1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Microsoft will not patch XP if rootkit is present

Discussion in 'General Security' started by Mumbodog, Apr 15, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Mumbodog

    Mumbodog Thread Starter

    Joined:
    Oct 3, 2007
    Messages:
    7,891
  2. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear Mumbodog,
    The point is well taken! What strategems and methods is MS using to ascertain that a particular PC is infected? I would see it the other way round (at least for the techguy members), in that if you have allowed "automatic updates "option "on" and still didn't get your tuesday updates, then use Sophos, Rootkit Revealer, T-M's Rootkit Buster,GMER(safe mode) ,just to name a few, to identify the culprits. Correct me, are kernel level rootkit infections manually removable. or you have to use the backup(which you are supposed to have) and nicely re-image the C drive! Backup the backup the backup! I have no experience with other softwares ,but Mac.Reflect allows you the luxury of re-implanting whichever partition you need! website of the free version of M-R : http://www.macrium.com/reflectfree.asp

    PS: MS knows you from kernel up,shhhh!:D
     
  3. Mumbodog

    Mumbodog Thread Starter

    Joined:
    Oct 3, 2007
    Messages:
    7,891
    I don't think it all that complex, and does not pertain to every update MS pushes out, only certain critical ones.

    This does not prevent you from getting these updates via automatic updates, but:

    When the update is executed to install it does a pre check of the critical file that is going to be replaced, if there is any indication it has been tampered with, then the update will not install and generate an error message suggesting what you need to do.

    .
     
  4. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    MS distributes their Malicious Software Removal Tools with via Windows Update, and it does an excellent job of detecting and removing malware that can interfere with installation of updates and patches. It updates monthly on Patch Tuesday, and runs automatically after it is updated. It's major drawback is that it has a very narrow focus; i.e. it doesn't try to remove traditional viruses or anything MS considers "spyware". Users can also run it manually, and I'd say it's an excellent example of an underutilized free resource. I expect many ignore it simply because it's a Microsoft tool.
     
  5. tomdkat

    tomdkat Retired Trusted Advisor

    Joined:
    May 6, 2006
    Messages:
    7,143
    Or many aren't conscious of it since it really doesn't present itself to the end user in any way. It simply might need more exposure to Windows users. :)

    If it gets installed and runs without user intervention, it might be running on more systems than people are aware of.

    Peace...
     
  6. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    Very good points. I agree that MS should publicize the tool more. At the same time, the software is intended to be unobtrusive and run quickly; just do the job and get out of the way unless a problem is detected, though it does announce itself when it starts. Nonetheless, I bet most of the folks who are paranoid about letting Windows automatically update are equally skeptical about the Malicious Software Removal Tool.
     
  7. antimoth

    antimoth

    Joined:
    Aug 8, 2009
    Messages:
    361
    Microsoft says the Windows Malicious Software Removal Tool only runs right after it is updated or loaded for the first time. It then sits idle until it gets a new update. Users can run it manually.

    I get the impression it targets only a few bits of malware. MAybe less than a hundred rather than the many tens of thousands that an antivrus product will target.
     
  8. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    Just like ComboFix, the authors of the Malicious Software Removal Tool don't say much about what it actually targets outside of a few high-profile items like the Conficker Worm. Running in the default quiet mode, it's pretty fast; if it detects a problem and you run a full scan with it, scan times can be very long. As in hours long. I'd have to expect it scans a large database, but certainly not as extensive as more full-featured products.
     
  9. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Right now, April's MSRT is running on my machine!;)(y)

    PS: I run a complete scan every month, like going to the Church and praying to The Lord "Divine Father, may Microsoft not upset my apple cart and may you shower your blessings on Bill or Balmer with common sense,to allow Win.XP with updates"!
     
  10. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    This issue, i feel is important for us to address! Accepted that if Rootkits are present , the latest critical updates will be denied to the end-user!

    Now, that really is a double-whammy for folks out there,in the wild,if i may be permitted to add, who might not know why they are not getting their regular 2nd Tuesday dose of MS updates. To add confusion to chaos, how many would understand why and be able to root out Rootkits and try and get back the updates? Beats the essence out of me!!:(:(
     
  11. tomdkat

    tomdkat Retired Trusted Advisor

    Joined:
    May 6, 2006
    Messages:
    7,143
    As it stands now, if a Windows update fails to install, the user is informed of the installation failure and an error code of some kind is shown. In the "Windows update history", you can get more detailed information about any given failed update.

    I don't know if Microsoft will warn users differently if a detected rootkit is preventing the update from applying but at the very least the user will have the current "failed update" notification method available.

    Peace...
     
  12. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear tomdkat,
    Now, there is another angle to this C+C:eek:! The various options offered by Microsoft to updates, like for ex. "download but don't install"( something like --> let's marry but sleep in different rooms:D), may further pose problems to the unwary as these are rated "critical"! I appreciate your cool analysis of a situation!(y)(y)
     
  13. tomdkat

    tomdkat Retired Trusted Advisor

    Joined:
    May 6, 2006
    Messages:
    7,143
    Yep, those who have effectively disabled the automatic installation of Windows updates won't be notified of any rootkit issues they might have until they try to install any given update. If the update they choose to install is one that includes a rootkit check, that update should fail as any given update they choose to install could fail (if failure is imminent).

    I don't think any permutation of windows update installation process that is used will result in an anomaly of any kind, given the new rootkit check policy.

    Peace...
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917125

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice