Should you run Windows Defender and the Malicious Software Removal Tool?
Microsoft has created several security solutions in the past that are either available as standalone downloads or integrated in Windows directly.
The most common ones are Windows Defender, which Microsoft included in Windows Vista and successive versions of the Windows operating system, Microsoft Security Essentials, which is offered as a standalone version for versions of Windows prior to Windows 8, and the Malicious Software Removal Tool which is also available as a standalone version.
Windows Defender is a real-time antivirus solution that is active by default on systems running Windows 8 and newer. While some protection is better than none usually, it is fairly limited when it comes to protecting Windows from attacks and ranks low in independent antivirus tests.
The Malicious Software Removal Tool on the other hand has been designed specifically to remove malware from systems that are already infected (hence the name).
One of the core differences between Windows Defender and the Malicious Software Removal Tool is therefore purpose. Windows Defender has been designed to block malicious code from being executed on the system to prevent infection of the system, while the Malicious Software Removal Tool's purpose is to remove infections on systems that are already infected.
Another difference is that Windows Defender runs all the time on the system like any other active antivirus solution while the Malicious Software Removal Tool only when the user activates it.
Last but not least, updates are released regularly for Windows Defender which update the definition database while updates for the Malicious Software Removal Tool are usually only released once a month on Microsoft's Patch Day (second Tuesday of each month).
So, do you need both?
Microsoft's security solutions don't necessarily share information when it comes to the detection of threats. I asked Microsoft Support specifically about Windows Defender and MSRT and I was told that MSRT may support the removal of malicious software that Windows Defender cannot block.
I'm not sold on that 100% though considering that Windows Defender is listed as an option to detect and remove threats whenever a new MSRT update comes along.
While it is possible to list all the threats that Microsoft's Malicious Software Removal Tool supports, there seems to be no way to do the same for Windows Defender's definitions database.
It won't hurt obviously to run the Malicious Software Removal Tool once a month after it has been updated on Patch Day to make sure nothing slipped by.
Windows Defender was designed to deactivate automatically when another security solution is installed. That's where Microsoft's Software Removal Tool may come in handy as the installed security solution may not detect or remove all threats that Microsoft's tool supports.
Both programs are not providing the same level of protection that many third-party solutions offer due to their limited threat detection. While you may run them in addition to third-party security software, it is generally not recommended to run them exclusively on the system.
Now You: What's your experience in this regard?
I always hide Malicious Software Removal Tool when I see it in Windows update.
Here is why.
A few years back I lost some older non replaceable programs after running Malicious Software Removal Tool.
Malicious Software Removal Tool did not warn me that these programs were marked to be removed, it just removed them with no warning and no way to recover them.
I also do not trust Malicious Software Removal Tool because Microsoft could use it to remove anything they see as unfit.
Now I just rely on my anti virus and Malwarebytes to do the scanning.
Of course it can not be hidden in Windows 10 as far as I know.
Just my two cents.
Brilliant observation, and most sage advice, to say the least.
Have had similar experiences and am glad to learn i am not
a conspiracy theorist.
Gratefully, Ingo
“I also do not trust Malicious Software Removal Tool because Microsoft could use it to remove anything they see as unfit.”
Exactly! WMP and MPC-HC do not exactly get along b/c the latter is the superior non-Microsoft media player, while the former was designed to get you to buy MP3’s thru their store. Quickest way to ensure WMP has the greater market share (b/c they can sell stuff thru WMP) is to get you to run MSRT, which will screw with most MPC-HC installations, just like how Windows 10 will screw with pirated games, except MPC-HC isn’t illegal but a competing product!
@hirobo2 Uh…. I have never has MSRT mess with my MPC-HC, so I wouldn’t blame it on MSRT, unless you install MPC-HC from some random malicious website
Wow, I actually wasn’t aware of that issue with Malicious Software Removal Tool (MSRT)
I’ve been running it periodically on my home computers for a few years now, and it’s actually never found anything (since we haven’t been infected with anything significant in the last few years that I am aware of).
Nor has MSRT ever accidentally removed any of my programs. So it seemed safe to me, but I’ll keep that in mind. (If ever it does remove anything against my wishes, I still won’t lose anything, because I have clones of my OS in different states, with all my programs installed.)
The last couple of years all I’ve been running is Windows Defender, along with scans with Malware bytes and MSRT a couple of times per week, and so far so good!
I’ve also recently added Malwarebytes Anti Exploit, and now using uBlockOrigins in Chrome, in which I make sure to whitelist all the good websites, like this one (ghacks) to support them!
I got tired of it thrashing through all my files constantly, needlessly wearing out my hard drives! With all the recent “telemetry” data collection going on, I’m even more leery of which Microsoft services should be allowed to run on my system.
Defender, MSRT. Security Essentials… is it so hard for Microsoft to create one good program that combines all of them?
But Defender on Windows 8, 8.1, and 10 is Security Essentials. They renamed it to Defender because Windows Vista and 7 already have a less-capable Defender that only protects from spyware.
The MSRT is an on-demand tool that Microsoft issues every month through Windows Update since there are millions of PCs with no antimalware or, if they have one, it’s not properly set up or they are being used with an expired license (effectively rendering them useless).
Microsoft’s problem is that they are so big and convoluted that one hand doesn’t know what the other hand is doing.
IMO, they shouldn’t combine all of them, they should just do away with them, since these apps are pretty much useless anyway.
Except for the fact that they’re not.
@anon, they’re garbage. read AV review articles. I repair PC’s for a living and am constantly cleaning off viruses and malware from people’s PC’s who have active, up to date MSE/Defender on them.
This is a quote from a recent PC Mag article:
“Bottom Line
Windows Defender tries to protect your Windows 8 or 8.1 installation if you don’t have third-party antivirus installed. Testing reveals that you’ll be much, much better off installing almost any other free antivirus utility.”
“Very poor aggregate score from independent labs. Poor score in our hands-on malware blocking test. Dismal score against downloads from malware-hosting URLs.”
You can find many more summaries just like this.
@Jeff, AV review articles are nothing more than pseudotechnical trash. I and others use Defender/Security Essentials without issues and don’t get malware.
People will stop getting malware once they decide to be responsible for their behavior, not because some placebo makes them feel secure.
@Jeff, I am not saying WD is the best one out there but it does do the job. And Microsoft made a point stating that you have to look at the big picture of all of windows capabilities for protection like including SmartScreen.
That being said, getting you computer infected is hardly the antimalware issue and more the user issue. I’m sure you have repaired plenty of infected computers with other antimalware programs, outdated ones, or whatever. An antivirus can’t fix a stupid user that just installs whatever from the net.
@Andrew, You’re right, I have repaired malware issues with other A/V programs. But here’s the thing, I have ‘problem’ customers who are always getting themselves into trouble. But when one of those people switch to professional grade AV, their rate of issues tend to drop dramatically.
You’re right, you can’t fix stupid, but you can certainly give it some help. In my experience, and from the source of many independent lab tests, MSE most certainly does not get the job done.
People like us in tech forums tend to be more tech educated and thus to us it seems obvious. I mean you and “anon” and I could probably get along fine without any A/V at all, but I’ve learned not to project my own level of knowledge onto others, especially ‘the masses’. Some people need big red flags, and MSE has a very high rate of missing those red flag opportunities.
While it doesn’t seems to be as good as third-party programs, it seems to be improving.
The latest AV-test for Security Essentials (on which Defender is based) saw an increase in protection score from 0/6 to 3/6 (https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2015/microsoft-security-essentials-4.8-153247/).
One of the very first things I did when I installed Windows 7 was to disable its Defender; not that I had experienced Defender with negative results but because, as mentioned in this article, “it is fairly limited when it comes to protecting Windows from attacks and ranks low in independent antivirus tests.” : I had found at the time not one positive analysis about this funny insignificant gadget.
On the other hand I keep Malicious Software Removal Tool updating on Patch Tuesdays (I try to download/nstall the updated version just before running Windows Update because WU actually runs MSRT after having installed it, delaying the global update process) even if I’ve never ran it myself yet. But, since it’s an on-demand scanning process I have no reason to avoid it systematically.
Windows Defender in Windows 7 is way, way different from Defender in Windows 8 and 10. Defender for 7 was just an anti-spyware tool, while in 8 and 10 it is the same as Security Essentials.
I’m grateful that you’ve brought my attention to the fact that what I’m running (exclusively) isn’t up to par. I sure hope this article is quickly followed up with another (I’ll only listen to Martin’s expertise on this) telling me what I should do about it.
I think the best protection is to know what you are doing. This way you are probably avoiding a large percentage of all threats right away. For the rest, I’d recommend a combination of sandboxing using Sandboxie (to run programs you are not sure about), browser extensions like NoScript to protect you from web-based attacks, anti-exploit tools like EMET, and a resident real-time scanner like Malwarebytes Anti-Malware.
Most users have their favorites but that’s a combination that served me well. Oh, and a firewall of course (hardware or software).
Is it really necessary to run NoScript if you’re browsing in a Sandboxie sandbox?
Depends on what you do in your browser. While you protect your system from malware this way, scripts may steal personal data among other things.
IMO, the best A/V is Eset Nod32. It typically scores in the top 3, and it is well known to be very light on system resources. It has a pretty thorough feature set, incl things like protection from bad web domains. If you live in the U.S. , you can typically get it for $5 during Black Friday week from Newegg.
My security is:
* knowledge
* Eset Nod32
* Ublock Origin (Firefox extension)
* occasional Malwarebytes (free version) scan
Not to mention Microsoft Safety Scanner and Mircosoft Windows Defender Offline are placebo
The answer is yes. AV-TEST and the like are not reputable sources anyway. Antimalware should be your last resort, not the main one.
Just use what comes with Windows, and add Malwarebytes for doing a scan now and then. If this is not sufficient something is wrong with the OS so drop it. I have used all the different OS, of which all work better in one way or another. Currently using Ubuntu as my main computer — no worries. You run OS X with the supplied security. You run ChromeOS with supplied security. Microsoft should have security within the OS which works. I have one Windows machine left and it is Windows 10. Should update it, as in is just sitting around getting dust — Ubuntu is just so much faster – no long updates and reboots all the time.
“Windows Defender is a real-time antivirus solution”
Windows Defender is NOT a real antivirus even according to Microsoft. It is the worse ever, in any tests, anti malware.
Microsoft recommended using third-party real anti-virus.
If you check the Windows Defender settings under Update & Security in Windows 10, you will notice that there is a real-time protection option, and that it is turned on by default.
>Windows Defender is NOT a real antivirus even according to Microsoft.
Nice twisting of words. What they said is that it offers baseline protection, which in the real world is more than enough since barely anyone needs the bloat offered by third-party products.
“…which in the real world is more than enough ”
Utterly ridiculous and false.
Perhaps it’s more accurate to say it’s enough to catch the most prevalent threats, afaik Microsoft bases it’s definitions on real world infection rates, what telemetry tells them are the exploits being actively used in the wild.
Most third-party solutions base their definitions on all known viruses and/or exploits, whether they’re being actively used to attack devices or not.
Ultimately it comes down to how hygienic your computer use is, if you install every doggy piece of software going, visit dodgy web sites, and generally don’t use your noggin then maybe you need protecting from yourself with a third-party solution.
If on the other hand you practice safe internet use then something like MSE or Defender is probably all you need, if you really need a certain file and have suspicions then it can always be run though an online scanner like VirusTotal.
As stated at http://www.howtogeek.com/180773/what-is-the-malicious-software-removal-tool-and-do-i-need-it/, there really isn’t any need to actively run the MRT. It will run automatically after being updated on Patch Tuesday and it really isn’t that effective anyway, being only good for specific, old threats. A real-time AV is much better.
When i got 8.1 one of the first things I did was disabling Defender. It is too limited. I am very careful what i download and click on. Avira seems to do a fine job although they do not have there own firewall and use the build in MS one.
I always wondered if that is a good idea. Any suggestions?.
I always hide the malicious software removal tool. No need for it
Apart from that I use No-Script and some other extensions.
My experience with any malware/virus removal/security products from MSN has shown me that they are not worth the powder to blow them to Hades & back.
Ever since windows vista(which is the worst OS to date that MSN ever made), the first thing I do is disable winders defender & all other virus/malware removal programs.
someone once said that anything is better than nothing….whoever said that must not have ever had a MSN computer.
I find it very RUDE and OBNOXIOUS for the COMMENTATOR who Declared that in a sense “We the Stupid downloaders of Doggy sites ARE TO BLAIME and in a SENSE DESERVING.
‘YOU ARE AN IDIOT, IDIOT, IDIOT”, I have LOST TOO MANY PC TO MSE and the other GARBAGE they OFFER’
IN REPLY to your CYBER BULLYIING COMMENT “MANY OF US CLICK on Downloads we Feel can be Helpful to our PC’s and or in many times WE click Downloads that our Useful to us or our pc’s.
For instance a “how to download” or a free web cam utility, or a free video making software etc, etc, etc,
NONE OF US @ The time of Downloading ‘EVER THOUGHT IT WAS FROM A DOGGY SITE, YOU IDIOT”
TO TOP IT OFF, SIMPLE RESPONSIBLE USE OF THE INTERNET, doing our Everyday needs such as above or whatever the need may be ‘WILL ALWAYS, ALWAYS PUT OUR PC’S @ RISK, NOT BECAUSE OF WHAT WE DO BUT BECAUSE OF DEMENTED MF’s WHO SOMEHOW IN THEIR TWISTED WAY OF THINKING FEEL ENTITLED TO CRASHING OUR COMPUTERS….THEY ARE HUMAN DEFACATION @ IT’S FINEST…
I have become convinced that one should use MSRT and another malware program regularly. A few weeks ago MSRT located nothing after a quick scan. A few days later I scanned with free Malwarebytes and it located 24 potentially unwanted programs.