Another layer of protection which is now included in Vista is Windows Defender. The primary aim of this program is to provide basic protection against spyware, as this is the most common type of malware on the average PC, and hence the most dangerous in terms of compromising personal details such as online banking login passwords or credit card numbers. Windows Defender can also find other common forms of malware including adware and rootkits, but it is not completely effective in finding all types of malware so it should definitely not be relied upon as the sole protection against malicious software.
Windows Defender is on and running in the background by default, but to access its user interface, go to Start>All Programs>Windows Defender, or go to Control Panel>Windows Defender, or go to Start>Search Box and type “defender” (without quotes) and press Enter. I recommend that you leave Windows Defender enabled, but configure it to be less intrusive as detailed below. Even when you use other spyware scanners (which you must do), Windows Defender needs to remain enabled to provide access to the important Software Explorer feature covered under the Startup Programs chapter, so that’s at least one reason to not disable it outright. If you are going to disable it altogether, make absolutely certain that you are using a combination of UAC and a good spyware scanner, if not two. Just using another spyware scanner alone is not sufficient protection.
CONFIGURING WINDOWS DEFENDER
Below are details on the range of options and features in Windows Defender, including recommendations:
Home: Takes you to the main Windows Defender screen where you can see the current status of your machine, whether any scan is running, and when the last and next scans are scheduled to be undertaken. Note the Definition version is important – do not allow the Windows Defender definition file to be too old, regularly update the definition file through Windows Update – see Windows Update under the Control Panel chapter for details.
Scan: When clicked, this option starts a Quick Scan by default, going through your important system files, folders and Registry to look for spyware. By clicking the small down arrow next to it, you can manually choose to do a Quick Scan, Full Scan or Custom Scan. As mentioned, a Quick Scan focuses on your system files and folders, taking the least amount of time to complete, but also providing the least security. A Full Scan goes through your entire PC to look for malware, which is more secure but can take quite a bit longer. A Custom Scan allows you to select the specific drive(s) and folder(s) you wish to scan – useful, but ideally you should let Windows Defender scan all the areas it deems necessary. I recommend that for full manual scans of your system you rely on other dedicated spyware tools as covered under the Additional Security section of this chapter. You should only really need to run a Full Scan of Windows Defender in conjunction with other scanners if and when you suspect you’ve actually been infected; a Quick Scan is fine most of the time.
History: This section displays a history of any recent actions you’ve taken in response to Windows Defender notifications. You can click on each item to see more details of the exact file(s) involved.
Tools: This section contains several important settings and tools:
· Options: Used to configure how Windows Defender actually works. I recommend disabling Defender’s automatic scans of your PC. If you wish to leave this enabled, a daily scan using Quick Scan should be sufficient as this usually only takes a few minutes at most and is useful if you forget to manually run any malware scanners often. If you wish to leave automatic scanning enabled, then I recommend ticking the ‘Check for updated definitions before scanning’ so that it uses the latest definition file, as without the latest definition file it’s pointless to scan your system regularly; I also recommend ticking the ‘Apply default action to items detected during scanning’ box and configuring them as covered below.
The default actions listed allow you to specify what you want Windows Defender to do when it finds potentially malicious software in one of three categories: Low, Medium and High risk; the fourth category Severe is automatically acted upon. The default actions are explained in detail in this Microsoft Article, and they seem reasonable, so select ‘Default Action’ for all three alert levels. You will be notified immediately of most actions Windows Defender undertakes, unless they are extremely insignificant.
The Real-time Protection options allow you to determine which types of activities and areas Windows Defender monitors to prevent spyware from installing or executing. These options are explained in detail in this Microsoft Article. There have been accounts of Windows Defender causing system slowdowns when using these options, and Windows and application startup being slightly longer, however the precise performance impacts are not clear. They are best left enabled for more novice users, but advanced users can disable them if you regularly scan your system with other malware scanners (which is of course recommended) and importantly if you have UAC enabled.
When asked to select when Windows Defender notifies you, it should be safe to untick both boxes to reduce annoyance. Once again this is particularly true if you have UAC enabled. To remove the Windows Defender icon from the Notification Area select ‘Only if Windows Defender detects an action to take’. That way you’ll only see the Windows Defender icon if action is required.
The three Advanced Options here should all be enabled if you use Windows Defender. They increase the effectiveness of Windows Defender in finding new or more deeply hidden spyware. Note however that the ‘Use heuristics to detect potentially harmful or unwanted behavior by software that hasn’t been analyzed for risks’ option could marginally decrease system performance. The ‘Scan the contents of archived files and folders for potential threats’ will also add to scanning time if enabled. The ‘Create a restore point before applying actions to detected items’ should be ticked as it provides protection against Windows Defender accidentally deleting a file you may need.
You can manually specify any particular files or folders you wish to exclude from Windows Defender’s scanning, however this is only recommended if you know for certain that a particular file or location is going to provide a false positive. Also remember that definition file updates may resolve false positives.
Finally, the Administrator options allow you to completely turn off Windows Defender – which is not recommended, particularly given the Software Explorer function is tied to Windows Defender being enabled. Click the Save button when finished here, and you will be taken back to the Tools screen.
· Quarantined Items: Shows any items which have been caught as suspected spyware and allows you to determine what to do with them.
· Allowed Items: Lists the items which have been flagged by Windows Defender but you have manually chosen to allow to keep on your system.
· Software Explorer: This is a very useful utility for monitoring and enabling/disabling/removing startup programs, background programs and network connected programs. More details of this utility’s functionality can be found under the Startup Programs chapter. Disabling Windows Defender also prevents access to Software Explorer, which is why I strongly recommend aga
inst completely disabling Windows Defender.
Windows Defender must be viewed in the context that it is there to provide basic protection against harmful spyware in Windows Vista out of the box. Many users of Windows will never be fully aware of the danger of malware nor use appropriate precautions, so Windows Defender by default gives a good level of protection to these users. However even Microsoft have commented that Windows Defender should be supplemented with other malware scanners. I recommend the following:
Hello.
I would like to put a link to your site on my blog roll if you want to do the same for mine. It would be a good way to build up both of our readerships.
thank you.
OK, I’ve add you into my blog roll. It’s your turn.
Thanks for all
Just wanted to say you have a great site and thanks for posting!