Windows Defender
Windows Defender, formerly known as Microsoft AntiSpyware, is a software product from Microsoft to prevent, remove and quarantine spyware in Microsoft Windows. It is included and enabled by default in Windows Vista and Windows 7, and is available as a free download for Windows XP and Windows Server 2003.
Basic features
Windows Defender features system scan capabilities similar to other free products on the market, and includes a number of real-time security agents that monitor several common areas of Windows for changes which may be caused by spyware. It also includes the ability to easily remove ActiveX applications that are installed. Also integrated is support for Microsoft's SpyNet network that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their system.
History
Beta 1
Windows Defender is based on GIANT AntiSpyware, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004. While the original GIANT AntiSpyware supported older Windows versions, support for the Windows 9x line of operating systems was later dropped. However, Sunbelt Software, which was originally GIANT's partner, sells a product based on the same technology called CounterSpy which still has support for older Microsoft operating systems.
The first release of Microsoft AntiSpyware was released in beta form on January 6, 2005 and was basically a repackaged GIANT AntiSpyware. It was then a free product (though only for genuine installations of Windows), contained few new features and was simply rebranded as a Microsoft product. More builds were released as 2005 progressed, with the last Beta 1 refresh released on November 21, 2005.
Beta 2
At the 2005 RSA Security conference, Chief Software Architect and co-founder of Microsoft, Bill Gates, announced that Windows Defender (which was known as Microsoft AntiSpyware prior to November 4, 2005) would be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure their systems against the increasing malware threat.
Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a significant user interface redesign. The core engine was rewritten in C++, unlike the original GIANT-developed one, which was written in Visual Basic [1]. This improved the application's performance. Also, since beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the computer even when a user is not logged on. The Windows Defender application is technically an interface to the service, which also has the same name. Beta 2 also requires Windows Genuine Advantage validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including cookies, temporary internet files, and Windows Media Player playback history. [2] Microsoft later released German and Japanese versions of Windows Defender (Beta 2).
Final release
On October 24, 2006, Microsoft released the final version.[3] It supports Windows XP, Windows Server 2003 and Windows Vista; however, unlike the betas, it does not run on Windows 2000 by default. According to the FAQ, support for Windows 2000 was dropped because at the time of release of the final version, Windows 2000 had reached the end of its mainstream support period and was considered not to be "a popular consumer operating system".[4] Nevertheless, Microsoft has confirmed that this is a problem in the Microsoft products, and an official resolution for Windows 2000 users is available at Microsoft Help and Support. [5]
Advanced features
Real-time protection
In the Windows Defender options, the user can configure real-time protection options:
* Auto Start - Monitors lists of programs that are allowed to automatically run when the user starts the computer
* System Configuration (settings) - Monitors security-related settings in Windows
* Internet Explorer Add-ons - Monitors programs that automatically run when the user starts Internet Explorer
* Internet Explorer Configurations (settings) - Monitors browser security settings
* Internet Explorer Downloads - Monitors files and programs that are designed to work with Internet Explorer
* Services and Drivers - Monitors services and drivers as they interact with Windows and programs
* Application Execution - Monitors when programs start and any operations they perform while running
* Application Registration - Monitors tools and files in the operating system where programs can register to run at any time
* Windows Add-ons - Monitors add-on programs (also known as software utilities) for Windows
Internet Explorer integration
There is integration with Internet Explorer which enables files to be scanned when they are downloaded to help ensure that one does not accidentally download malicious software. This implementation is similar to the real-time scanners of many anti-virus products on the market. Although not combined with Firefox, Windows Defender still scans downloaded files for malicious code, as part of the real-time protection.
Software Explorer
The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and Winsock providers (Winsock LSPs). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to SpyNet for analysis by experts.
Windows Vista-specific functionality
Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered suspicious behavior for a startup item). This automatic blocking is related to the UAC (User Account Control) functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in.
Source