Windows Defender

With Windows Vista, Microsoft is not taking any risk or leaving anything to chance. In December 2004, the Company acquired the assets of GIANT, which included their highly respected AntiSpyware utility, which Microsoft released into beta in January of 2005. The product was in beta for a long time with a BETA 2 release earlier last year, which added improvements to its scanning engine and a simplified interface. Windows Defender is available for users of Windows XP and Server 2003 and is integrated with Windows Vista.

The first time you launch Defender, the Home page is displayed; you will be greeted by the option of acquiring the latest updates if new definitions are made available since you acquired and installed Vista. At the bottom of the Home Page there is quick Status Information summarizing when the Last Scan occurred, including Scan Schedule, Real-time Protection and Signature version, a very convenient overview for the user to get up and running quickly with the utility. The interface is very straightforward; basing much of its characteristics on the browser navigation, so using it should be Childs play for many. At the top of the window are familiar tools to interact with the application, these include, Scan, History, Tools and Help.

Scanning

Very straightforward feature, a user can immediately start scanning their computer right away for the common vulnerabilities, Malware, Spyware and Root kits, just to name a few. Windows Defender is not an Antivirus utility though, it is for detecting Spyware, those sleek, new intelligent vulnerabilities that take advantage of ActiveX controls and automatically install themselves on your computer through pop up windows or rogue downloads. Windows Defender improves the browsing experience in Internet Explorer 7 by providing ongoing protection ensuring that suspected sites do not install malicious programs onto the system. You can adjust additional options by clicking the pop out list available beside Scan. If you click the default Scan, it utilizes the Quick Scan option instead of scanning the entire hard disk. This is probably more convenient for most users since Full Scan is scans the entire disk, this includes, additional accounts and personalized folders and settings, which of course take more time. Custom Scan allows you to configure what Defender scans, such as individual folders, application directories and settings.

History

A nice addition, History gives users quick access to review or remove recently found items that might be in the Quarantine. Allowed items give you a quick listing of components or applications that have access to the system. Allowed items are only monitored when they are not a part of your allow list, this occurs in cases when a shared program is installed but is known to carry spyware with the option of allowing it. This is a tricky situation, since a lot of well-known applications install Internet Explorer add-ons, so this is a decision for the user and not the application.

Tools

There are four options available under Tools: Quarantine, Software Explorer, Allowed Items and Windows Defender. Earlier, I had mentioned Quarantine and Allowed Items, both of which are also accessible as hyper-links from the History page. I love the additions here, providing simplicity for accessing, easier to review, remove and un-quarantined items. Tools also contain additional settings for managing Defender, a very clean, straightforward layout. General Settings has a plethora of options for configuring automatic scanning, based on frequency, Time of day and type. You can check for updates before scanning and automatically apply options on detected items such as quarantining or add to your allow list.

Default & Real-Time Protection Options

For items detected, you have 3 available options, Low, Medium and High. In case a root kit is detected for example, this would be designated with a High Alert and be automatically removed by Defender. Of course, you have the option of customizing these alerts to either ignore or remove. Protecting critical areas of the Windows OS that are most susceptible to attack is one of Windows Defenders great highlights, areas such as Services, Internet Explorer, Windows Add-ons, and other types of negative System reconfigurations that occur as a result of Spyware. You can also choose to let Windows Defender notify when suspicious changes take place, whether it is from software that has not been classified or detected from the Allow List. A very convenient feature, this will provide an easy way for users to ensure that their systems are protected or notified if their system is potentially vulnerable to attack.

Advanced & Administrator Options

Here you can scan inside archives or use informal methods for detecting spyware (basically leaving it up to Defender to decide what is and what is not Spyware). You can also exclude certain drives or folders that you don’t want to scan. I would recommend you scan any drive or folder on your system since Spyware seems to have a way of hiding it self anywhere possible. Scanning supports both Administrator and Standard accounts, alerts users of system changes or detection of malicious software. Users will be pleased to find out that there is integration with Windows Update for the latest definitions. Network Administrators will also be able to manage and distribute updates using Windows Software Update Services (WSUS) in networked environments. Windows Defender in Windows Vista also manages applications that startup up with the system. Some drawbacks to General Settings is the long scroll process to find the desired option. I wish all the options were collapsible/expandable listings. Overall, the options are many and detailed. There is also a Security Center listing for Windows Defender, which provides a centralized location for management along with other Security utilities such as Antivirus and Firewall.

Microsoft Spynet Community

Coming over from the GIANT acquisition is the Spynet Community, which allows users to register and become a part of a group of fellow users who help classify unknown spyware that is not yet classified as a risk by Windows Defender. There are two tiers for becoming a member, Basic and Advanced, you can also opt not to join the community. This aspect of Defender shows that Security is an ongoing process and gives users the opportunity to become a part of that fight against spyware.

Software Explorer

A very cool component in Windows Defender, this allows you to manage how applications run, whether access the Internet or Network connection or end a process. To access software Explorer though you need to have Administrative Rights, it’s almost like an improved Task Manager with more customization in it. Basic information about applications is also displayed in the right Pane. There you can see how the application starts up from which path on the system whether it’s in the Registry or Windows Start-up folder. If it was installed with Windows, there is a classification to see if it was analyzed for security risk or digitally signed to ensure that the application is completely safe to run on the system.

Users will be pleased by Windows Defenders easy to use interface, which makes navigating and managing the application a great experience. The Spynet Community is also a great way for users to get additional information and share their experiences so that they can help to further improve the products detection of spyware, which is superb so far. Integration with Windows through Windows Update and Internet Explorer make it a necessary part of the security experience that improves the overall experience and strengthens confidence in the Windows platform.