Microsoft: removing viruses but not preventing them

Many journalists were reporting that Microsoft had released an anti-virus tool. I knew that Microsoft had released an anti-spam tool, I downloaded it, tried it out and reviewed it myself. But I was not so sure about Microsoft releasing an anti-virus tool.
At this time, Microsoft is incrementally releasing a tool that will detect and remove various viruses, but unlike commercial products does not detect them before they infect your computer – a distinct difference. I’m sure soon Microsoft will release a full blown anti-virus tool, but not yet. Expect new updates every month on the 2nd Tuesday of the month.

It appears that at this time Microsoft is being very careful to not alienate its anti-virus software vendor partners.
In a detailed reply Microsoft tells me that Tuesday, January 11 marked the first monthly installment of new technology to remove malicious software from users’ systems.
This tool will be updated monthly and made available on the second Tuesday of every month as part of Microsoft’s regular update process. This month’s update removes Blaster, Sasser, MyDoom, DoomJuice, Zindos, Berbew (also known as Download.Ject), Gaolbot and Nachi viruses/worms.
Customers can get the tool at, through the Microsoft Download Center or through Windows Update or Automatic Updates. These removal tools are an extension of virus or worm specific removal tools that Microsoft released in 2004. While tools released in 2004 have been specific to a single virus (and some of its variants), the new removal tools provide more convenience for customers by rolling up all viruses and variants targeted into a common removal tool.
Unlike antivirus software, malicious software removal tools do not prevent computers from being infected. Many antivirus companies have also written tools to remove these viruses or worms ( or, and most up-to-date antivirus programs will remove them as well. Microsoft strongly encourages customers to maintain updated antivirus software, or to utilize virus and worm removal tools offered by antivirus vendors.
There are three key differences between the malicious software removal tool and a commercial antivirus product:
1. The tool provides post-infection removal of malicious software. It is only capable of removing malicious software from an already-infected system. Antivirus products, however, are also capable of blocking malicious software from executing on a system. It is significantly more desirable for malicious software to be blocked from executing on a system vs. being removed post-infection.
2. The tool removes only specific, prevalent malicious software (see “Release Information” for the specific list) which is a small subset of all the malicious software in the wild today. An antivirus product is able to remove significantly more malicious software.
3. The tool focuses on the detection and removal of active malicious software. Active malicious software is roughly defined as malicious software which is in memory. The tool is currently unable to remove malicious software which is only resident on the disk and not currently active. An antivirus product is able to perform this task.