Investigating Windows Vista's built-in spyware Defender

This is a description of the fully loaded edition of Windows Defender, which is included in the December CTP of Windows Vista.

In the December 1st edition of the Windows Vista Report, "Windows Vista's Security Center stands to gain some real substance", I alluded to the fact that the next CTP version of Windows Vista would contain an actual Spyware Protection program. And it does indeed, with the fully loaded edition of Windows Defender (formerly known as Windows AntiSpyware). Microsoft's new antispyware software is based on the technology obtained by the December 2004 acquisition of GIANT Company Software. Here's a closer look at Windows Defender—some of its most interesting features and how it works.

At home in the Security Center

Windows Defender is integrated into the Security Center in the Spyware Protection section by default, as shown in Figure A. This will provide your computer with protection against spyware right out of the box. However, like the Firewall and Virus Protection, you'll be able to replace Windows Defender with a third-party antispyware utility if you wish.

Figure A

Windows Defender is integrated into the Security Center.

Accessing Windows Defender

Once you launch Windows Defender, which you can do from within the Security Center or a tray icon, you'll immediately notice that the user interface is very clean, as shown in Figure B, which makes it easy to use. As you can see, the main page quickly provides detailed status information. The green shield icon at the top provides a quick indication that the system is free from spyware while the panel at the bottom provides you with a more detailed account, including when the last scan was run, what level of scan was run, when the next automatic scan is scheduled to run, that real-time protection is currently monitoring, and the version and date of the currently enabled spyware signatures.

Figure B

Windows Defender's user interface is very straightforward making it extremely easy to use.

And while I'm on the topic of spyware signatures, I'll point out that because Windows Defender is integrated into the operating system, new spyware signatures are delivered and installed via Automatic Updates and Windows Update.

h2>Working with Windows Defender

To work with Windows Defender, you use the icons on the toolbar. To initiate a quick scan, you can click the Scan icon or you can click the adjacent drop-down arrow and select a Full Scan or a Custom Scan, which will allow you to target a specific drive or folder to scan, as shown in Figure C.

Figure C

The Custom Scan feature allows you to target a specific location for a spyware scan.

Clicking the History icon displays a page that contains a list of all the spyware and other potentially unwanted software that Windows Defender discovered on your system. The History page also provides details on whether the spyware/software was removed, blocked or allowed.

Clicking the Tools icon displays the Settings and Tools page, as shown in Figure D, where you'll find both standard antispyware configuration options as well as several other very interesting items, such as AntiSpyware Community, Software Explorers and the Windows Defender website.

Figure D

In addition to the standard fare, Settings and Tools page provides some very interesting options.

The AntiSpyware Community is a forum where you can go to get more information about the items that Windows Defender flags as spyware and how to handle them. For example, you'll be able to access a trust rating system that compiles information on how many other members have removed, blocked, or allowed the same items.

Software Explorers is a real-time analysis tool that can examine and identify every running program in several categories. For example, choosing the Currently Running category provides detailed information about every process that you'd find on the Task Manager's Processes tab, as shown in Figure E. Now, you'll be able to easily identify operating system processes and isolate suspect processes.

Figure E

The Software Explorers will provide you with detailed information about running applications.

Clicking the Windows Defender website button takes you to Microsoft's Security page where you'll be able to get more information and additional tools.


While I've only provided you with a quick tour, it's easy to see that Windows Defender looks like it's going to be a very nice addition to the Windows Vista's security features. Keep in mind that Windows Vista's official release date is still over a year away and some of the information presented about Windows Defender may change. As always, if you have comments or information to share about Windows Vista December CTP or Windows Defender, please take a moment to drop by the Discussion area and let us hear.

By Greg Shultz

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.