Keep Windows Vista Secure with
Windows Defender

The most important thing to know about applications on your computer is what they do and whether or not you agreed to have them installed.

Microsoft Office, for example, is a good application—you install it by choice, and it does what you expect it to. In contrast, a computer virus is an example of a bad software application—it installs itself without your knowledge and may very likely harm your computer.

"Spyware," a class of application that may perform advertising activity on, change the configuration of, or collect personal information from your computer, often falls between what we define as good and bad. For example, some free downloadable applications include advertising components that help support their authors. In contrast, others include hidden features that track what sites you visit on the internet, or even record what you're typing on your computer.

You can defend against bad spyware and other unwanted applications with Windows Defender, the next generation of security technology. Using a database of known spyware signatures and characteristic spyware behavior, Windows Defender readily detects potentially unwanted applications and gives you the information you need to decide whether or not to keep them on your computer.

Find safe haven in the Security Center

Until the arrival of Security Center in Windows XP Service Pack 2, managing Windows security settings was difficult. Now Security Center is all you need to manage important Windows security settings in one place. In Windows Vista, the importance of the Security Center has grown.

To access Security Center

1. On the Start Menu, select Control Panel.
   
2. Select Check this computer's security status.

There are four parts of the Windows Vista Security Center:

1. Firewall
   
2. Automatic updating
   
3. Malware protection (Virus protection, Spyware protection)
   
4. Other security settings (Internet security settings, User Account Control)

Figure 1: Security Center is the one place to go to check the status of your Firewall, Automatic updating, Virus protection, Spyware protection, and Other security settings.

You can use Security Center to view the application that is used for Firewall and Malware protection. You can also check the status of Firewall, Automatic updating, Malware protection, and Other security settings. This column focuses on Malware protection and Windows Defender.

To open Windows Defender from Security Center, click Windows Defender.

You can view the status of Windows Defender in the Malware protection section of Security Center under Spyware Protection.

You should not need to change any Windows Defender settings immediately. Windows Defender comes configured to provide maximum security with minimal interaction.

Windows Defender will:

• Automatically check for and download updated spyware signatures every night around 2:00 A.M. and automatically remove all high-threat risks.
  
• Provide real-time protection as soon as it is started.

To adjust the settings in Windows Defender

• Click the Tools menu, and then select General Settings.

Defend yourself with Windows Defender

Windows Defender helps you detect and remove spyware and other potentially unwanted software with frequently updated spyware definitions.

There are several ways to open Windows Defender:

• Click the Windows Defender icon in the System Tray.
  
• From the Start menu, select All Programs, and then select Windows Defender.
  
• Open the Security Center, and then select Windows Defender.

While Windows Defender watches carefully for potentially unwanted software, you can start spyware scans on demand. Windows Defender offers three types of scans:

1. Quick Scan. A Quick Scan rapidly checks places on your computer that spyware is most likely to infect.
   
2. Full Scan. A Full Scan checks all files on your hard disk, running applications, the registry, and other places.
   
3. Custom Scan. A Custom Scan checks files or folders that you specify. A Custom Scan will automatically run a Quick Scan when it begins.

To initiate a scan, start Windows Defender and click the down arrow next to the Scan button, and then select the type of scan you would like to start.

Figure 2: You can perform a Quick Scan, Full Scan, or Custom Scan on demand.

Automatic protection with Windows Defender

Windows Defender is always protecting your system when you use Windows Vista. While on-demand scans can remove spyware that is already installed, scans can not stop new spyware from installing. Windows Defender provides real-time protection against threats. Real-time protection means that Windows Defender carefully watches for suspicious behavior on your computer at all times. It uses nine security agents to monitor different parts of your system for application behavior that is characteristic of spyware.

The nine security agents are:

Internet Explorer Configuration
Monitors browser security settings.

Internet Explorer Downloads
Monitors applications that work with Internet Explorer such as ActiveX controls and software installation applications.

Internet Explorer Add-ons (Browser Helper Objects)
Monitors applications that automatically run when you start Internet Explorer.

Auto Start
Monitors the list of applications that starts when Windows starts.

System Configuration
Monitors security-related settings in Windows.

Services and Drivers
Monitors services and drivers as they interact with Windows and applications.

Windows Add-ons
Monitors software utilities that integrate with Windows.

Application Execution
Monitors applications when they start and throughout their execution.

Application Registration (API Hooks)
Monitors files and tools in the operating system where applications can insert themselves to run.

Together, the Windows Defender security agents monitor almost all common entry points of spyware.

Respond to threats

Windows Defender alerts you when it finds potentially unwanted software or detects suspicious behavior. When innocuous (low threat) changes happen Windows Defender lets you know by changing its system tray icon. You can determine whether or not Windows Defender will alert you to changes made by "unknown" applications through the options menu.

For more severe threats (medium or high), Windows Defender displays a yellow or red window depending on threat level. These kinds of threats usually require an immediate response.

Figure 3: Windows Defender displays a window when it detects suspicious software that needs an immediate response. For medium threats, the window is yellow; for high threats, the window is red.

Become a member of the SpyNet Community

Security threats are ever changing, and sometimes daily updates are not enough to keep up with all of the security threats that your computer might encounter. To take one step further than just providing spyware definition updates, Microsoft also maintains the SpyNet Community.

The SpyNet Community is a voluntary worldwide community of Windows Defender users who report their spyware findings to Microsoft. Users who participate in the SpyNet Community play an important role in determining what suspicious applications are eventually classified as spyware. Users participating in the SpyNet Community also help discover new threats quickly so that all Windows Defender users are better protected. Unclassified software is software that is not yet listed in the spyware definition file and has not yet been classified as an official potential threat by Microsoft.

The SpyNet Community is optional. You must explicitly decide to participate. There are three levels of participation:

1. Advanced membership. Participants send information to Microsoft about unclassified software and actions taken. Advanced participants are alerted of currently unclassified software that may not be safe. Some personal information may be sent, but Microsoft will not use it to contact you.
   

   Tip: Advanced Members receive removal statistics showing how other advanced members reacted to the same threat. This information can help you make a decision whether or not currently unclassified potentially unwanted software is dangerous. For example, if a new application is being distributed on the Internet and Windows Defender detects it as being suspicious, some advanced users may report it to SpyNet and remove it. SpyNet will tell you how many Advanced Members reported and removed it, so that you can use the information to make a better decision on what you should do.

   
   
2. Basic membership. Basic information about suspicious software is sent to Microsoft. Personal information may also be sent, but Microsoft will not use it to contact you. Basic participants are not alerted about unclassified software.
   
3. Non-member. No information about spyware infections is sent to SpyNet. You will not be notified if unclassified, potentially unwanted software is found on your computer. The unclassified, potentially unwanted software may eventually be classified in the regular spyware definition updates.

To join the SpyNet Community

1. Open Windows Defender and select Tools.
   
2. Click AntiSpyware Community.

Summary

In an effort to combat the ever changing world of security threats, Windows Vista includes Windows Defender. Windows Defender is a live protection mechanism that monitors entry points that spyware most often uses to infect your system. With Windows Defender, you can remove potentially unwanted software with the click of a mouse button. Windows Defender also includes SpyNet, a global network of Windows Defender users who help find new unclassified threats. Windows Defender is just one part of an entire security ecosystem that Windows Vista maintains to keep your computer safe, secure, and reliable.