Update: Microsoft did not remotely uninstall Tor software from computers to halt botnet

News

Reading time icon 2 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft remotely uninstalled Tor software from computers to halt botnet

When a virus strikes, the first line of defense is antivirus software. But when a botnet is running wild, things aren’t quite as simple. In the middle of last year, millions of computers around the world were infected with Sefnit malware. Communicating over the anonymizing Tor software automatically downloaded and installed by the malware, Microsoft had a battle against a huge botnet on its hands.

The company took an interesting, and ultimately very effective, line of attack against the botnet. In addition to remotely removing the malware itself from as many computers as possible, Microsoft also wiped out copies of Tor in a bid to stop the malware from communicating and spreading.

It was possible to identify which machines had Tor installed by the malware — rather than those whose owners had purposely installed it — by detecting which folder it had been installed to. Tor can be installed anywhere, of course, but most people stick to the default folder, or use one of a few common variants. When installed by malware, Tor was installed in a strange location.

In this instance it was very helpful that Microsoft could detect the presence of a particular piece of software and remove it from computers without the owners being aware of anything that was taking place.

How do you feel about this capable of Microsoft? It is worrying or reassuring that the company is able to remove software from your computer? Looked at in terms of malware, few people would have a problem with having their system protected for them, but Tor also has plenty of legitimate uses — it is fair to have software uninstalled without consent?

Update

Since posting this article, we have spoken with Microsoft who want to make clear that Tor was not in fact removed from any computers — the original source was incorrect. A Microsoft spokesperson said: “Microsoft Malware Protection Center has protections to remove the services started by the Sefnit malware, but it does not uninstall Tor, remove any Tor binaries, or prevent users from using Tor.”

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.