList Plus
  • ?Two great security tools get free updates,? Jan. 13, 2011, Top Story
  • ?Is your free AV tool a ?resource pig??,? Feb. 16, 2012, Top Story
  • ?MS Security Essentials: Poor showing in new test,? Dec. 20, 2012, LangaList Plus

Bottom Line: In the right hands ? primarily experienced Windows users ? MSE is a fine, free security tool. I use it on my XP, Vista, and Win7 machines, and I?ve never run into trouble with an infection.

Windows Defender: Win8′s built-in security tool

What it is: Microsoft has a long history of confusing product names. In this case, the Win8 version of Windows Defender is nothing like the original Windows Defender for XP, Vista, and Win7. It is, in fact, effectively a renamed version of Microsoft Security Essentials.

What it does: In Microsoft?s own words, the Win8 version of ?Windows Defender provides the same level of protection against malware as Microsoft Security Essentials.?

How it works: Win8 Defender is virtually identical to MSE in both appearance (see Figure 4) and function.

W20130404-TS-Win8Def.jpg
Figure 4. Despite its name, Win8's built-in Windows Defender is really just a renamed and minimally altered version of Microsoft Security Essentials.

Important to know: Unlike MSE, Win8 Defender is built into the OS ? so there?s nothing to download or install.

Bottom Line: Because Win8 Defender is really a rebranded version of MSE, I don?t recommend it for novices and inexperienced users. But it?s probably fine for anyone who takes the entire process of PC security seriously. I use it on my Win8 systems.

Two special-purpose cleanup tools
No software is perfect ? that includes all anti-malware tools, from all vendors. Should your AV product fail and your system become infected, you need a powerful cleanup tool to find and remove the malware.

It?s also good practice to verify that Windows is truly free of malware ? even if your full-time scanner appears to be working ? by periodically running an AV tool that operates completely on its own.

Microsoft offers two such special-purpose, cleanup/verification tools. Microsoft Safety Scanner is exceptionally simple to use ? just click and run. Windows Defender Offline is harder to use, but it employs the best possible techniques for detecting malware hidden at even the deepest levels of your system.

Microsoft Safety Scanner is a Windows security utility that thoroughly scans your PC (see Figure 5) to find and remove both malicious and potentially unwanted software. A standalone application, it?s active only when it?s actually running a system scan. (It?s not constantly on in the background.) That lets it coexist peacefully with whatever full-time anti-malware software you?re using.

https://windowssecrets.com/wp-content/uploads/2013/04/W20130404-TS-SafetyScan.jpg
Figure 5. Microsoft Safety Scanner works independently of your other security tools and can clean an infected system ? or verify that no malware is present.

Microsoft Safety Scanner is compatible with all current Windows versions: XP, Vista, Win7, and Win8. Its info/download page includes 32- and 64-bit versions.

Safety Scanner is extremely easy to use; simply download and launch it, and then select whether you want a quick, full, or custom scan. At the end of the scanning process, you?ll get a report of what Safety Scanner found and removed.

Windows Defender Offline (WDO) is Microsoft?s most powerful anti-malware tool for consumers. It?s a self-contained, downloadable utility that operates completely outside Windows. After you?ve downloaded and launched WDO, it steps you through the process of creating bootable media (CD, DVD, flash drive, etc.) and installing the WDO files. You then restart the PC with the bootable disc/drive.

Because WDO is both operating system and AV scanner, neither the Windows installed on the system hard drive nor any other software is active. Everything on the hard drive is effectively inert. This lets WDO detect malware that is in one way or another well hidden in the Windows system. Because it?s completely standalone, WDO can?t conflict with other security tools you normally use.

WDO targets a wide range of malicious and potentially unwanted software. In operation, it looks and functions almost exactly like Microsoft Security Essentials or the Win8 version of Windows Defender.

If WDO has a weakness, it?s in the task of creating the WDO media. If your system is having difficulty running because of an infection, you?ll need either a working system to build the WDO media or you?ll need to have media you created before the infection (in which case you might not have the latest virus signatures). If you have only one PC, I recommend putting the latest version of WDO on a flash drive once a month or so.

You?ll find both 32- and 64-bit versions of WDO for all current Windows versions (XP through Win8) on its info/download page.

Putting it all together The following table (Figure 6) is your one-stop reference for Microsoft?s six desktop security tools. It concisely summarizes which Windows versions they?re for, which kinds of malware they target, and whether they?re for prevention or cleanup/verification.

Take your pick: they?re all free!

W20130404-TS-Chart.jpg
Figure 6. Microsoft's six desktop-PC security tools



Subscribe to Windows Secrets ? free!. The Windows Secrets Newsletter brings you essential tricks for running Windows XP, Vista, 7, Internet Explorer, Firefox, Windows Update, and more ? weekly, free.
 

David Baxter PhD

Late Founder
More free security tools from Microsoft

More free security tools from Microsoft
by Fred Langa, Windows Secrets
April 18, 2013

Reader Kevin Hobbs suggests another free security tool from Microsoft that wasn't included in the April 4 Top Story, "Microsoft's six free desktop security tools."

  • "Fred Langa forgot one obvious security tool that prevents malware from getting onto your system ? the Enhanced Mitigation Experience Toolkit (EMET). It works even with many zero-day threats.

    "Some links for EMET information online: July 24, 2012, TechNet blog post; MS Support article 2458544; EMET v3.0 download page; and EMET v3.5 Tech Preview download page.

    "Months after its release, v3.5 is still a 'Tech Preview,' but it has a better user interface than v3.0."

Thanks, Kevin. I agree that the Enhanced Mitigation Experience Toolkit is a worthy anti-malware app. Windows Secrets covered it in Susan Bradley's Jan. 6, 2011, article, "Protecting your browsing with EMET."

Oddly, EMET is one of three security tools that Microsoft seems to be abandoning. EMET, the Microsoft Malware Prevention troubleshooter, and the Microsoft Baseline Security Analyzer are all incompatible with Windows 8 ? they either don't run, run poorly, or give bogus results! That's why I didn't include them in that recent Top Story.

But the three tools still work on PCs running XP through Win7 ? and they're still useful in the battle against malware.
For more on the Enhanced Mitigation Experience Toolkit, see Kevin's links or Susan Bradley's article.

The Microsoft Malware Prevention troubleshooter (site) is a standalone fixit that checks whether various XP/Vista/Win7 settings (Policy, User Account Control, Proxy, etc.) are configured for maximum safety. If anything's amiss, the troubleshooter can make changes for you automatically (Figure 1) ? or let you make them manually.

However, try to run the Malware Prevention tool on Win8, and you get the error message shown in Figure 2.

W2013-04-18-LL-MMPT.jpg
Figure 1. The Microsoft Malware Prevention troubleshooter can apply recommended system settings for you in XP, Vista, and Win7.

W2013-04-18-LL-Fixit.jpg
Figure 2. The Malware Prevention site gives no mention of or warnings about Windows 8, but the fixit fails when you try to run it on the new OS.

The Microsoft Baseline Security Analyzer (site) is an installable utility originally intended for use by IT professionals to scan one or more PCs. (It can work across a network.) The analyzer, shown in Figure 3, checks about 24 different security-related system settings, ensuring they're correctly configured. It checks, for example, that Windows Update is enabled, that all current Updates have been installed, that local system shares and passwords are correctly configured, and that macro security is enabled on installed MS Office products.

W2013-04-18-LL-Baseline.jpg
Figure 3. A professional-level tool, the Microsoft Baseline Security Analyzer can scan multiple systems across a network.

I have no idea why Microsoft failed to update these tools for Win8. But it's a shame; they've proved useful on XP, Vista, and Win7 systems.

OK to run multiple always-on security tools?
A comment in the April 4 Top Story, "Microsoft's six free desktop security tools," prompted John to ask this question:

  • "In the article, you say, '? a PC should run only one real-time, anti-malware/anti-spyware tool at a time.'

    "I have been using Microsoft Security Essentials (MSE) since you first recommended it. I also use Malwarebytes (paid version) and SUPERAntiSpyware.

    "Is it okay to have those three running together?"

Like MSE, Malwarebytes Pro (site; paid) provides real-time protection. But as a Malwarebytes Product Support Questions page states, the product should be used to supplement other full-time AV tools ? it should coexist without conflicts. The free version of Malwarebytes will also run alongside other AV products, but it's active only when you manually launch it.

SUPERAntiSpyware is a whole other thing. I know it's hugely popular, and I recently test-drove it again on multiple versions of Windows for last week's Top Story, "A dozen tools for removing almost any malware." But for several reasons, I decided to omit the product from the article.

For one thing, parts of its nomenclature seemed misleading. For example, the "SUPERAntiSpyware Portable Scanner Personal Edition" doesn't really fit the common definition of a portable app. It's a renamed .exe file that must be installed and run like other common Windows programs. I quickly lose confidence in products that claim something (e.g., portability) they don't have. (The SUPERAntiSpyware site suggests the app is "portable" because it has all the latest virus definitions when you download it. So you don't need an active Internet connection to run it.)

SUPERAntiSpyware also didn't uninstall cleanly. This is 2013! Surely any decent Windows-based app or utility ought to remove itself fully when you uninstall it.

I can't speak to SUPERAntiSpyware's effectiveness. The red flags mentioned above caused me to put it aside. The anti-malware product category has many great tools ? some mentioned in last week's Top Story. So why waste time on apps that seem to have obvious flaws and/or drawbacks?

That said, if the three AV tools you're using appear to be working, then great! You're probably well protected. (But I'm guessing that Microsoft Security Essentials and Malwarebytes are doing most of the heavy lifting.)

Bottom line: You can run a second full-time scanner (such as Malwarebytes Pro) if it's specifically designed to work with other full-time scanners.

Processes that prevent normal shutdown
Mike O'Byrne's Win7 system is experiencing hangs and delays at shutdown.

  • "Call me paranoid, but when stuff happens on my computer that interrupts what I consider the normal computing flow, I worry that something evil is lurking inside. Can you help me to figure out what is going on?

    "When I run through the shutdown on my Win7 laptop, I usually get a window stating something like 'Windows can't shut down because a process is running.' Sometimes, it names the process, but usually it doesn't. I'm given the option of forcing the process to close ? but with the caveat that I may lose any unsaved work.

    "Before I shut down, I close all of the programs I've been running. When I get the warning, I check Task Manager; but nothing seems amiss. Is there some program that could identify the processes windows is waiting for?"

The hung process problem has been with Windows since the beginning. Although each version of Windows has gotten better at detecting and avoiding this issue, it persists. (In fairness to Microsoft, it's often some third-party process ? e.g., a hung driver ? that causes the trouble.)

Because it's an ongoing problem, Microsoft has developed a free tool to help ? the Microsoft Sysinternals' Process Explorer. Available on the TechNet download page, it runs on current Windows versions. The TechNet page also includes links to detailed help resources.

You can also see the Feb. 24, 2011, LangaList Plus item, "Fixing a slow or hung Windows shutdown," for more information.

Curing a browser's homepage hijacking
William Campbell's browser has been modified ? possibly by malware.

  • "I have Windows 7 and Internet Explorer. Recently, a search.conduit.com homepage has appeared on my desktop, uninvited. This accursed page has proved impossible to remove. If Microsoft has a solution, I haven't been able to find it. Can I get a clearly explained fix to this problem? Your help would be appreciated."

You bet, William. The likely problem is that your browser has been hijacked ? either by accident or via malware. But the fix is typically easy and fast.

If it's an accidental change (such as unwittingly accepting a toolbar add-on), resetting the browser should fix it. In Internet Explorer, select Tools (the gear icon), Internet Option, and then Advanced. Next, click the Reset button under Reset Internet Explorer settings. (For more info, see the Jan. 6, 2011, LangaList Plus item, "Return IE to its just-installed state with ease."

All major browsers can be returned to their default states by some similar process. Check out the related Firefox support page or Chrome page.

If malware is the cause of your trouble, the homepage hijacking will resume even after you've reset the browser. In that case, you'll have to thoroughly disinfect your system ? a good thing to do any time something weird starts going on with your PC.

Last week's Top Story, "A dozen tools for removing almost any malware," has the info and free tools you need to get your PC totally malware-free!
 
Replying is not possible. This forum is only available as an archive.
Top