Windows Defender Offline — old name, new use

Woody leonhard By Woody Leonhard

Microsoft’s newly released beta version of Windows Defender Offline, a rootkit-sniffing and Windows-rehabilitation tool, should be the latest addition to your bag of Windows-repair tricks.

WDO should be able to catch a wide variety of nasties that evade detection by more traditional antivirus methods.

Although the name’s been around for years, don’t confuse this new version of WDO with previous incarnations — it’s a whole new animal and helps PC users in two very different situations:

1. Windows won’t boot: You can boot your machine with a WDO CD or USB drive, and WDO will perform a detailed malware scan.

2. You suspect you have a rootkit: WDO can scan your system and remove many different kinds of rootkits.

Oddly, Microsoft has been uncharacteristically mum about Windows Defender Offline. If there are any published technical details about the program — what it does or how it works — I haven’t found them. With a bit of reading between the lines, here’s what I can say:

WDO is almost identical to an earlier product called Microsoft Standalone System Sweeper. Microsoft released the beta version of MSSS in May. (Susan Bradley’s July 28 Top Story talked about MSSS.) The size of the program hasn’t changed. The format of the signature files appears to be identical. The earlier product doesn’t mention Windows 8, but WDO most definitely does run on Win8 Developer Preview.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2012-01-05:

Woody Leonhard

About Woody Leonhard

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies. His many writings tell it like it is — whether Microsoft likes it or not.