Microsoft retains weapon to silently scrub XP

Will automatically push malware cleanup tool to Windows XP until July 2015

Microsoft will be able to silently reach into Windows XP PCs for more than a year after it stops patching the aged OS to clean malware-infected machines, sources close to the company confirmed Friday.

The Malicious Software Removal Tool (MSRT) will continue to be updated and deployed via Windows Update through July 14, 2015, 15 months after the Redmond, Wash. company serves its final public security patches for XP on April 8 of this year.

By extending the life of the MSRT -- and more importantly, automatically running it each month -- Microsoft will be able to clean some PCs if massive malware outbreaks hit Windows XP after it's retired from support.

MSRT is updated monthly as Microsoft targets one or more major malware families it believes are the biggest current threats. The tool is posted for manual download on Microsoft's website and distributed through the Windows Update service on "Patch Tuesday," the second Tuesday of each month when Microsoft pushes security patches to customers running still-supported editions of Windows. MSRT automatically installs on PCs with Automatic Updates enabled, and then runs a seek-and-destroy mission in the background without any action on the part of the user.

MSRT is not an antivirus program, but rather a cleaning utility designed to eradicate malware that has already snuck onto a Windows PC. The tool was first released in 2005, but was last updated Jan. 14, 2014, when Microsoft added detection and deletion capabilities for the "Bladabindi" malware family.

The extension of MSRT availability was part of the firm's decision earlier this month to offer new anti-malware signatures to XP customers who run the company's free Security Essentials antivirus (AV) software.

Previously, Microsoft said it would stop shipping Security Essentials' signature updates to XP PCs after April 8. But in a tacit nod to XP's widespread use, Microsoft postponed the cut-off until July 14, 2015.

With MSRT, Microsoft will have a weapon at the ready in case widespread malware infections strike XP machines after April 8, something the company has said is likely. If new malware pops up, or an older virus, worm or Trojan horse begins infecting large numbers of Windows XP systems -- perhaps because they exploited a vulnerability that will never be patched -- Microsoft can at least use the MSRT to try to disinfect those PCs.

Extending MSRT's life on XP will not only help customers still running the 13-year-old OS, but is also smart for Microsoft, which could face a public relations backlash if large numbers of compromised Windows XP machines are used by hackers to infect other devices running Vista, Windows 7 and Windows 8.

Although Microsoft has not stopped urging customers to dump XP, it has recognized that millions of machines will continue to run the ancient OS for months and maybe even years to come.

According to metrics company Net Applications, Windows XP's user share -- the percentage of all personal computer owners who went online with that OS -- stood at 29% at the end of December 2013. Computerworld has predicted that about 20% of all personal computers will be running the operating system at the end of 2014.

Andreas Marx, CEO of AV-Test, a German company that evaluates security software, said Microsoft's decision to continue providing signatures for Security Essentials was prompted by the still-large numbers of PCs running XP.

"It's a significant move, which is likely driven by the (still) high market share for Windows XP, especially in countries like China or India, as well as the millions of users who are using Security Essentials as anti-virus protection on Windows XP," said Marx in an email reply to questions earlier this month.

Security Essentials has performed poorly in AV-Test's recent exams, and Marx cautioned users who plan to reply on it to keep their systems safe after Microsoft stops patching XP. "[Security Essentials] is baseline protection and well-suited for people who are not often using the Internet," Marx said. "But if you're online quite often and for long times, if you do financial transactions with your system and the like, I would strongly recommend switching to a commercial security suite."

Most antivirus vendors will continue to provide customers running Windows XP with up-to-date signatures for years after Microsoft pulls the patch plug in April.

Kaspersky, BitDefender and Avira -- the last is free -- were the top-scoring consumer antivirus programs for Windows XP in AV-Test's latest head-to-head comparisons. For business PCs, Kaspersky, Symantec and Trend Micro ranked 1-2-3.

Instructions for turning on XP's Automatic Updates can be found on Microsoft's support site, along with a "Fixit" tool that takes care of the chore with a single click.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Tags MicrosoftWindowssoftwareoperating systemsMalware and Vulnerabilities

More about AppleAviraBitDefenderGoogleKasperskyMicrosoftSymantecTopicTrend Micro Australia

Comments

Comments are now closed

Intel planning thumb-sized PCs for next year

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]