Microsoft will not patch XP if rootkit is present

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Mumbodog

Thread Starter
Joined
Oct 3, 2007
Messages
7,889

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear Mumbodog,
The point is well taken! What strategems and methods is MS using to ascertain that a particular PC is infected? I would see it the other way round (at least for the techguy members), in that if you have allowed "automatic updates "option "on" and still didn't get your tuesday updates, then use Sophos, Rootkit Revealer, T-M's Rootkit Buster,GMER(safe mode) ,just to name a few, to identify the culprits. Correct me, are kernel level rootkit infections manually removable. or you have to use the backup(which you are supposed to have) and nicely re-image the C drive! Backup the backup the backup! I have no experience with other softwares ,but Mac.Reflect allows you the luxury of re-implanting whichever partition you need! website of the free version of M-R : http://www.macrium.com/reflectfree.asp

PS: MS knows you from kernel up,shhhh!:D
 

Mumbodog

Thread Starter
Joined
Oct 3, 2007
Messages
7,889
What strategems and methods is MS using to ascertain that a particular PC is infected?
I don't think it all that complex, and does not pertain to every update MS pushes out, only certain critical ones.

This does not prevent you from getting these updates via automatic updates, but:

When the update is executed to install it does a pre check of the critical file that is going to be replaced, if there is any indication it has been tampered with, then the update will not install and generate an error message suggesting what you need to do.

.
 

Snagglegaster

Banned
Joined
Sep 12, 2006
Messages
1,906
MS distributes their Malicious Software Removal Tools with via Windows Update, and it does an excellent job of detecting and removing malware that can interfere with installation of updates and patches. It updates monthly on Patch Tuesday, and runs automatically after it is updated. It's major drawback is that it has a very narrow focus; i.e. it doesn't try to remove traditional viruses or anything MS considers "spyware". Users can also run it manually, and I'd say it's an excellent example of an underutilized free resource. I expect many ignore it simply because it's a Microsoft tool.
 

tomdkat

Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
I expect many ignore it simply because it's a Microsoft tool.
Or many aren't conscious of it since it really doesn't present itself to the end user in any way. It simply might need more exposure to Windows users. :)

If it gets installed and runs without user intervention, it might be running on more systems than people are aware of.

Peace...
 

Snagglegaster

Banned
Joined
Sep 12, 2006
Messages
1,906
Very good points. I agree that MS should publicize the tool more. At the same time, the software is intended to be unobtrusive and run quickly; just do the job and get out of the way unless a problem is detected, though it does announce itself when it starts. Nonetheless, I bet most of the folks who are paranoid about letting Windows automatically update are equally skeptical about the Malicious Software Removal Tool.
 
Joined
Aug 8, 2009
Messages
361
Or many aren't conscious of it since it really doesn't present itself to the end user in any way. It simply might need more exposure to Windows users. :)

If it gets installed and runs without user intervention, it might be running on more systems than people are aware of.
Microsoft says the Windows Malicious Software Removal Tool only runs right after it is updated or loaded for the first time. It then sits idle until it gets a new update. Users can run it manually.

I get the impression it targets only a few bits of malware. MAybe less than a hundred rather than the many tens of thousands that an antivrus product will target.
 

Snagglegaster

Banned
Joined
Sep 12, 2006
Messages
1,906
Just like ComboFix, the authors of the Malicious Software Removal Tool don't say much about what it actually targets outside of a few high-profile items like the Conficker Worm. Running in the default quiet mode, it's pretty fast; if it detects a problem and you run a full scan with it, scan times can be very long. As in hours long. I'd have to expect it scans a large database, but certainly not as extensive as more full-featured products.
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
MS distributes their Malicious Software Removal Tools with via Windows Update, and it does an excellent job of detecting and removing malware that can interfere with installation of updates and patches. It updates monthly on Patch Tuesday, and runs automatically after it is updated. It's major drawback is that it has a very narrow focus; i.e. it doesn't try to remove traditional viruses or anything MS considers "spyware". Users can also run it manually, and I'd say it's an excellent example of an underutilized free resource. I expect many ignore it simply because it's a Microsoft tool.
Right now, April's MSRT is running on my machine!;)(y)

PS: I run a complete scan every month, like going to the Church and praying to The Lord "Divine Father, may Microsoft not upset my apple cart and may you shower your blessings on Bill or Balmer with common sense,to allow Win.XP with updates"!
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
This issue, i feel is important for us to address! Accepted that if Rootkits are present , the latest critical updates will be denied to the end-user!

Now, that really is a double-whammy for folks out there,in the wild,if i may be permitted to add, who might not know why they are not getting their regular 2nd Tuesday dose of MS updates. To add confusion to chaos, how many would understand why and be able to root out Rootkits and try and get back the updates? Beats the essence out of me!!:(:(
 

tomdkat

Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
Now, that really is a double-whammy for folks out there,in the wild,if i may be permitted to add, who might not know why they are not getting their regular 2nd Tuesday dose of MS updates. To add confusion to chaos, how many would understand why and be able to root out Rootkits and try and get back the updates? Beats the essence out of me!!:(:(
As it stands now, if a Windows update fails to install, the user is informed of the installation failure and an error code of some kind is shown. In the "Windows update history", you can get more detailed information about any given failed update.

I don't know if Microsoft will warn users differently if a detected rootkit is preventing the update from applying but at the very least the user will have the current "failed update" notification method available.

Peace...
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear tomdkat,
Now, there is another angle to this C+C:eek:! The various options offered by Microsoft to updates, like for ex. "download but don't install"( something like --> let's marry but sleep in different rooms:D), may further pose problems to the unwary as these are rated "critical"! I appreciate your cool analysis of a situation!(y)(y)
 

tomdkat

Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
Dear tomdkat,
Now, there is another angle to this C+C:eek:! The various options offered by Microsoft to updates, like for ex. "download but don't install"( something like --> let's marry but sleep in different rooms:D), may further pose problems to the unwary as these are rated "critical"! I appreciate your cool analysis of a situation!(y)(y)
Yep, those who have effectively disabled the automatic installation of Windows updates won't be notified of any rootkit issues they might have until they try to install any given update. If the update they choose to install is one that includes a rootkit check, that update should fail as any given update they choose to install could fail (if failure is imminent).

I don't think any permutation of windows update installation process that is used will result in an anomaly of any kind, given the new rootkit check policy.

Peace...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top