Security

Microsoft Releases Old Recovery Software in New Wrapper

Microsoft releases old recovery software in new wrapper

Last week Microsoft released (or perhaps I should say re-released) a beta version of Windows Defender Offline, a seriously useful tool for recovering dead Windows XP (SP3), Vista (RTM, SP1, SP2), Windows 7 (RTM, SP1), or Windows 8 (Developer Preview) systems. Yes, it even works on Windows 8.

Curiously, except for the Windows 8 support, it's almost identical to the old Microsoft Standalone System Sweeper.

Windows Defender Offline is designed to be used when you can't boot an infected PC. You create a Windows Defender Offline USB drive, CD or DVD, or ISO file, then boot from the Windows Defender Offline device. Windows Defender Offline performs a scan based on its stored signature files. Since you're not booting to the copy of Windows installed on your PC, Windows Defender Offline stands a fighting chance at identifying rootkits and other malware that fly underneath the operating system radar.

Acquiring Windows Defender Offline is a three-step process. First, you download and run an installer/updater. You're given a choice between 32- and 64-bit versions; choose the bit count matching that of the PC you're trying to fix, not the one that's doing the downloading and installing.

Next, run the installer/updater to create a bootable USB drive, CD or DVD, or bootable ISO image. If the USB drive already has Windows Defender Offline installed, running the installer/updater will update its signature files. If it doesn't already have Windows Defender Offline installed, the USB drive, CD, or DVD is reformatted prior to installing Windows Defender Offline.

Finally, you boot to Windows Defender Offline on the afflicted PC. If you have a multiboot system, you must choose one of the OSes; Windows Defender Offline will scan only one system at a time. Windows Defender Offline takes over, giving you the opportunity to run a quick, full, or custom scan. Much like Microsoft Security Essentials, tabs on the interface let you update the signature files, look at the scan history, or exclude specific files or folders. In my tests, it took about 20 minutes to run a full scan on a Windows 8 Developer Preview machine.

The PC you use to install Windows Defender Offline must be connected to the Internet. The PC you scan need not be connected.

All in all, Windows Defender Offline looks and behaves much like Microsoft's Standalone System Sweeper, which has been around since May. Why, you might ask, is Microsoft changing the name of the product? It looks to me like the company is trying to revitalize the old "Windows Defender" name one small step at a time.

Windows Defender, you might recall, grew out of Giant AntiSpyware, which Microsoft bought in 2004. The package morphed a little bit and changed its name, finally emerging as Windows Defender for XP in 2006. Vista shipped with Windows Defender built-in. In a parallel universe, Microsoft bought Sybari in 2005 and turned it into Microsoft Forefront, the enterprise product you undoubtedly know well. Microsoft developed a consumer -- and later, small business -- version of Forefront, calling it Microsoft Security Essentials, which was released in final form in 2009. Microsoft Security Essentials is a free download, but Windows Vista and Windows 7 don't mention it anywhere. Installing Security Essentials or Forefront effectively disables Windows Defender; although vestiges of the old Defender remain, they're well-hidden.

The evolution of Defender and its supplanting by the free Security Essentials took place against a backdrop of real and imagined threats of lawsuits by the major antivirus software manufacturers. Amazingly, the antivirus industry not only survived, it thrived. Perhaps that's why Microsoft now feels comfortable putting considerably more sophisticated antivirus capabilities into Windows 8.

Windows president Steve Sinofsky says on the Building Windows 8 blog, "With Windows 8 we are extending the protections provided by Defender to address a broader range of potential threats." Remarkably, it appears as if Microsoft is recycling the old "Defender" moniker -- probably to avoid confusion with Microsoft Security Essentials -- and giving it all sorts of advanced features that don't appear in the old Defender, Forefront, or Security Essentials.

The specter of antitrust legal action still looms, though. In the same blog post, Sinofsky tosses out a CYA: "We're continuing to work with antimalware partners during the Windows 8 development process so you have the best possible Windows PC experience no matter what antimalware solution you choose. We provide them with resources, such as the technical details of how we architected the performance improvements for Windows Defender, so they have the opportunity to make similar improvements to their products."

By renaming the old Standalone System Sweeper as "Windows Defender Offline," Microsoft is starting to get everyone accustomed to the new use of the old "Defender" name. Subtle. Smart. Expect to see more examples as Windows 8 continues on the path to RTM.

This story, "Microsoft releases old recovery software in new wrapper," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Subscribe to the Security Watch Newsletter

Comments