Microsoft Defender Antivirus

Template:Future software

Windows Defender, previously known as Microsoft AntiSpyware, is a software product from Microsoft designed to prevent and remove or quarantine spyware on Microsoft's Windows 2000, Windows XP, Windows Server 2003, and Windows Vista operating systems. It is available as a free download from Microsoft's web site, currently in beta-testing, and will be integrated into future versions of Windows Vista.

Windows Defender is based on GIANT AntiSpyware, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16 2004. While the original GIANT AntiSpyware supported older versions of Windows, support for the Windows 9x line of operating systems was dropped. However, Sunbelt Software, which was originally GIANT's partner, sells a product based in the same technology called Counterspy which still has support for older Microsoft operating systems.

At the 2005 RSA Security conference, Chief Software Architect and founder of Microsoft, Bill Gates, announced that Microsoft Windows AntiSpyware (which was renamed to Windows Defender on November 4 2005), will be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure Windows users world-wide against the increasing threat of malware. Microsoft's upcoming Windows Vista operating system will also have Defender included as an integrated part of the operating system, and will be enabled by default.

Windows Defender not only features scanning of the system similar to other free products on the market, but also includes a number of Real-Time Security Agents that monitor several common areas of Windows for changes which may be caused by spyware. It also includes the ability to easily remove ActiveX applications that are installed. Also included is a SpyNet™ network, that allows users to communicate with Microsoft, what they consider to be spyware, and what are acceptable applications.

Windows Defender is integrated with Windows Update's Automatic Updates service to receive the latest definitions and software updates.

The first release of Microsoft AntiSpyware was released in beta form on January 6 2005. Few new features were added over GIANT AntiSpyware; it was mainly a re-branding release. More builds were released as 2005 progressed, with the last Beta 1 refresh released on November 21, 2005.

Windows Defender (Beta 2) was released on February 13 2006 (almost a year after Beta 1 was released). It featured the program's new name and a significant redesign, resulting in huge improvements. The core engine was rewritten in C++, unlike the original GIANT-developed one, which was written in Visual Basic. This improves the performance of the application. Also, the program now works as a Windows service, unlike the earlier release. This enables the application to work even when a user is not logged on. Because of this, the Windows Defender application is technically an interface to the service, which is also called by the same name. In addition, the application now protects more points-of-entry than the original application, while providing a more streamlined and intuitive interface. Beta 2 also requires Windows Genuine Advantage validation. However, Windows Defender, in its current build, does not contain some of the tools found in Microsoft AntiSpyware (Beta 1). This consists of removed functionality of the System Explorer tool found in MSAS (Beta 1) and the Tracks Eraser tool, which allows the user to easily delete many different types of temporary files found in Windows, including cookies, temporary internet files, and Windows Media Player playing history.

In the Windows Defender Options you can config the Real Time protection options:

• Auto Start - Monitors lists of programs that are allowed to automatically run when you start your computer
• System Configuration (settings) - Monitors security-related settings in Windows
• Internet Explorer Add-ons - Monitors programs that automatically run when you start Internet Explorer
• Internet Explorer Configurations (settings) - Monitors browser security settings
• Internet Explorer Downloads - Monitors files and programs that are designed to work with Internet Explorer
• Services and Drivers - Monitors services and drivers as they interact with Windows and your programs
• Application Execution - Monitors when programs start and any operations they perform while running
• Application Registration - Monitors tools and files in the operating system where programs can register to run at any time
• Windows Add-ons - Monitors add-on programs (also known as software utilities) for Windows

There is integration with IE so that downloads are scanned when they are downloaded to help ensure that you do not accidentally download malicious software. This is accomplished using the IOfficeAntiVirus API. Note, the API is used for any file scanning, not just for Office or AntiVirus

The Advanced Tools section allows users to discover potential vulnerabilities for themselves via a series of "System Explorers". The previous version, Microsoft AntiSpyware, users were able to browse downloaded ActiveX controls, running processes or Startup programs, Internet Explorer BHOs, settings or Toolbars, the Windows hosts file, Winsock LSPs or Shell Execute Hooks. Windows Defender has removed some of this capability, only providing views of startup programs, currently running software, and Windows sockets providers (Winsock LSPs).

In each explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites you to submit the program to SpyNet™.

The Browser Restore feature, a component of the previous version Microsoft AntiSpyware, allowed users to restore all of Internet Explorer's default links back to the default settings. This will sometimes revert the changes made by browser hijackers, though further action is sometimes required.

Microsoft AntiSpyware (Beta 1) contained a track erasing feature which could erase the usage history for various Microsoft and third-party applications. The extent to which such items are really erased is not documented.

There is some controversy over the name "Windows Defender" with allegations that Microsoft used misinformation, or possibly intimidation, to acquire the name from a company supplying software under the same name ^[1]. Microsoft claims that it is protecting the term "Windows" as their trademark.

Antispyware programs are often tested against known spyware. A recent ABC News test revealed that Windows Defender (beta 2) wasn't able to block any of the tested keyloggers. ABC News stated: "Of the six commercial keyloggers we use for testing, both MSAS and WD detected just one, and they only partially disabled it. Where MSAS didn't block any of the keyloggers from installing, WD tried and failed to block one." MSAS here means an earlier version of Defender named MSAntiSpyware. [2]

• Windows Live OneCare
• Microsoft Anti-Virus

• Microsoft Anti-Malware Blog
• Microsoft Windows Defender official site
• Download Windows Defender (Beta 2) Download
• Windows Defender Support and Training
• Unofficial Security Product FAQ: Microsoft Windows AntiSpyware
• Windows Defender Tutorial and Support