[James (Jim) Hillier]

We recently reported the introduction of two new free malware scanner/removers, one of which is the latest offering from Microsoft called Microsoft Safety Scanner.

As luck would have it, I was just recently presented with an opportunity to take this new malware scanner/removal tool for a test drive:

A client's laptop was obviously infected so I immediately ran a full scan with SuperAntiSpyware, which identified and subsequently removed 4 generic trojans. As is my usual policy, once infections have been confirmed, I always scan again using a different product. This has generally been Malwarebytes Anti-Malware but this time I decided to use Microsoft Safety Scanner to see how it fared.

The good news is, it is portable so no installation is necessary. The bad news is, it is a 70+ MB download.

The first thing that struck me, there are no options available for selecting a specific drive to scan. No biggee, but if there are multiple internal drives connected, then it will just scan them all....which is a bit of a pain in the you know what.

The scan took a long time to complete, just over 5 hours 45 minutes. Some might regard that as a bad thing but I thought it was an indication that the software was being very thorough, so I considered it a positive.

Now for the very bad part; at scans end Microsoft Safety Scanner reported a further 4 infections BUT it did not offer any expanded information. It did not name which files were infected nor give their location. Neither did it offer any choices for dealing with the infected files, removal was the one and only option.

Why is that bad? Well, considering security software's propensity for reporting false positives, one needs to identify exactly which files are affected before making any final decision on how to deal with them; without any positive identification complete removal is very risky. If one is uncertain then some sort of temporary storage facility, such as 'quarantine' or 'virus chest' is a must. One can then place an infected file in the temporary storage area and wait and see what ill effects (if any) the missing file has on system performance/stability. If the file proves to be essential, one can simply restore it. Or, if after a period of time there are no ill effects, the file can be fully deleted at the user's discretion.

This is overall very disappointing from Microsoft; the scanner appears to be thorough and effective but the absent details together with the lack of any temporary storage for flagged files renders it pretty useless.

[marko]

A somewhat dissapointing first experience of Microsoft Safety Scanner then Jimbo - does make me wonder whatever happened to beta testers when they don't flag even the basics anymore!

[James (Jim) Hillier]

Yes, it's a strange one Marko. I searched hi and lo through the interface (although it is a very simple one) and couldn't find any way to get expanded information. Left and right clicked on the flagged items......nothing!!

Maybe I missed something obvious, it has been known to happen , but until someone tells me different I won't be recommending MS Safety Scanner to anyone.

[marko]

Just downloaded and scanned myself Jim, the third option (custom) allows you to choose a drive or folder to scan but by default it scans local hard drives. Not the most comprehensive scanner in the world if you ask me, but I'm beginning to think this is by design, a simple scanner for those users who don't want loads of options or confusing menu's. The fact it's portable would probably account for why there are no 'quarantine' options, etc, but as you rightly say, this could be a dangerous situation for false-positives. Only time will tell if this basic scanner will catch on

(Just also noticed this scanner has to be downloaded every 10 days to stay up-to-date - not the most convenient situation!)

[James (Jim) Hillier]

Quote

the third option (custom) allows you to choose a drive or folder to scan

Oh, okay thanks mate...I must have missed that.

Quote

Just also noticed this scanner has to be downloaded every 10 days to stay up-to-date - not the most convenient situation!

Yes, but that is normal procedure for portable scanners mate. The scan engine cannot just be updated on its own, so the whole things needs to be downloaded all over again.

Useful for when infections prevent the host machine from connecting to the net (which also prevents any installed scanner/removers from updating definition databases). Use a different [clean] machine to download, place on USB flash drive and then connect to infected machine and scan.

[marko]

True Jim, could be handy I guess to just download and scan in those circumstances, and if we consider some of the rescue discs, we're talking about 200-300Mb+ for some of those bad boys, so maybe not quite as sizeable in comparison as we first thought

[FreeWareFan]

I've found M$'s tool that can create something like rescue CD/DVD/USB http://connect.microsoft.com/systemsweeper

[marko]

That's another nice find FF, on the updates just now and will add that just shortly
Cheers
Marko