Takeaway: Windows Defender was released in October 2006 as a download for Windows XP and 2003. Now it's also built into Windows Vista, making it more convenient to protect your computer against spyware threats. Here's a look at Defender's key features and options.
Windows Vista comes with a
built-in anti-spyware application called Windows Defender, to help you protect
your computer against malicious software designed to gather information about
you and your system for the purpose of advertising or even identity theft.
Defender is an integral part of Vista's
heightened security. Here are 10 things you need to know to use Defender to
your best advantage.
#1: Windows Defender is only one part of a multilayered security strategy
Defender is designed to detect and remove or quarantine
known and suspected spyware programs that may be installed on your computer
without your knowledge. It does not prevent all attacks against your computer.
Defender should be used in conjunction with other security mechanisms such as a
firewall, antivirus software, and encryption.
#2: Defender is enabled on
You can turn Defender on and off and configure its
properties and behavior through the Windows Defender Control Panel applet. It
can also be accessed through the
The interface is simple, with a one-click button to scan immediately for
spyware and the ability to schedule automatic scans on a daily basis or on a
selected day of the week at a time of your choosing.
#3: Defender can perform three types of scans
A Quick Scan looks in the locations where spyware is most
commonly found. This saves time and catches most spyware. A Full Scan checks
every drive and folder on the computer. This is the most thorough option but it
can take quite some time, depending on the size of your hard disk(s) and the
number of files you have. During the scan, there may be a performance hit on
other activities you perform on the computer. A custom scan allows you to
select the specific drive(s) or folder(s) you want to scan. If Defender detects
spyware during a Custom Scan, it will then perform a Quick Scan to remove or
#4: You can specify how you want Defender to perform a scan
You can choose whether Defender should scan files and
folders that have been archived. You can select to use heuristics methods to
identify software that is likely to be spyware, based on patterns and behavior,
in addition to using definition files that identity known spyware. In addition,
you can choose whether to create a restore point before removing detected
items, so that if a file that's necessary to one of your legitimate programs is
removed by mistake, it will be easy to fix the problem. You can also specify
files and folders that Defender should skip altogether when performing a scan.
#5: Real-time protection alerts you immediately if a suspected spyware program
attempts to install itself or run on your computer
Real-time protection is enabled by default, but you can
choose whether to use it and you can select which security agents should be
turned on to monitor various aspects of the system. A number of security agents
are available to monitor such items as startup programs, security-related
configuration settings, IE add-ons, IE configuration settings, downloaded files
and programs, services and drivers, application registration files, Windows
utilities, or any program that's started.
#6: Administrators can control how Defender runs on user machines
Admins can allow all users to use Windows Defender to scan
the computer, choose actions for Defender to take when suspected spyware is
detected. and review Defender's activities. They can also restrict the use of
Defender with administrative privileges. By default, everyone is allowed to use
#7: You can view the activities Windows Defender has performed via the History
On the History page, you'll see a list of programs and
activities that includes a description of detected items, advice regarding what
to do about each item, and resources such as the file location and registry
keys associated with the program. You'll see the alert level, what action was
taken on what date, and the current status of the item. You can also review a
list of items you've permitted to run via the Allowed Items link. You can see
what you've prevented from running, and remove or restore these items, via the
Quarantined Items link.
#8: Windows Defender classifies possible spyware threats according to four
Severe means it's
a malicious program that can damage your computer. High means it's a program that might collect your personal
information or change your settings. Software classified as Severe or High
alert should be removed immediately. Medium pertains to programs that might collect personal information but may also be
part of a trusted program. Low alert
signifies software that might collect information or change settings but that was
installed in accordance with a licensing agreement you accepted. You should
review programs flagged as Medium or Low alert and decide whether you want to
block or remove them. Some programs are not yet classified.
#9: You should have Defender check for new definitions on a regular basis
To be effective, anti-spyware software uses definitions
files that must be kept up to date because new spyware threats appear on a
frequent basis. Best practice is to have Defender automatically check for new
definitions through Windows Update before performing a scheduled scan. You can
also check for new definitions manually. If you rely on manual updating only,
you should check for new definitions at least once per week.
#10: Microsoft relies on the SpyNet community of
Defender users to help expand the spyware database
You're not required to participate in SpyNet
to use Defender, but if you do, Defender will send information to Microsoft
about the suspected spyware it detects and the actions you apply to each. You
can join the SpyNet community easily via the Tools |
Settings options, and you can select either a basic or advanced membership.
With an advanced membership, you'll receive an alert when Defender detects
software that hasn't been analyzed, and more detailed information is sent to
Microsoft about detected software.