Listen to Brien Posey's podcast for additional information on Windows Defender (4:14).
Windows Defender is Microsoft's primary weapon in the war against malware in Vista. And even though Windows XP was a pretty decent operating system (OS), it will probably always be remembered for being prone to rampant malware infestations. The malware problem got to be so bad that Microsoft created Service Pack 2 for Windows XP, which was based on technology that was originally slated for use in Windows Vista. Microsoft also acquired a company named GIANT Company Software Inc. for its AntiSpyware software and re-branded it as Windows AntiSpyware.
In retrospect, neither Service Pack 2 for Windows XP nor the use of Windows AntiSpyware completely solved Windows XP's malware problem. It is still possible for Windows XP to become infected by malware, but malware infections are much less of a problem than they were a few years ago. The real benefit, though, is that it seems as if Microsoft has learned from its experiences, because the anti-malware mechanisms built into Vista are much better than their Windows XP counterparts.
Around the time that Microsoft first released Windows AntiSpyware, I wrote an article in which I said that I believed Microsoft was the only company that was truly in a position to put a stop to adware and spyware once and for all. My reasoning behind this statement was that Microsoft is the only company that thoroughly understands all of the inner workings of the Windows OS. As such, they were in the best position to create a product that monitors key areas of the OS for harmful changes.
Windows AntiSpyware obviously didn't capitalize on Microsoft's unique position since it was merely a product that was purchased from another company, was slightly modified and rebranded. Eventually, Microsoft rolled the spyware scanning engine into a brand new (and much more comprehensive) product known as Windows Defender.
There are actually two different versions of Windows Defender. One version is designed to work with Windows XP (SP2 or later) or with Windows Server 2003 (SP1 or later). You can download this version of GIANT AntiSpyware Windows Defender for free from the Microsoft Web site. The other version of Windows Defender comes pre-installed with Windows Vista.
New features in Vista version of Windows Defender
The basic operation and functionality of these two versions are similar, but the Windows Vista version contains a few enhancements not found in the Windows XP/2003 version. Some of the enhancements in the Windows Vista version of Windows Defender include the ability to run in a security-enhanced environment and to scan only the files that have been modified since the previous scan was run. In addition, the Windows Vista version is able to scan files as they are downloaded, although the Windows XP/Server 2003 version also has this capability so long as the machine is running Internet Explorer 7.
In my opinion, the best Windows Defender feature is the Software Explorer, which is accessible by clicking the Tools button. For many years now, you have been able to use the Windows Task Manager to view applications and processes that are running on your system. If you are trying to track down spyware, however, the Task Manager is less than ideal. For starters, the Task Manager only shows running processes. Granted, malware usually is running, but the Task Manager will not show you anything that is installed but not currently executing.
Another problem with the Task Manager is that it displays the various system processes. It's great being able to view the system processes, but many spyware applications use names that look like the names of system processes, so often these malicious processes blend right in.
The Software Explorer isn't a substitute for the Task manager, but it gives you information that the Task Manager won't. As you can see in Figure A, the Software Explorer shows you all of the software that has been installed on your system. If you select an individual application, you can see detailed information, including when it was installed and whether or not it is a Windows OS component.
Figure A
Software Explorer gives you detailed information about all software that's installed on your system.
Windows Defender offers both real-time protection and manual scanning capabilities. The real-time protection feature constantly scans and monitors Windows for actions that are commonly associated with malware.
Figure B
Windows Defender warns you about potentially malicious activity.
To see how real-time protection works, open Internet Explorer, and then type C: into the address bar and press Enter. Internet Explorer has no way of knowing whether you typed the command or if the command was initiated by a malicious script, so Windows Defender produces a warning message. As you can see in Figure A, you have two choices: You can either allow or block the operation. In this particular case, you would want to allow the operation to execute since the operation is occurring as a direct response to an action that you performed. However, if you ever received a warning message like this unexpectedly and were not performing a task that could have triggered the alert, then it is a good indication that malware might be present.
If you want to manually perform a system scan or a Windows Defender update, you can access Windows Defender from the root level of Vista's Start menu. When Windows Defender starts, you will see a screen similar to the one that's shown in Figure C.
Figure C
This is the primary Windows Defender screen.
There is a button in Figure C that you can use to check for updates. Manually updating Windows Defender isn't usually necessary, though, because Windows Update keeps Window Defender up to date.
The lower half of the screen confirms that real-time protection is enabled and displays the last time a scan was run. Windows Defender performs daily scans by default. In this picture, the default scans run at 2:00 a.m., but this is adjustable. If you click the Tools button, followed by the Options button, you will see the screen shown in Figure C. Not only does this screen allow you to set the daily scan schedule, but you can also control what type of scan is used (the default scan type is a quick scan). It is worth noting that Windows Defender does not automatically check for updates prior to scanning a system, but you can change this by selecting the Check for Updated Definitions Before Scanning check box.
Figure D
Windows Defender allows you to schedule automated scans.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
