Why do I need another Anti-Malware tool?

Many people know that DaRT 6.0 added a new feature called System Sweeper, which is in an offline anti-malware tool. This has led to a frequent question, which is, “With so many different anti-malware offerings from Microsoft why do I need another?”

It’s important to remember that a defense in depth strategy is the best way to protect your PC. Having multiple layers of security that a hacker or malware application has to go through is far better than a single universal security application.

For enterprises, Microsoft provides solutions like Forefront Client Security. There are also products like the Malicious Software Removal Tool, Windows Defender, or Windows Live One Care. There is also the newly announced Morro. DaRT, however, plays a different role in your anti-malware strategy from these other products.

Today’s malware is getting more advanced and is utilizing tools like rootkits. Rootkits are designed to hide the infecting program from the operating system and make it invisible. Applications with real-time scanning support, like Forefront, are designed to detect malware trying to get onto to a PC and remediate it where possible. Malware is just like viruses in the real world: while we create medications to help prevent us from getting sick, every so often something new and unforeseen slips in and infects people before a vaccine can be created. Despite best efforts, no real-time scanner is 100% effective 100% of the time, and that’s were DaRT comes in.

With rootkits, malware that slips by real-time scanners can hide from the OS and the scanner. Because the DaRT recovery disk boots from the CD into a WinRE environment. the main OS from the hard drive is in an offline state. This means that the rootkit is rendered powerless to hide from System Sweeper.

You create the recovery disk on the network administrator’s machines and supply the original Windows media to create the disk. This helps ensure that the boot files on the CD are clean and not infected by the rootkit.

Because DaRT allows you, as the administrator, to control what tools are on the recovery disk, it is easy to create a System Sweeper-only disk to provide to end users, without having to worry about security around other DaRT tools.

With DaRT you can download the latest signatures, either at the time you create the recovery disk or at run time when you run the System Sweeper tool, either from a USB drive or from the Internet. This allows you to have a disk with the most current signatures. However, over time you don’t have to burn new CDs, rather, you can download the latest when you need them.

 The answer to the question, “Which one do I use?” is “Use both.” Remember to layer your defense and use all of the tools in your toolbox to keep your network safe, stable, and malware free. This means using a real time scanner like Forefront Client Security and also an offline scanner like DaRT’s System Sweeper.

Comments

  • Anonymous
    September 14, 2009
    Where is the standalone link to download those System Sweeper defs after the fact?  Searching hasn't helped, not sure why I can't find any links. Thanks.

  • Anonymous
    December 30, 2009
    The comment has been removed