Microsoft Security Essentials

I'm trying to kick start this blog as I did my other, so here goes. I came across Yogesh Mankani's review of ten free Microsoft products and noticed that one of them was an anti-malware download called Microsoft Security Essentials that requires validation before it can be installed. Seeing that I have a legal installation of Vista, I thought I'd test it out so I downloaded and installed it, then ran quick scan that didn't detect any problems. I wasn't surprised at this because I have Windows Defender and McAfee antivirus already activated.

However, I was surprised later when I opened Windows Media Player and got an alert about a TrojanDownloader: ASX/Wimad.CJ that was lurking in one of my Windows Media files that I'd downloaded in August 2007 from Limewire. The threat was flagged as severe so I removed it and then did a little investigation. According to Microsoft's Malware Protection Centre it isn't actually a trojan but instead:

TrojanDownloader:ASX/Wimad.CJ is a detection for malicious Windows media files that encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a Web browser.

Installation

TrojanDownloader:ASX/Wimad.CJ is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file. In the wild, files detected as TrojanDownloader:ASX/Wimad.CJ have been observed to be distributed with file extensions such as .MP3, .ASF, .WMA, and .ASX. The file names used have been varied and enticing.

Payload

Redirects Web traffic. At the time of writing, ASX/Wimad.CJ attempts to open a page on the www.realcodec.comdomain. Affected users may be directed to other sites or to download arbitrary files.  Microsoft strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files.

So the program has proved useful already but I was unsure what the difference was between Microsoft Security Essentials and Windows Defender until I came across this article.

Q: How is Microsoft Security Essentials different from Windows Defender?

A: Windows Defender detects and removes known spyware only. It is not designed to protect against the full breadth of malicious software, and specifically does not prevent viruses, worms, Trojans, and other malicious software from infecting your machine. The new no-cost solution will be a comprehensive anti-malware solution.

Q: Is Microsoft Security Essentials designed to replace Windows Defender?

A: No but if you are running Microsoft Security Essentials, you do not need to run Windows Defender. Microsoft Security Essentials is designed to disable Windows Defender in order to manage the PC’s real-time protection, including anti-virus, rootkits, Trojans and spyware.

Q: Does installing Microsoft Security Essentials disable Windows Defender? 

A: Microsoft Security Essentials should disable Windows Defender on Vista and Windows 7 and uninstall it from XP. In some cases, this does not happen automatically.

Q: Do I need to manually disable or uninstall Windows Defender if I am using Microsoft Security Essentials?

A: If Microsoft Security Essentials did not automatically disable Windows Defender on Vista or Windows 7, you should disable it to prevent conflicts. Windows Defender cannot be uninstalled from Vista or Windows 7. 

If Microsoft Security Essentials did not automatically uninstall Windows Defender on XP, you should manually uninstall Windows Defender via Control Panel/Add or Remove Programs.

Q: What happens if I do not disable or uninstall Windows Defender if I am using Microsoft Security Essentials?

A: If Microsoft Security Essentials and Windows Defender are both running, your system may experience performance degradation and other problems caused by the conflict of two services providing real time protection simultaneously.