Windows Defender BETA 2 for Windows 2000, XP and Server 2003 is finally here, after a one year BETA 1 release, itís been a long time coming for sure. Fortunately for some persons running the latest Windows Vista build, they have been able to experience what some persons have been wishing months for now in Windows Defender beta 2. Featuring a major over haul to the UI, Windows Defender BETA 2 is a culmination of months of hard work from both the Anti-Malware team and feedback from the community. Since January 2004, Windows Defender, formally named Windows AntiSpyware has been downloaded over 25 million times.
Installing Windows Defender is quick and easy, accept the license agreement, select a choice to have Defender install definition updates, get enhanced spyware protectionÖetc, Install definition updates or Ask me later, I chose recommended settings. Next, choose how you want to install Defender; Complete or Custom, of course I chose Complete and Windows Defender was installed in a minute.
The first time you launch Windows Defender, the Home page is displayed; you are greeted with the option of acquiring the latest updates for the application, which is recommended, since itís a bit out of date (19 days to be exact). At the bottom of the Home page there is quick Status information summarizing when the Last Scan occurred, Scan Schedule, Real-time Protection and Signature version, a very convenient overview for the user to get up and running quickly with the utility.
The interface for Windows Defender is very straightforward I have to say, basing much of its characteristics on browser navigation, so using it should be Childs play for many. At the top of the window are familiar tools to utilize the application, these include, Scan, History, Tools and Help.
Very straight forward feature, a user can immediately start scanning their computer right away for the common vulnerabilities, Malware, Spyware and root kits, to just name a few. Windows Defender is not an Antivirus utility, it is for AntiSpyware, those sleek, new intelligent vulnerabilities that take advantage of ActiveX controls and automatically install themselves on your computer through pop windows or rogue downloads. My personal belief really is that Windows Defender is one of Internet Explorerís new body guards and its part of that on-going strive to make the browsing experience on Internet Explorer, not only Secure, but more confident. Not many users will be upgrading to Internet Explorer 7 for Windows XP right away and many are still on Windows 2000. So, Windows Defender will be a necessary complimentary add on to the browser in older versions of Internet Explorer and Windows.
Beside scan, there is a small triangular down arrow, click it and pops out a list of options for scanning, Quick Scan, Full Scan and Custom Scan.
If you just click Scan, I believe it utilizes Quick Scan instead of Full Scan, this probably is more convenient for most users since Full Scan is scanning the entire hard disk, this includes other accounts that might be on the computer which of course takes more time. Custom Scan allows you to configure what Windows Defender scans, such as individual folders, applications and settings.
A welcome update, History gives users quick access to review or remove recently found items that might be in the Quarantine. Allowed items gives you a quick listing of components or applications that have access to the system. Allowed items are only monitored when they are not a part of your allow list, this occurs in cases when a shareware program is installed but known to carry spyware, but you allow it. This is a tricky situation, since a lot well known applications install Internet Explorer add-ons, so this is a decision for the user and not the application.
There are four options available under Tools, Quarantine, Software Explorer, Allowed Items and Windows Defender.
Earlier, I had mentioned Quarantine and Allowed Items, both of which are also accessible as hyper-links from the History page. I love the change here, people use to pester over the Quarantine being difficult to find in the Drop down menus in earlier builds, now itís very easy to access, review, remove or un-quarantine items.
Contains all the Settings and Tools for managing Windows Defender, a very clean, straight forward layout. Under Settings, you have General Settings, click this link and a plethora of options are displayed, for configuring automatic scanning, based on frequency, Time of day, Type, you can check for updates before scanning and automatically apply options on detected items such as quarantining or adding to your allowed list.
Default & REal-Time Protection Options
For items detected, you have 3 Alert options, Low, Medium and High. In a case such as the Sony DRM root kit for example it would be designated with a high alert and be automatically removed by Windows Defender. Of course you have the option of customizing these alerts to either ignore or remove.
This is where the beauty of Windows Defender lies, protecting the areas of the Windows operating system that are most often vulnerable to attack, such as Services, Internet Explorer Add-ons, configuration, downloads, Add-ons to Windows and other types of negative System reconfigurations that occur as a result of Spyware.
You can choose to let Windows Defender notify when suspicious changes take place, whether it is from software that has not been classified or detected from the allowed list. A very convenient aspect of Windows Defender, this will provide a simple way for users to ensure that their systems are protected or vulnerable to attack.
Advanced & Administrator Options
Here you can scan inside archives or use informal methods for detecting spyware (basically leaving it up to Windows Defender to decide what is and what is not Spyware), you can also exclude certain drives or folders that you donít want to scan. I would recommend you scan any drive or folder on your system since Spyware seems to have a way of hiding it self anywhere possible. One of the draw backs in earlier builds of Defender was to remove certain Spyware, a restart in Safe Mode was essential in thoroughly removing most well known spyware programs that might have gotten system.
This option is a hallelujah for many, support for limited user accounts in Windows 2000 and XP has been a major complaint, itís now fixed, so when you run a scan, you are able to scan both Administrator and Limited User accounts, alert users of system changes or detected malicious software. Also, users will be pleased to find out that there is integration with Windows Update for the latest definitions, Administrators will also able to manage and distribute Updates Windows Software Update Services (WSUS) in networked environments.
Some drawbacks to General settings is the long scroll process to find the desired option, I wish all the options were collapsible and expandable listings. I hope something like that gets implemented; overall, the options are many and detailed.
Microsoft SpyNEt Community
Coming over from GIANT is the Spynet Community which allows users to register and become a part of a group of fellow users who help classify unknown spyware that is not yet classified as a risk by Windows Defender. There are two tiers for becoming a member, Basic and Advanced, you can also opt not to join the community. This aspect of Windows Defender shows that Security is an ongoing process and gives users the opportunity to become a part of that fight against spyware.
A very cool component in Windows Defender, this allows you to manage how applications run, whether access the Internet or network connection or ending the process. To access Software Explorer though you need to have Administrative Rights, its almost like a improved Task Manager, with more customization in it. Basic information about applications are also displayed in the right Pane, there you can see how the application starts up from which path on the system whether its in the Registry or Windows Start-up folder, if it was installed with Windows, Classification to see if it was analyzed for any security risk or digitally signed to ensure that the application is completely safe to run on the system.
Windows Defender & Help
Quick access to a website, with updated information about the application, users can sign up for newsletters, access to additional support for first time users and vendors who want to get their applications approved.
Help is very much improved, with detailed information about the different features of Windows Defender and how to use the program effectively. The About Dialogue is very detailed with information about Version, Engine and Signature version.
This is not an in-depth pre-view but one that gives a quick overview of some the exciting features that makes this release a must have. After one year waiting, users will be pleased by its easy to use interface, which makes navigating and managing the application a great experience. The Spynet Community is also a great way for users to get additional information and share their experiences so that they can help to further improve the detection of spyware. Integration with the Windows operating system and components such as Internet Explorer make it necessary part of the security experience that improves the overall experience and confidence in the Windows platform.
There are certain glitches that occur when scanning and updating, but I hope to see those fixed by or before RTM. I would have loved to see integration with the Security Center which is a part of Windows Defender on Windows Vista, also some of the context menu options from the notification area icon such as quick scan, security agent status and choosing to shutdown the application which were available in the BETA 1 build, but its still early, and we should continue to see further improvements made to the application in areas such as fit and finish.
It will be
interesting to see what Microsoft plans to add as a part of the commercial
version of this product for businesses which part of their Client Protection
strategy for businesses.