Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Update: Microsoft did not remotely uninstall Tor software from computers to halt botnet

2 min. read

Published onJanuary 16, 2014

published onJanuary 16, 2014

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

When a virus strikes, the first line of defense is antivirus software. But when a botnet is running wild, things aren’t quite as simple. In the middle of last year, millions of computers around the world were infected with Sefnit malware. Communicating over the anonymizing Tor software automatically downloaded and installed by the malware, Microsoft had a battle against a huge botnet on its hands.

The company took an interesting, and ultimately very effective, line of attack against the botnet. In addition to remotely removing the malware itself from as many computers as possible, Microsoft also wiped out copies of Tor in a bid to stop the malware from communicating and spreading.

It was possible to identify which machines had Tor installed by the malware — rather than those whose owners had purposely installed it — by detecting which folder it had been installed to. Tor can be installed anywhere, of course, but most people stick to the default folder, or use one of a few common variants. When installed by malware, Tor was installed in a strange location.

In this instance it was very helpful that Microsoft could detect the presence of a particular piece of software and remove it from computers without the owners being aware of anything that was taking place.

How do you feel about this capable of Microsoft? It is worrying or reassuring that the company is able to remove software from your computer? Looked at in terms of malware, few people would have a problem with having their system protected for them, but Tor also has plenty of legitimate uses — it is fair to have software uninstalled without consent?

Update

Since posting this article, we have spoken with Microsoft who want to make clear that Tor was not in fact removed from any computers — the original source was incorrect. A Microsoft spokesperson said: “Microsoft Malware Protection Center has protections to remove the services started by the Sefnit malware, but it does not uninstall Tor, remove any Tor binaries, or prevent users from using Tor.”

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina