Windows Defender
Encyclopedia
Windows Defender, formerly known as Microsoft AntiSpyware, is a software product from Microsoft
to prevent, remove, and quarantine
spyware
in Microsoft Windows
. It is included and enabled by default in Windows Vista
and Windows 7, and is available as a free download for Windows XP
and Windows Server 2003
.
applications that are installed. Also integrated is support for Microsoft SpyNet
network that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their system.
Windows Defender is based on GIANT AntiSpyware
, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004. While the original GIANT AntiSpyware supported older Windows versions, support for the Windows 9x
line of operating systems was later dropped.
The first release of Microsoft AntiSpyware was released in beta form on January 6, 2005 and was basically a repackaged GIANT AntiSpyware. It was then a free product (though only for genuine installations of Windows), contained few new features and was simply rebranded as a Microsoft product. More builds were released as 2005 progressed, with the last Beta 1 refresh released on November 21, 2005.
conference, Chief Software Architect and co-founder of Microsoft, Bill Gates
, announced that Windows Defender (which was known as Microsoft AntiSpyware prior to November 4, 2005) would be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure their systems against the increasing malware threat.
Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a significant user interface redesign. The core engine was rewritten in C++
, unlike the original GIANT-developed one, which was written in Visual Basic
. This improved the application's performance. Also, since beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the computer even when a user is not logged on. The Windows Defender application is technically an interface
to the service, which also has the same name. Beta 2 also requires Windows Genuine Advantage
validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6
, including cookies, temporary internet files
, and Windows Media Player
playback history. Microsoft later released German and Japanese versions of Windows Defender (Beta 2).
by default.
options:
which enables files to be scanned when they are downloaded to help ensure that one does not accidentally download malicious software. This implementation is similar to the real-time scanners of many anti-virus
products on the market. Although not combined with Firefox or other browsers, Windows Defender still scans downloaded files for malicious code, as part of the real-time protection.
providers (Winsock LSPs
). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by experts. The Software Explorer feature has been removed from Windows Defender in Windows 7.
(User Account Control) functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in.
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
to prevent, remove, and quarantine
Quarantine
Quarantine is compulsory isolation, typically to contain the spread of something considered dangerous, often but not always disease. The word comes from the Italian quarantena, meaning forty-day period....
spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
in Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. It is included and enabled by default in Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7, and is available as a free download for Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
.
Basic features
Windows Defender features spyware scanning capabilities like other free spyware-scanning products available on the market, and includes a number of real-time security agents that monitor several common areas of Windows for changes which may be caused by spyware. It also includes the ability to easily remove ActiveXActiveX
ActiveX is a framework for defining reusable software components in a programming language-independent way. Software applications can then be composed from one or more of these components in order to provide their functionality....
applications that are installed. Also integrated is support for Microsoft SpyNet
Microsoft SpyNet
Microsoft SpyNet is the network of Windows Defender and Microsoft Security Essentials users that help determine which programs are classified as spyware. The signatures created for any submitted programs by the users of the product are available to all users, displayed as a bar graph that shows the...
network that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their system.
Beta 1
GIANT AntiSpyware
GIANT AntiSpyware was a spyware detection and removal application developed by GIANT Company Software, Inc.GIANT Company Software, Inc. was acquired by Microsoft Corporation on December 16, 2004...
, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004. While the original GIANT AntiSpyware supported older Windows versions, support for the Windows 9x
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
line of operating systems was later dropped.
The first release of Microsoft AntiSpyware was released in beta form on January 6, 2005 and was basically a repackaged GIANT AntiSpyware. It was then a free product (though only for genuine installations of Windows), contained few new features and was simply rebranded as a Microsoft product. More builds were released as 2005 progressed, with the last Beta 1 refresh released on November 21, 2005.
Beta 2
At the 2005 RSA SecurityRSA Security
RSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
conference, Chief Software Architect and co-founder of Microsoft, Bill Gates
Bill Gates
William Henry "Bill" Gates III is an American business magnate, investor, philanthropist, and author. Gates is the former CEO and current chairman of Microsoft, the software company he founded with Paul Allen...
, announced that Windows Defender (which was known as Microsoft AntiSpyware prior to November 4, 2005) would be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure their systems against the increasing malware threat.
Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a significant user interface redesign. The core engine was rewritten in C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
, unlike the original GIANT-developed one, which was written in Visual Basic
Visual Basic
Visual Basic is the third-generation event-driven programming language and integrated development environment from Microsoft for its COM programming model...
. This improved the application's performance. Also, since beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the computer even when a user is not logged on. The Windows Defender application is technically an interface
User interface
The user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of interaction between a human and a machine at the user interface is effective operation and control of the machine, and feedback from the...
to the service, which also has the same name. Beta 2 also requires Windows Genuine Advantage
Windows Genuine Advantage
Windows Genuine Advantage is an anti-piracy system created by Microsoft that enforces online validation of the licensing of several recent Microsoft Windows operating systems when accessing several services, such as Windows Update, and downloading Windows components from the Microsoft Download...
validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6
Internet Explorer 6
Internet Explorer 6 is the sixth major revision of Internet Explorer, a web browser developed by Microsoft for Windows operating systems...
, including cookies, temporary internet files
Web cache
A web cache is a mechanism for the temporary storage of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag...
, and Windows Media Player
Windows Media Player
Windows Media Player is a media player and media library application developed by Microsoft that is used for playing audio, video and viewing images on personal computers running the Microsoft Windows operating system, as well as on Pocket PC and Windows Mobile-based devices...
playback history. Microsoft later released German and Japanese versions of Windows Defender (Beta 2).
General availability
On October 24, 2006, Microsoft released Windows Defender. It supports Windows XP, Windows Server 2003 and Windows Vista; however, unlike the betas, it does not run on Windows 2000Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
by default.
Advanced features
Real-time protection
In the Windows Defender options, the user can configure real-time protectionReal-time protection
Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature...
options:
- Auto Start - Monitors lists of programs that are allowed to automatically run when the user starts the computer
- System Configuration (settings) - Monitors security-related settings in Windows
- Internet Explorer Add-ons - Monitors programs that automatically run when the user starts Internet Explorer
- Internet Explorer Configurations (settings) - Monitors browser security settings
- Internet Explorer Downloads - Monitors files and programs that are designed to work with Internet Explorer
- Services and Drivers - Monitors services and drivers as they interact with Windows and programs
- Application Execution - Monitors when programs start and any operations they perform while running
- Application Registration - Monitors tools and files in the operating system where programs can register to run at any time
- Windows Add-ons - Monitors add-on programs (also known as software utilities) for Windows
Internet Explorer integration
There is integration with Internet ExplorerInternet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
which enables files to be scanned when they are downloaded to help ensure that one does not accidentally download malicious software. This implementation is similar to the real-time scanners of many anti-virus
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
products on the market. Although not combined with Firefox or other browsers, Windows Defender still scans downloaded files for malicious code, as part of the real-time protection.
Software Explorer
The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and WinsockWinsock
In computing, the Windows Sockets API , which was later shortened to Winsock, is a technical specification that defines how Windows network software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application and the underlying...
providers (Winsock LSPs
Layered Service Provider
Layered Service Provider is a feature of the Microsoft Windows Winsock 2 Service Provider Interface . A Layered Service Provider is a DLL that uses Winsock APIs to insert itself into the TCP/IP protocol stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and...
). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by experts. The Software Explorer feature has been removed from Windows Defender in Windows 7.
Windows Vista-specific functionality
Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered suspicious behavior for a startup item). This automatic blocking is related to the UACUser Account Control
User Account Control is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7 and Windows Server 2008 R2...
(User Account Control) functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in.