APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Microsoft Standalone System Sweeper

Microsoft Standalone System Sweeper (link dead, sorry) is a free download from Microsoft for malware scanning from a boot cd or USB drive. It works with XP (SP3) and Vista/Windows 7. That's a handy tool to have in your pocket.

Complaints

I'll start with the complaints. There are only two or three, really, which is actually almost a compliment when discussing Microsoft programming: usually there is much more that annoys me.

No ISO image

First up is the lack of an ISO image. Oh, the software you download can create an ISO, but that's an "advanced" option. To get that ISO, you have to run the executable in Windows.

I do understand the reasoning here: most Microsoft users wouldn't have any clue what to do with an ISO. There are possibly even people reading this who drew a blank on that TLA. So, sure, give the helpless the tool they need.

But did the programmers even think that there might be circumstances where a person in need of this tool doesn't happen to have access to a working Windows machine? Did they stop to think that it might make far more sense to burn that CD or flash drive from a non-Microsoft operating system?

No, of course they didn't.

One XP system I tried needed to download an IMAPI update - my bet is that it only needed that because of the option to create a bootable flash drive - surely not to write a CD?

Memory

The second gripe is the memory footprint. This tool requires 768 MB. I know that in todays world of sloppy programming, that must seem quite Spartan, but reality is that there are a lot of 512 MB XP boxes out there, and they may be the systems most in need of scanning.

But that's just a gripe. The complaint is that if you carelessly run this on a machine lacking that amount of memory, it will fail mysteriously. That is, it won't tell you that you lack sufficient RAM, it will simply fail with hexadecimal error codes. Worse, I got two different codes: 0x80072ee7 when it couldn't connect to download updates and 0x8050800c after it managed to download new data definitions. Looking up either of those would never cause you to believe you simply lacked RAM.

Those updates

The first thing this wanted was to download updated malware files. Gee, why couldn't you have done that before writing the CD? Also, why does it refuse to do anything unless it gets those updates? Isn't scanning with out of date information better than not scanning at all?

By the way, if you do have to download updates manually, the file you apparently want is mpam-fe.exe. That's the Security Essentials update. They send you to the page where that lives, but don't bother to tell you what to get.

But it is fast

System Sweep results

I ran this against a 32 bit XP with almost 300,000 files running in a VMWare virtual machine configured to use one CPU core on my five year old 32 bit Macbook Pro. It finished in an hour and fifteen minutes with all that working against it. Honestly, i was expecting it to take all day - maybe more. On a real machine with decent hardware, you might be able to go have a cup of coffee and find this finished when you returned.

It didn't find anything, by the way. That's not surprising; I rarely use that system.

So, aside from the fact that this is useless for 90% of XP systems I see in the field (because of the memory overhead), it's fast and looks like it does the job.


Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Review of Microsoft Standalone System Sweeper


8 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Mon Jun 6 19:35:56 2011: 9532   rbailin

gravatar


According to the System Sweeper page you link to, the download of current malware definitions only occurs before composing the iso file and writing it to disk. The target infected system doesn't need an internet connection.

This is a beta product that uses the Windows PE (pre-installation environment) O/S version 2.0. According to the tech ref for Windows PE, it requires a minimum of 256MB of memory for a RAM disk and the applications (more for the 64-bit version). In addition, the RAM disk can run from a compressed image. So I imagine that the 768MB minimum is simply a result of sloppy programming or trying to be all things to all users by including rarely needed drivers and other support programs. Non-essential debug symbol tables may also be included.

Also note that this beta software comes in both 32- and 64-bit versions, and for some odd reason the version you use must match the version of the O/S on the target system. Unless they're doing system specific checks of the registry or specific files, I can't see why it's necessary to know this, and for most users, this info is unknown and unknowable on an unbootable windows system.

Bob



Mon Jun 6 19:46:08 2011: 9533   TonyLawrence

gravatar


But it did NOT update my cd - I had to do the downloads at runtime. You don't need internet though - you can put the mpam-fe.exe on a USB stick or wherever.

Good point - unbootable systems are rather unknowable :)



Mon Jun 6 20:31:52 2011: 9534   rbailin

gravatar


I'll have to give it a try then. I would not expect an infected system to remain connected to the Internet. To me, standalone means just that, standing on one's own, disconnected.

Congratulations, Tony, looks like you've found a bug in an MS beta product!



Tue Jun 7 14:57:04 2011: 9535   BigDumbDinosaur

gravatar


Congratulations, Tony, looks like you've found a bug in an MS beta product!

Now that's a once-in-a-lifetime event! :)



Wed Jun 8 01:40:41 2011: 9536   Sledge

gravatar


I used this on a Small Business Server one new Years Eve/Day. I was surprised that it did the job as well as it did. It finished twice in four hours (just to be safe). And I had to grab updates for a CD image they created while I was on the phone.
At the time however, it was only available from Microsoft support and it expired after 90 days. If they aren't going to fix their unchecked buffer overflows, this is the least they can do to clean up afterwards.






Wed Jun 8 22:08:29 2011: 9539   BruceGarlock

gravatar


I ran into the same issues Tony did with the IMAPI needing to be installed. Then I got a little further with the "install" process, but it threw me an error saying that it needed to be connected to the Internet.. So another bug in this beta is that it does not work when you use a proxy server to connect to the Internet, and that proxy server requires a username and password.

They should at least include a link to report bugs like this, especially since its a public beta. Come to think of it, Internet explorer properly connects to the Internet using my "System wide Internet Options" and other apps like Team Viewer which have an option to use the "System Wide Proxy settings" seem to work just fine.

A bit of a glaring oversight if you ask me. Not to mention, why the hell don't they just offer an ISO image? The last thing someone wants to do if they are in a rush to clean out a system that's infected, is run a windows application just to generate an ISO image or burn a CD! It just doesn't make any sense...







Fri Jun 17 15:44:47 2011: 9573   ritslinux

gravatar


Like you sad: download has to many drawbacks: On an infected XP-machine it wil not download at all.
I would advice make a iso available regardless the OS, so anyone/any OS can download burn the iso and start a scan on an MS-box.






Sat Jun 18 22:57:04 2011: 9575   Atra

gravatar


Went through all the BS: Downloaded Sweeper; tried to create cd; had to find and download Imapi v2.0; Needed hotfix to dwnld Imapi; had to run Windows Validation to dwnld hotfix; had to restart; Finally created cd; booted laptop with newly created cd; had to find and dwnld definition update to thumbdrive; had to install update; error = not enough memory to install update; Sweeper won't scan at all w//out the update.
MS stands for MOSTLY STUPID SOFTWARE!!!

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





In fact, my main conclusion after spending ten years of my life working on the TEX project is that software is hard. It’s harder than anything else I’ve ever had to do. (Donald Knuth)

Every piece of software written today is likely going to infringe on someone else's patent. (Miguel de Icaza)







This post tagged: