Anti-Malware Engineering Team

This blog provides information about what's happening in the anti-malware technology team at Microsoft. We're the team that builds the core antivirus, antispyware, anti-rootkit, and related technology, which is then used across a number of Microsof

Anti-Malware Engineering Team

  • Sony DRM Rootkit

    I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers...
  • What's in a name?? A lot!! Announcing Windows Defender!

    Every week seems like a big week for us in the engineering team working on our anti-malware technology. However, last week was especially important in a sentimental way. We got the final name for the cool technology our team has been developing for Windows...
  • Windows Defender Beta 2: Update

    Hi all, We’ve gotten some great feedback from places like this blog and our support newsgroups about the recently released Windows Defender Beta 2. We really appreciate the enthusiastic participation! Some of this feedback has allowed us to identify...
  • Final release of Windows Defender (Build 1592)

    It brings me great pleasure to announce the final availability of Windows Defender in English. The team has been working hard for over a year and fixed over 400 bugs in the areas of stability and reliability since Windows Defender (Beta 2). We plan to...
  • Windows Defender Beta 2 Refresh

    Today, we released a refresh of Windows Defender (Beta 2) which includes updates based on the customer feedback that we have received through this blog and the newsgroups . This update also addresses some issues that have been brought to our attention...
  • Announcing Windows Defender Beta 2

    Hi, I'm Adam Overton, the group program manager for the anti-malware technology team. I'm very excited to be blogging today about the availability of Windows Defender Beta 2 which was announced by Bill Gates at his RSA conference keynote earlier this...
  • Antimalware Team Releases MSRT White Paper

    Hello there. I'm writing to you from the Microsoft TechEd conference in Boston. This event attracts over 10,000 attendees interested in learning about current and future Microsoft products. It's also a great place for getting feedback from our customers...
  • Sony rootkit signatures now available

    Hi, we are Eric Allred and Ziv Mador, response coordinators for the anti-malware technology team. We have analyzed several versions of the rootkit that have been shipped as part of Sony’s XCP software. We are calling the family WinNT/F4IRootkit. We...
  • Welcome to the Anti-Malware Engineering Team's Blog!

    Welcome! This is the team blog for the Anti-Malware product team. We're the team responsible for building Microsoft's antivirus and anti-spyware technology (along with anti-rootkit, anti-bot, and other stuff). We setup this blog some time back, but have...
  • Introducing the Windows Live Safety Center (Beta)

    Hi all, my name is Matthew Braverman and I'm a program manager on the anti-malware technology team at Microsoft. On Tuesday, Bill Gates and Ray Ozzie introduced the new Windows Live and Office Live services . One of the highlights of this launch was...
  • Windows Defender Beta 2: Updated Version Available

    An updated version of Windows Defender Beta 2 is now available from the Microsoft Download Center . This update resolves the two issues described in the below blog post relating to non-English versions of Windows and referenced in KB915087 . If you are...
  • News on Alcan, Mywife.E

    In Bill Gates' keynote at RSA in February, one of the subjects he spoke on was the ability for Microsoft to have a comprehensive view of the evolving threat landscape using the information and feedback from such tools as Hotmail, Watson, the Windows Malicious...
  • VirusTotal Participation

    Hi, this is Ziv Mador again from the Microsoft Anti-Malware team. This week, the folks over at VirusTotal added the Microsoft anti-malware engine to their service. VirusTotal is a free service that enables users to submit suspicious files to be scanned...
  • Hello world

    printf(“hello world\n”); This is Jimmy Kuo of the Microsoft Security Research & Response team (MSRR). (What a wonderful thing to say and see written down.). Recently, there have been some tests that have brought into question the detection...
  • The Mywife.E Worm: Update # 2

    As we pass noon on Monday, here in Redmond, we are happy to see that the Mywife.E worm (aka CME 24) turned out to be more hype than reality. Our product support departments (including calls to our free virus support line: 1-866-PCSafety) around the world...
  • Extending the expiration date for Windows AntiSpyware Beta 1

    Hi, I'm Sterling Reasor, a program manager for the current Windows AntiSpyware beta and forth-coming Windows Defender. A few days ago we posted an update to the Windows AntiSpyware beta and yesterday, we turned on the auto-updater code to automatically...
  • Anti-Malware White Papers Posted

    Hi, Matthew Braverman here again. In early October, members of Microsoft's anti-malware team attended the 2005 Virus Bulletin Conference in Dublin, Ireland . This is one of the top three annual antivirus industry conferences, and was an excellent opportunity...
  • Windows OneCare Live Beta Available!

    On Tuesday, the Windows OneCare team announced the availability of the beta of Windows OneCare Live – a comprehensive PC health service for consumers, which offers an integrated approach to help consumers more easily protect and care for their computers...
  • December Update for Windows Malicious Software Removal Tool Released

    Yesterday we released this month's update of the Windows Malicious Software Removal Tool . This update includes three new malware families: F4IRootkit , Ryknos , and IRCBot . This tool now cleans over 50 of the most prevalent malware families. This...
  • The Mywife.E Worm

    Here is an update from the Microsoft anti-malware team regarding the recent variant of the Mywife mass mailing worm. The mails' subject and body may vary. However they include an attachment that looks like a ZIP file while it is actually a malicious executable...
  • Virus Bulletin 2006

    A contingent from our antimalware team attended the Virus Bulletin conference in Montreal, Canada two weeks ago- 12 of us in all. Matt Braverman and I were both presenters and I also moderated a panel discussing progress made by the Anti-Spyware Coalition...
  • Security Intelligence Report

    This week at RSA Europe in Nice, France we released a report detailing the security landscape for the first half of 2006. The report lays out details collected through our various antimalware technologies. The report highlights a number of trends such...
  • Testing A New Definition Update Publishing Process for Windows Defender

    Hi Folks, Adam here from the antimalware team. I wanted to give you a heads-up that we will be testing a new definition update process in the next two weeks. Definition updates for Windows Defender (Windows Vista and current platforms) will be publishing...
  • On the Road at Infosecurity Europe and EICAR

    Eric Allred and I are in London for the Infosecurity Europe conference. We spent the last two days on the conference floor with the Microsoft UK team, talking to customers and partners about Windows Defender , Windows Live OneCare , Microsoft Client Protection...
  • The Mywife.E Worm: Update

    Microsoft has posted an advisory for the Mywife.E worm that provides information on the threat and suggests possible mitigations. To help detect and remove the infection from a computer, we recommend using the Windows Live Safety Center Beta at http:...