Online threat research sites are nothing new. McAfee, Symantec, Trend Micro, and most other antivirus and antispyware vendors have been offering "Encyclopedia Malwaria"-type coverage of what the software bad guys have been up to for quite a few years. Now that Microsoft's in the anti-virus and anti-spyware game, it should surprise absolutely no one that Microsoft finally launched the Microsoft Malware Protection Center portal in July.
Naturally, the new Malware Protection Center is a must-stop destination for users of Microsoft's Windows Defender antispyware and Forefront antivirus programs: it offers downloads of the latest definitions for both products in both 32-bit and 64-bit versions. However, no matter whose malware protection programs you use, the Malware Protection Center can also be a useful research tool.
What malware's popping up (pardon the expression) most often? The front page of the website offers four 'top ten' lists of desktop threats, top MSRT detections, most active email threats and top adware and spyware. It may not make you feel any better to know your system's been hosed by one of the biggest threats on the market, but seriously, the lists are a good way to keep track of what's going on the world of malware. The entries provided here are often the most detailed available on the entire site.
The descriptions the Malware Protection Center offers of various recent threats are often easier to understand than those offered by other threat encyclopedias. Microsoft makes it easy to compare and contrast its descriptions by providing cross-references to other vendors' names for a particular threat. For example, the threat that Microsoft displays as Trojan:JS/Agent.FA is known variously as Trojan-Clicker.HTML.Agent.a (Kaspersky), Troj/Clicker-EB (Sophos) or Trojan-Clicker.HTML.Agent.a (Sunbelt Software).
Unfortunately, the Prevention tab for any threat reads like the one for every other threat (set up a firewall, install updates, and so on) - there doesn't seem to be any customization. And, Microsoft doesn't mention that system restore files can be very convenient hiding places for malware you've removed from the working Windows installation (other vendors do provide this reminder when necessary). Descriptions of older threats may indicate only that the threat is detected or removed by the current antivirus or antispyware program.
The Tools and Resources page provides links to downloads, white papers, and other resources for Microsoft security products, including a link to the latest version of Microsoft's malicious software removal tool. A link to the Live One Care Safety Scanner web-based antivirus and antimalware tool is also available from the website. Use the Submit a Sample page to send in suspicious files - and with up to a 10MB file size limit, you can submit some hefty samples.
Microsoft Malware Protection Center is admittedly a 'version 1.0' portal, but it already offers some useful resources for users of Microsoft products and enables users of other programs access to helpful tools and research. Whether you use Microsoft or other security tools, it's worth a look.
No comments:
Post a Comment