Welcome to The Windows Blog 

Windows Defender Explained

Hi, I’m Mike Chan, a product manager for Windows Vista. I wanted to let everyone know about a great feature that is included in Windows Vista. The threat of malicious software is still a problem that many customers face today and Microsoft has been making progress against these threats over the past few years with a combination of guidance, industry partnership and security technologies. One of our latest technologies to combat malicious and unwanted software is with Windows Defender (WD), which helps prevent poor performance and unwanted pop-up ads that can be caused by spyware. Windows Defender also helps keep private information out of the hands of spyware and other potentially unwanted software. Using Windows Defender is easy with single click access to features such as a quick scan. Windows Defender also works in the background to protect you against software that attempts to install onto your machine without proper consent or notification. One of the little known facts about Windows Defender is that it is now implemented as a system service so it provides protection for all users and utilizes User Account Control (UAC) (http://www.microsoft.com/windowsvista/uac) to take any actions that need administrator privileges. The UI runs under the user context, but all scanning and cleaning activities are accomplished by the service. Furthermore, there is integration with IE (http://www.microsoft.com/windows/ie/ie7/default.mspx) so that downloads are scanned when they are downloaded to help ensure that you do not accidentally download malicious software. This is accomplished using the IOfficeAntiVirus API (http://windowssdk.msdn.microsoft.com/library/default.asp?url=/workshop/security/antivirus/reference/ifaces/iofficeantivirus/scan.asp). Note, the API is used for any file scanning, not just for Office or AntiVirus. Also, Windows Defender is not a replacement for AntiVirus and Microsoft always recommends that customers deploy a full AV product. Also, Microsoft is committed to providing our customers with free on-going definition updates so you don’t ever have to worry about your protection expiring. The added security that Windows Defender provides lets you get back to using your computer without unneeded interruptions. For more information, visit http://www.microsoft.com/windowsdefender and remember to check out the Microsoft anti-malware blog (http://blogs.technet.com/antimalware).

 

Comment 

Comments

  1. Colin^
    Posted on: April 21, 2006 at 11:58PM  
    Nice.
  2. Don Rock
    Posted on: April 22, 2006 at 5:25PM  
    Thanks Mike
  3. Ashish
    Posted on: April 23, 2006 at 2:28AM  
    Nice! Great to see a blog specially for Windows Vista.
  4. Luca
    Posted on: April 24, 2006 at 3:21AM  
    Windows Vista users run with the least priviledges and not as admin, the services run in a separated session from the user session, drivers and Vista components are almost completely in user space and not in kernel space, there's the UAP in order to authorize the programs to run, IE7+ use the protected mode, etc.
    So I think Windows Defender is a great program, but it's not so important on Windows Vista.
  5. Mike Chan [MSFT...
    Posted on: April 24, 2006 at 12:12PM  
    I’d like to respond to Luca’s comment about the relevance of Windows Defender on Vista. We have made many improvements to security including UAC (new name for UAP), IE7+protected mode and better kernel isolation, but Windows Defender is still very much a needed part of Windows Vista. The reason is that it turns out much malicious software today installs on a machine due to social engineering instead of vulnerability exploits. Also, there can be unwanted software that also runs happily as a user context (they still have access to all your user information and adware can run under the user context as well). Therefore, in order to help protect the users' information, as well as help the customer be more safe by alerting them to potentially unwanted software before they install it, Windows Defender is still very relevant on Windows Vista and in fact works better on Vista as we have integration with both UAC and IE7.

    Mike Chan [MSFT]
  6. Star
    Posted on: April 26, 2006 at 9:51PM  
    What the hell do you think your doing microsoft. I dont won't your new os! Stop stealing open source code and using it!
  7. Alex
    Posted on: May 18, 2006 at 9:49AM  
    I hope there is a way to disable&uninstall all these user-protection systems in your new operating system?

  8. Mike Chan [MSFT...
    Posted on: May 19, 2006 at 6:20PM  
    Alex, Mike Chan here – the product manager for Windows Defender. There is indeed a way to disable Windows Defender as well as many of the other user protection technologies that come with Vista. If you have alternative anti-spyware products, or your own favorite personal firewall, you can disable the respective technology in Windows Vista. Our first goal is the security of our customers, so as long as you have protection that you trust, feel free to use it!
  9. Luca
    Posted on: May 21, 2006 at 1:26PM  
    Do you know if Windows Vista will have a code injection protection? A warning if a process is injecting some code into another process.
  10. Eric S
    Posted on: June 02, 2006 at 10:51AM  
    What about "Tracks Eraser" from MS Spyware Beta 1?  There are several blogs and posts out there of complaints that Defender did not continue on with this tool.

    I am one of those who is dissapointed that this tool is gone.

    I have a secific issue that cannot be resolved and short of bringing my PC to Washington and throwing it through a window at MS HQ to make someone there fix it because nothing else will.  I was going to try tracks eraser from an old Spyware Beta 1 download, but upon installation, it forced me to immediately upgrade to Defender.

    Specifically, how does one clear the Address Bar in IE 6 of addresses that are "remembered" somewhere on my computer in a file that doesn't exist to the obvious user when Tools - Internet Options - Content tab - Auto Complete - Clear DOES NOT WORK.  Nor do the suggested registry edits.  Nor do the "clear history", delete temp files, buttons or any other button for that matter in all of Windows XP designed to clear "history", "autocomplete" or the like form fields.  And there's not a KB article to be found that solves the issue either.  Where are these URLs "remembered"?  Where/How can I blow them away?

    In the mean time I have to disable Auto Complete so I don't get prompted with "remembered" URLs.

    Tracks eraser, I am sure, would have taken care of this issue for me.  PUT IT BACK so I can find out.
  • Page:
  • 1
  • 2
  • 3

Navigation

The Blogs:

Recent Posts

Tags

View more

© Copyright 2008 Microsoft Corporation. All Rights Reserved.   |   Privacy Statement