Newsletter Archives

• Ready, set, block 1709!

  Posted on October 15, 2017 at 07:26 CDT by woody • Comment in the Forums

  Unless you want to be part of the unpaid beta testing crew, now’s the time to block Win10 Fall Creators Update. There are plenty of guides to block it on the web – but this one has full details.

  Computerworld feature.

  Windows News block, Win10 1709, Windows 10 Fall Creators Update

• Running the Malicious Software Removal Tool while keeping it from phoning home

  Posted on April 3, 2009 at 06:10 CDT by woody • Comment in the Forums

  With the Conficker scare finally behind us (see! I toldja so!), I got an interesing message from an old friend who ran Microsoft’s Malicious Software Removal Tool, but figured out how to keep the MSRT from phoning home during the run.

  Here’s what he says:

  The Malicious Software Removal Tool EULA tries to get you to give permission for MSRT to “phone home”, in order to give MS a feel for how many infections, and on which versions of Windows, are out there in the wild. Sadly, MS has SUCH a bad track record about saying one thing and doing quite another– reporting home with ALL software names (not just the apps being updates nor just MS’s apps– ALL software and version #s on your PC get reported) and version numbers during a software patch, for example– that MS can’t be trusted to be telling the truth in their EULA.

  The EULA also warns that the MSRT won’t work after 60 days, and that sharing/redistributing/copying the file is prohibited.

  Interestingly, deeply buried in one of the support the website, there’s a way for PC nerds to block MSRT’s phone-home. It involves entering two new keys in the Windows registry: definitely not something for a n00b to do. Strangely, MSRT has a lot of command-line switches like “find but don’t fix malware”, but MS didn’t bother to make “don’t phone home” one of those command-line switches.

  Anway, I didn’t connect my Wi-Fi, thus eliminating the possibility that MSRT could phone home. I then ran MSRT twice, first using “rapid scan” and then “complete scan”. It took 5 minutes to do a simple scan, and found nothing. It took 8 hours to do a complete scan of 1 terabyte of data in 14 partitions, during which it discovered and “partly uninstalled” three viruses. During the procedure, Avira’s resident shield twice popped up to deal with those viruses. One “virus”, by the way, was a fragment of the driveby malware that sat on AskWoody.com early last year, and which I’d stored in email and in a text file. Avira routinely finds the fragment in the text file, but had never before spotted the code in my email.

  Clearly, MSRT found and somehow “revealed” these viruses in such a way that Avira could find and delete’em.

  MSRT appeared to complete normally, and –again– was fully prevented from phoning home by the simple expediency of shutting off the WiFi during that Windows session.

  MSRT created several randomly named, easily deleted folders with hidden files, branching off the root directories, on at least two of my partitions.

  Just one note from me: Microsoft is allowing Web sites to distribute the MSRT. If you look at Knowledge Base article 890830, MS says, “Per the terms of this tool’s license terms, the tool can be redistributed. However, make sure that you are redistributing the latest version of the tool.”

  Windows Patches/Security block, distribution, KB 890830, Malicious Software Removal Tool, MSRT, phone home