Showing posts with label Windows. Show all posts
Showing posts with label Windows. Show all posts

Thursday, February 20, 2014

Windows Defender Offline

Looks like a handy tool. I've used various recovery discs including those based on Windows PE.

From Mark Minasi's latest newsletter:

"You know Windows Defender.  It's been built into Windows since (if memory serves) Vista.  It fought spyware in Vista and Windows 7, and then Microsoft expanded its focus to include regular old virus-y malware in Windows 8/8.1.  It's a perfectly nice in-the-box tool, but like all anti-malware tools, it hasn't a chance to detect the strains of malware designed to hide themselves in plain site, malware with a kind of "cloaking device" wherein the malware modifies the operating system so that scanning an infected file just turns up a "nope, no malware, nobody but us chickens in here!" report.  And if you're on this mailing list, the chances are very good that you know that we call such hard-to-detect malware "rootkits."

Invisible malware like rootkits sounds dire, but given that they can only remain invisible while the infected OS is running, there's an obvious way to find them -- run the malware scanner under another, uninfected OS.  One way to do that would be to physically remove the boot hard disk of the machine in question, plug it into an uninfected machine and scan the questionable drive, but that's a lot of work.

The better answer arrived a few years ago when Microsoft released a free, cut-down version of Windows that fits on a CD or a USB stick called "Windows PE" and I'm hoping that most of you are using it now for maintenance and deployment tasks.  (Look at Newsletter 59 if you've never created a USB stick.  I use it heavily in my free Steadier State tool as well as when trying to revive dead systems.)  Anyway, WinPE's great, but there wasn't much in the way of anti-malware tools that could run atop WinPE.  Microsoft fixed that by building and giving away a WinPE image that includes a version of Defender -- they call it "Windows Defender Offline -- built right in.  Stick it on a USB stick or CD, cold boot a system with it and rootkits are revealed.  Neat.  You can find it here with download links at the bottom of the page:

Permit me to offer a few notes on it:

1) This is NOT new, as Defender Offline's been around since December 2011.  I'm telling you about it in February 2014, however, because I mention it a LOT when I do talks and invariably get totally blank looks from 98% of the crowd.  (That's true even when I'm talking to security experts.  Eek.)  If you're on my mailing list, the chances are that you're Windows tech support for SOMEBODY, whether you're getting paid for it or not, and starting off with a rootkit check can save you a whole LOT of time.  I recommend that everyone reading this put Offline Defender on a USB stick and keep it in their bag of tricks.  (I've found that Sony's "Microvault" USB sticks are a nicely matte white, allowing me to write on them with a Sharpie to keep track of which USB stick is the Defender, which runs Clonezilla, and so on.  If anyone out there knows a cheaper USB stick that you can write on, please drop me a line.)

2) As I mentioned before, this works perfectly well on Windows Server.  We had a malware scare a few months ago and I tested my Server 2012 systems with it, and it didn't refuse to run on a Server SKU.  Similarly, I've got an ISO of Defender Offline that I boot my Hyper-V VMs from when I need to test them for rootkits as well.)

3) I've just noticed that the Defender Offline page says that you need a newer version, a Windows Defender Offline beta, to run it on Windows 8.1 systems.  I'm fairly certain that I've run Defender Offline on my 8.1 systems, but if Microsoft says you need the beta, I guess you should get it for 8.1 and presumably 2012R2."

Wednesday, May 15, 2013

What's in a name?

harrymccracken I love the fact that Windows Blue’s official name is Windows 8.1. I hope there’s a Windows 8.11, too. But not for workgroups.

Tuesday, June 12, 2012

Retina Windows 7 PC

Well this answers that.
harrymccracken Tragically, the Retina MacBook Pro isn't letting me install Boot Camp. I so wanted to see if it could be a Retina Windows 7 PC.Tue, Jun 12 02:57:21 from web

Monday, June 11, 2012

MacBook Pro with Retina Display

The new MacBook Pro (full WWDC coverage here including more details) is a powerful and sexy looking machine, but will it run Windows?

Monday, February 27, 2012

Windows 8 Logo

Pogue I love the new logo for Windows 8. Ties in well to the "tiles" concept. ("Your name is Windows. Why are you a flag?"), Feb 17 17:31:22 from TweetDeck

Saturday, February 4, 2012

Windows 8 + Kinect

Some Windows 8 laptops will include the Kinect sensor system (similar to the Xbox, but tweaked to work at shorter distances). I may have to work some magic and get one at the end of this year. I think the Kinect is the "what's next" beyond the now ubiquitous touchscreens.

Friday, January 20, 2012

Win7 on your iPad

"The app—a bare-bones, free version was released last week at CES—lets an iPad run Windows 7 in the cloud. It’s a bizarre, head-turning experience: You touch the app and suddenly Microsoft’s familiar interface is emblazoned on your Apple screen. Then you tap around and everything just works—Word, Excel, PowerPoint, Internet Explorer, and pretty much anything else that runs on Windows, which is everything—can now run on your iPad."
OnLive Desktop

fmanjoo Why OnLive’s Windows-on-iPad App is Revolutionary. My first @PandoDaily post., Jan 20 13:49:04 from bitly
retweeted by sarahcuda

Thursday, January 5, 2012

Refresh and Reset

The two new big features of Windows 8:

  • Refresh gives users an easy way to reinstall the operating system if they encounter a problem. Data and some settings are kept, while potential trouble spots are wiped clean. Users will also have to reinstall most desktop apps, although apps that use the Metro interface (the bright colored UI that was designed mainly for touchscreens) will stay around.
  • Reset is a little more dramatic: it restores the PC to a clean state, like when you bought it, which will be useful when you want to sell or give away an old PC.

Tuesday, December 20, 2011

Word of the Day: Panoply

I was trouble-shooting an Active Directory/DNS problem at work today and was using my google-fu to find a resolution. My search lead me to Troubleshooting DNS - which did not help me solve my problem, but did expand my vocabulary:
"Windows supports a whole panoply of naming services: DNS, WINS, HOSTS, LMHOSTS, and more."
And thus, I present "panoply" - a wide-ranging and impressive array or display.

So Microsoft has an impressive array of naming services. Who knew?!?

Tuesday, September 13, 2011


One of the accountants at work just recently got his new Windows 7 laptop. Upon hearing that Windows 8 is coming out and will have a new interface, he wondered why they couldn't just release a Windows Classic, so we don't have to keep learning new operating systems.