Showing posts with label Virus. Show all posts
Showing posts with label Virus. Show all posts

Thursday, February 20, 2014

Windows Defender Offline

Looks like a handy tool. I've used various recovery discs including those based on Windows PE.

From Mark Minasi's latest newsletter:

"You know Windows Defender.  It's been built into Windows since (if memory serves) Vista.  It fought spyware in Vista and Windows 7, and then Microsoft expanded its focus to include regular old virus-y malware in Windows 8/8.1.  It's a perfectly nice in-the-box tool, but like all anti-malware tools, it hasn't a chance to detect the strains of malware designed to hide themselves in plain site, malware with a kind of "cloaking device" wherein the malware modifies the operating system so that scanning an infected file just turns up a "nope, no malware, nobody but us chickens in here!" report.  And if you're on this mailing list, the chances are very good that you know that we call such hard-to-detect malware "rootkits."

Invisible malware like rootkits sounds dire, but given that they can only remain invisible while the infected OS is running, there's an obvious way to find them -- run the malware scanner under another, uninfected OS.  One way to do that would be to physically remove the boot hard disk of the machine in question, plug it into an uninfected machine and scan the questionable drive, but that's a lot of work.

The better answer arrived a few years ago when Microsoft released a free, cut-down version of Windows that fits on a CD or a USB stick called "Windows PE" and I'm hoping that most of you are using it now for maintenance and deployment tasks.  (Look at Newsletter 59 if you've never created a USB stick.  I use it heavily in my free Steadier State tool as well as when trying to revive dead systems.)  Anyway, WinPE's great, but there wasn't much in the way of anti-malware tools that could run atop WinPE.  Microsoft fixed that by building and giving away a WinPE image that includes a version of Defender -- they call it "Windows Defender Offline -- built right in.  Stick it on a USB stick or CD, cold boot a system with it and rootkits are revealed.  Neat.  You can find it here with download links at the bottom of the page:

http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline

Permit me to offer a few notes on it:

1) This is NOT new, as Defender Offline's been around since December 2011.  I'm telling you about it in February 2014, however, because I mention it a LOT when I do talks and invariably get totally blank looks from 98% of the crowd.  (That's true even when I'm talking to security experts.  Eek.)  If you're on my mailing list, the chances are that you're Windows tech support for SOMEBODY, whether you're getting paid for it or not, and starting off with a rootkit check can save you a whole LOT of time.  I recommend that everyone reading this put Offline Defender on a USB stick and keep it in their bag of tricks.  (I've found that Sony's "Microvault" USB sticks are a nicely matte white, allowing me to write on them with a Sharpie to keep track of which USB stick is the Defender, which runs Clonezilla, and so on.  If anyone out there knows a cheaper USB stick that you can write on, please drop me a line.)

2) As I mentioned before, this works perfectly well on Windows Server.  We had a malware scare a few months ago and I tested my Server 2012 systems with it, and it didn't refuse to run on a Server SKU.  Similarly, I've got an ISO of Defender Offline that I boot my Hyper-V VMs from when I need to test them for rootkits as well.)

3) I've just noticed that the Defender Offline page says that you need a newer version, a Windows Defender Offline beta, to run it on Windows 8.1 systems.  I'm fairly certain that I've run Defender Offline on my 8.1 systems, but if Microsoft says you need the beta, I guess you should get it for 8.1 and presumably 2012R2."

Wednesday, April 18, 2012

Macs Stink

Despite what some will tell you, Macs stink and stink some more.

And they smell, too.

(I really don't have any problems with Macs - I just cannot let go of the statement by a co-worker at a sister company that they are "impervious" to viruses.)

Thursday, October 20, 2011

Steve Jobs - Choice of Treatment

andrewchen Ramzi Amri's answer to Why did Steve Jobs choose not to effectively treat his cancer? - Quora http://t.co/uI7cchjbMon, Oct 17 10:52:14 from Timely by Demandforce

And while medical science may not be perfect, it is why I play the odds with traditional treatments. For example, I will continue to get flu shots. According to the CDC, the vaccine would not cause me to be sick and my illness started before the two weeks needed for the shot to build up my immunity.