Windows Secrets Newsletter: Windows Defender Offline-old name, new use

windows secrets

By Woody Leonhard/Windows Secrets Newsletter

Microsoft’s newly released beta version of Windows Defender Offline, a rootkit-sniffing and Windows-rehabilitation tool, should be the latest addition to your bag of Windows-repair tricks.

WDO should be able to catch a wide variety of nasties that evade detection by more traditional antivirus methods.

Although the name’s been around for years, don’t confuse this new version of WDO with previous incarnations — it’s a whole new animal and helps PC users in two very different situations:

1. Windows won’t boot: You can boot your machine with a WDO CD or USB drive, and WDO will perform a detailed malware scan.

2. You suspect you have a rootkit: WDO can scan your system and remove many different kinds of rootkits.

Oddly, Microsoft has been uncharacteristically mum about Windows Defender Offline. If there are any published technical details about the program — what it does or how it works — I haven’t found them. With a bit of reading between the lines, here’s what I can say:

WDO is almost identical to an earlier product called Microsoft Standalone System Sweeper. Microsoft released the beta version of MSSS in May. (Susan Bradley’s July 28 Top Story talked about MSSS.) The size of the program hasn’t changed. The format of the signature files appears to be identical. The earlier product doesn’t mention Windows 8, but WDO most definitely does run on Win8 Developer Preview.

As best I can tell, WDO uses the same signature files used by Microsoft Security Essentials (MSE). However, I know of one instance where a piece of malware was not caught by MSE but did trigger a WDO response. I have no idea why.

Here’s the rest of the story.

This post is excerpted with permission from Windows Secrets.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

How to Fight a Malware War

malwar

A tip-filled conversation with Andrew Brandt, director of threat research at Solera Networks, reveals some of the ways hackers sneak malware into PCs.

Read More

Tech Support-call Cons

phonescam

“Hello. This is Microsoft Tech Support. Your PC has notified us that it has an infection.” The call is a scam — an extremely prevalent one. Here’s how it works and what you need to know to stay out of the trap.

Read More