Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I heard Microsoft's Standalone System Sweeper mentioned on the Security Now podcast sometime last year, and recently when several friends and relatives, that are still unfortunate enough to be running Windows, asked me for advice on repairing malware infections, I recommended they try it. They've all had positive results. Also it is turn-key enough that non-technical users can employ it themselves. It has saved me from making on-site visits. To use Microsoft's Standalone System Sweeper you download an installer on an uninfected Windows machine, and run it to produce a bootable CDR, DVD, or USB drive. You then boot the infected system with the media you created and it scans/repairs the system. I think it is about time there was a commercial solution for malware remediation that didn't depend on the infected OS. I always found the idea of downloading and running repair tools on an infected system to be tenuous. For the technically inclined, the best option was always to boot a live CD (Linux or Windows) and run repair tools from that. Microsoft seems to recommend SS only if other methods have failed, but I tend to think that if you notice malware symptoms despite running real-time protection (say Microsoft Security Essentials), then your first response should be a tool like SS. I plan to recommend to my friends and clients that they run SS prophylacticly every 6 months. I would, however, like to know more about what System Sweeper does. For example, why do they have both a 32-bit and 64-bit version? (The architecture needs to match the target system that will be scanned/repaired.) It raises the possibility that they are bundling repair files onto the CDR to replace commonly damaged files, and that the CDR only has enough capacity to handle one target type. Why doesn't Microsoft provide an optional ISO file to download? It would permit you to use more secure systems (like Linux) to create the media, and if all you had was an infected system available, probably less risky to download and burn an ISO than running the installer. Sure, the tool would need the latest virus signatures, but a scheduled job could regenerate the ISO file on Microsoft's servers periodically. What does SS actually do when it scans a system? It seems to both detect and repair problems. Can it replace corrupt or infected Windows files? Does it include replacement files, or does it just know how to repair the on-disk files from specific types of damage? Does it exclusively scan for virus signatures, or does it also compare the hash of system files against a database of hashes of known good files? Does it repair the MBR? How does it determine the MBR is bad, and will it consider alternate bootloaders, like GRUB or Truecrypt, as infected and replace them? -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |