How Microsoft Ensures Virus-Free Software

ID: q80520



Microsoft takes several steps to ensure the software we ship is virus-free. This article describes the product release and manufacturing/duplication process. References to "media" include both floppy disks and CD-ROM disks.


Anti-Virus Tools

Microsoft uses the latest virus detection and correction software available in the industry. The virus detection software is updated when new viruses are discovered.

Release Process

Each master disk or CD-ROM is created using newly formatted media. The product groups uses both an approved standardized and quality enriched process and set of optimized tools to create the master disk prior to releasing the master disk to the product release organization.

The product release organization performs checks each master. The release group also creates a master cross-verification checksum that accompanies the master image once it has been approved. The checksum is a numeric representation of the master as it was released. The checksum is used by all duplication sites to cross-verify and ensure that the produced output matches the released master. The checksum tool takes into account any serialization requirements, verifying the integrity of the serial number, and accounting for it in the numeric checksum value.

Product Release Verification And Product Group Approval

Several duplicate masters are sent to various groups within Microsoft for verification and sign-off.

Release Insertion Into Manufacturing Network

The master is read into a UNIX-based disk duplication system. The system creates an exact disk image of the master, duplicating the format and data. A duplicated masters is created from the original read in image. This silver master is used by the Product Group in their review, before they sign-off. The silver master is not to be used in the Release to Manufacturing (RTM) process. The golden master, delivered by the product group to the release group, is the original image, and is released to manufacturing when the final approvals are received from the product groups.

Release To Manufacturing (RTM)

Once the masters are approved by all affected organizations, Microsoft manufacturing is notified of the RTM by the Product Release organization. The manufacturing groups that receive the masters access the release images through a secured network.

Duplication Process

Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses.

The few MS-DOS-based and Windows-based standalone duplication systems do not allow MS-DOS-based operating systems to access the duplication system. Virus protection systems used by these MS-DOS-based and Windows-based duplication systems strictly govern the duplication process, even when they are not running.

In-Process Quality Check

Software products samples are checked using a checksum program on a separate computer system. The checksum program verifies the data on the finished media to ensure it matches the released master. This includes verification of serialization requirements.

The floppy drive write circuitry is disabled on the test systems to ensure the operating system and hardware cannot write any data to the floppy disk being checked. This also applies to the Macintosh computer systems used for in-process quality checks.

The software is then packaged in a disk baggy, bundled, and shipped. There is no additional exposure to a computer in Manufacturing, Distribution, and Logistics (MDL).

The personal computers used to check the duplication procedure are also checked for viruses at least once each week.

Product Support Investigation

Product Support Services (PSS) can provide assistance in identifying a virus. However, PSS cannot directly ascertain the source of a virus when first contacted by the customer. Deductive reasoning and careful troubleshooting can be used to assist the customer, however, only highly sensitive media analysis and bit-by-bit media comparison equipment can ascertain and analyze a suspected virus infected disk. This equipment can identify the source of the virus, when it was transmitted to a disk, and by what process. The analysis can provide assurance that a virus was transmitted after the duplication process was completed. In this case, the responsibility of the source of the virus does not reside in Microsoft manufacturing and duplication.

Viruses On DMF

NOTE: Do NOT use conventional virus scanning or repair utilities on Distribution Media Format (DMF) disks. The DMF disk will be absolutely unusable because the logical format of the DMF disk has been altered back to a standard 1.44MB disk, and the file allocation table (FAT) or master boot record (MBR) will now not allow access to the data stored on the DMF disk. At this point, a replacement set of disks will be required to continue.

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

   TITLE     :Troubleshooting DMF Issues

KBCategory: kbref KBSubcategory: Additional reference words:
Keywords            : kbref
Platform            : MACINTOSH MS-DOS WINDOWS

Last Reviewed: March 11, 1997