From: The Desk of Jim McGorry

            Excerpts taken from the Windows Secrets Periodical

 

MICROSOFT'S SIX FREE DESKTOP SECURITY TOOLS                                                                                                 

These free utilities can prevent or cure trouble caused by viruses, worms, spyware, keyloggers, and other kinds of unwanted software.                                                                                   

Whether you're keeping your PC free from malware or cleaning up a PC that's already infected, one or more of these tools should get the job done!                                                                                               

Most Windows users probably don't know that Microsoft offers an array of free security tools. Some are included with Windows, others available by download.                                                                     

At one end of the spectrum is a simple, lightweight utility — the Malicious Software Removal Tool — that protects against some of the most common malware in circulation. At the other end of the spectrum is a heavy-duty system-scanning tool — Windows Defender Offline — that operates from its own bootable medium. It operates completely outside the installed Windows, allowing the scanner to find and remove some forms of malware that standard Windows-based security tools might miss.                                                                            

As is all too common with Microsoft, some of these tools (and their features) are somewhat difficult to find. Some tools are poorly explained; some tools' functions overlap with those of other tools. Two of these tools even have the same name — but are totally different products!                                                                              

This article should sort out the confusion; it briefly explains what the six tools are, what types of malware they target, how they work, how to access and use them, and other important facts. You'll also find links to more detailed information — and, of course, links to the free downloads.                                                             

Let's dive in!                                                                                                                                                  

The Target: Malware, as Microsoft Defines It                                                                                                                  

Microsoft divides malware into two broad loosely defined terms: malicious software and potentially unwanted software. The first category covers mostly self-replicating Trojans, viruses, worms, and similar code that infects your PC (typically for some evil purpose) and then seeks to infect other PCs.                                         

The second category — potentially unwanted software — includes undesirable (and often hidden) apps such as spyware that surreptitiously tracks you, keyloggers that capture everything you type, and adware that force-feeds you popup ads. The somewhat clumsy phrase "potentially unwanted" is meant to suggest that you might not want the software if you knew what it really did.                         

These two categories aren't precisely mutually exclusive. For example, some potentially unwanted spyware is also self-propagating, like a virus. What's more, Microsoft sometimes uses the terms interchangeably. Still, these two categories will help you understand the main purposes of Microsoft's security tools.                                                                                                                                                                                  

The Microsoft Malicious Software Removal Tool                                                                                                 

What it is: Microsoft's Malicious Software Removal Tool (MSRT) is a basic antivirus program. It comes in all current versions of Windows — XP, Vista, Windows 7, and Windows 8. When you  install Windows, MSRT is enabled by default.

What it does: MSRT automatically removes malicious software (viruses, worms, etc.) that, based on Microsoft's internal research, is considered especially prevalent and dangerous to Windows users. MSRT currently targets about 200 of the most common malware types. You'll find a list of them on the MSRT download page.                       

How it works: Windows Update automatically refreshes MSRT once a month (it's always KB 890830), usually on the second Tuesday (aka Patch Tuesday). After updating, MSRT automatically runs, scanning your PC once and removing any active malware infections it finds. No user intervention is required.>           

One scan a month isn't especially good malware protection, but you can also run MSRT manually any time you wish (see Figure 1). Simply enter mrt.exe in the XP/Vista/Win7 Start menu Search box or Win8's Search window and press Enter. Once open, MSRT gives you a choice of quick, full, or custom scans. As you'd expect, the full scan is the most thorough.

 

 

 

 

 

 

 

 

           

 

 

 

Figure 1. The Malicious Software Removal Tool is built into your copy of Windows, and provides basic protection against a selection of common malware threats.

If you want or need a fresh copy of MSRT, it's available via download pages for the 32-bit or 64-bit versions.                                                                                                                                                               

Important to know: MSRT is a strictly post-infection tool. It detects and removes malicious software from already-infected computers — and only if the malware is active and running at the time of the scan. But as MSRT Support article 890830 clearly states, the list of malware it detects represents only "a small subset of all the malicious software that exists today."

 MSRT can't prevent new malware infections. It also doesn't target potentially unwanted software (again: spyware, adware, etc.).                                                                                                                          

Bottom line: MSRT is a "better than nothing" anti-malware tool. There's no real downside to keeping it on your system — its footprint is small, its impact on system operations is negligible, and it can serve as a kind of last-ditch defense against some very common malware types, should they somehow make it into your system.                                                                                                                    

But you certainly shouldn't depend on MSRT as your only or primary defense against malicious software; it's an incomplete anti-malware solution.                                                                                                     

Windows Defender (XP, Vista, Win7 version)                                                                                                      

What it is: Windows Defender is a basic tool for guarding against potentially unwanted software. Windows Defender is installed by default in Vista and Win7, and it's a free download for XP.                                

What it does: Windows Defender provides always-on, real-time protection against spyware, adware, keyloggers, and so on. It self-updates and runs automatically.                                                    

How it works: Windows Defender continually monitors your PC's files and browsing activity. When it detects potentially unwanted software, it opens a dialog box and lets you decide whether to proceed                           with the installation.

You can also trigger Windows Defender (shown in Figure 2) manually whenever you want to scan your PC for spyware and other potentially unwanted software, as a Defender support article explains.

 

 

 

 

 

 

 

 

 

           

 

 

Figure 2. Windows Defender for XP, Vista, and Win7 offers real-time protection against adware, spyware, and similar potentially unwanted software.                                                                                                                                                        

XP users can download either 32-bit or 64-bit versions.                                                                              

Important to know: Windows Defender doesn't detect or remove viruses, worms, and similar malicious software.

Bottom line: Windows Defender complements Microsoft's Malicious Software Removal Tool. And just like MSRT, it's better than nothing. Together, MSRT and Defender are a sort of last line of defense — potentially helpful if no other anti-malware tools are active. Fortunately, superior tools are readily available (see next sections).                                                                                                                

The All-in-One Microsoft Security Essentials                                                                                                        

What it is: Microsoft Security Essentials is Microsoft's all-in-one, consumer-security tool. It targets both types of malware — malicious software and potentially unwanted software. It's a free download (site) for XP, Vista, and Windows 7.                                                                                                                 

What it does: MSE provides always-on, real-time protection for your PC. It detects and removes a wide range of malware. It's also highly automated, operating with little or no user intervention (see Fig. 3).

                                                           

 

 

 

 

 

 

 

 

 

 

 

Figure 3. Operating almost entirely automatically, Microsoft Security Essentials (MSE) provides real-time protection against malware and potentially unwanted software.                                                                                                                 

How it works: By default, MSE runs continuously in the background whenever your system is on. It updates itself every day. Along with its real-time protection, it also runs scheduled scans of your PC's                            memory and files. If you use its default settings, MSE requires almost no user input. But it's also highly configurable, should you want to change its standard routines.                             

Important to know: MSE must be manually installed; it's not built into any version of Windows. On MSE's MS Download Center page, you'll find 32- and 64-bit versions for XP, Vista, and Win7.        

Typically, to avoid conflicts between AV products, a PC should run only one real-time, anti-malware/anti-spyware tool at a time. In other words, you can run MSE or Windows Defender, but not both at the same time. In fact, when MSE is installed, it disables Windows Defender.                                                                 

In a similar vein, if you're running some other always-on, anti-malware tool, you should disable or uninstall that tool before installing MSE. (MSE can't disable non-Microsoft AV scanners.)                            

MSE's principal weakness? It's not especially adept at guarding against user error, as detailed in the April 7, 2011, Top Story, "LizaM*n infection: a blow-by-blow account." If you click past security warnings raised by Windows, your browser, and/or MSE itself, MSE will step aside and let malware install. Moreover, based on recent antivirus testing, MSE is currently not among the top-performing AV products.                                           

All of which means that MSE is not the ideal choice for casual or inexperienced Windows users, who are often more easily tricked into installing malware.

In addition to the aforementioned Top Story, Windows Secrets has extensively covered MSE — including its advantages and deficits — in previous issues. Use these links if you'd like to read more:                           

"The 120-day Microsoft security suite test drive," May 6, 2010, Top Story                                                            
"Security Essentials test drive — month 6," Sept. 16, 2010, LangaList Plus
"Two great security tools get free updates," Jan. 13, 2011, Top Story                                                         
"Is your free AV tool a 'resource pig?'," Feb. 16, 2012, Top Story                                                               
"MS Security Essentials: Poor showing in new test," Dec. 20, 2012
, LangaList Plus                    

Bottom Line: In the right hands — primarily experienced Windows users — MSE is a fine, free security tool. I use it on my XP, Vista, and Win7 machines, and I've never run into trouble with an infection.      

Windows Defender: Win8's Built-in Security Tool                                                                                                

What it is: Microsoft has a long history of confusing product names. In this case, the Win8 version of Windows Defender is nothing like the original Windows Defender for XP, Vista, and Win7. It is, in fact, effectively a renamed version of Microsoft Security Essentials.

What it does:In Microsoft's own words, the Win8 version of "Windows Defender provides the same level of protection against malware as Microsoft Security Essentials."'

How it works:Win8 Defender is virtually identical to MSE in both appearance (see Figure 4) and function.  

 

 

 

 

 

 

 

 

 

 

Figure 4: Despite its name, Win8's built-in Windows Defender is really just a renamed and minimally altered version of Microsoft Security Essentials.                                                                                                                                                   

Important to know: Unlike MSE, Win8 Defender is built into the OS — so there's nothing to download or install.                                     

Bottom Line: Because Win8 Defender is really a rebranded version of MSE, I don't recommend it for novices and inexperienced users. But it's probably fine for anyone who takes the process of PC security seriously. I use it on my Win8 systems.                                                                                 

Two Special-purpose Cleanup Tools                                                                                                                                  

No software is perfect — that includes all anti-malware tools, from all vendors. Should your AV product fail and your system become infected, you need a powerful cleanup tool to find and remove the malware.                                                                                                                                                                                   

It's also good practice to verify that Windows is truly free of malware — even if your full-time scanner appears to be working — by periodically running an AV tool that operates completely on its own.                                 

Microsoft offers two such special-purpose, cleanup/verification tools. Microsoft Safety Scanner is exceptionally simple to use — just click and run. Windows Defender Offline is harder to use, but it employs the best possible techniques for detecting malware hidden at even the deepest levels of your system.                      

 

Microsoft Safety Scanner: Is a Windows security utility that thoroughly scans your PC (see Figure 5) to find and remove both malicious and potentially unwanted software. A standalone application, it's active only when it's actually running a system scan. (It's not constantly on in the background.) That lets it coexist peacefully with whatever full-time anti-malware software you're using.

                                                                                                                                                                                  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 5. Microsoft Safety Scanner works independently of your other security tools and can clean an infected system or verify that no malware is present.                                                                                                                                                                     

Microsoft Safety Scanner is compatible with all current Windows versions: XP, Vista, Win7, and Win8. Its info/download page includes 32- and 64-bit versions.                                                                                                         

Safety Scanner is extremely easy to use; simply download and launch it, and then select whether you want a quick, full, or custom scan. At the end of the scanning process, you'll get a report of what Safety Scanner found and removed.                                                                                                                                                        

Windows Defender Offline: (WDO) is Microsoft's most powerful anti-malware tool for consumers. It's a self-contained, downloadable utility that operates completely outside Windows. After you've downloaded and launched WDO, it steps you through the process of creating bootable media (CD, DVD, flash drive, etc.) and installing the WDO files. You then restart the PC with the bootable disc/drive.                                                   

Because WDO is both operating system and AV scanner, neither the Windows installed on the system hard drive nor any other software is active. Everything on the hard drive is effectively inert. This lets WDO detect malware that is in one way or another well hidden in the Windows system. Because it's completely standalone, WDO can't conflict with other security tools you normally use.                                                              

WDO targets a wide range of malicious and potentially unwanted software. In operation, it looks and functions almost exactly like Microsoft Security Essentials or the Win8 version of Windows Defender.                               

If WDO has a weakness, it's in the task of creating the WDO media. If your system is having difficulty running because of an infection, you'll need either a working system to build the WDO media or you'll need to have media you created before the infection (in which case you might not have the latest virus signatures). If you have only one PC, I recommend putting the latest version of WDO on a flash drive once a month or so.             

You'll find both 32- and 64-bit versions of WDO for all current Windows versions (XP through Win8) on its info/download page.

Putting It All Together

The following table (Figure 6) is your one-stop reference for Microsoft's six desktop security tools. It concisely summarizes which Windows versions they're for, which kinds of malware they target, and whether they're for prevention or cleanup/verification.                                                                                                                

Take your pick: they're all free!