Vista’s Windows Defender provides continuous security against malware, and if it detects anything suspicious, it will alert you of what it finds. It does this by using three specific tools:
• Internet agents Internet agents are used to monitor changes to Internet access settings, as well as to stop unauthorized connection attempts via the network.
• System agents System agents are used to monitor changes to your system’s settings, such as passwords and permissions.
• Application agents Application agents are used to monitor changes to applications installed on your OS, such as Internet Explorer being modified by downloadable toolbar applications.
WINDOWS DEFENDER NOTE
Windows Defender is used locally to protect an end user’s Web browsing experience. Windows Defender does not include enterprise management tools.
Windows Defender protects against and removes malware as well as provides control over modifications to software installed on the system. Windows Defender provides real-time monitoring functionality, which means it will always run and keep you protected while you’re using your Windows Vista system. The Windows Vista version of Windows Defender features an updated scanning engine, simplified alerting functionality, multiple-language support, and other enhancements.
Windows Defender provides top-notch spyware detection and removal, and it is connected to an online service that will keep it updated and on top of the latest threat trends. Because malware constantly evolves, so does Windows Defender and its support team.
Using Windows Defender
You can find Windows Defender by opening the WSC and selecting the Windows Defender link. This will invoke the Windows Defender application. If your system is already up-to-date, Windows Defender will report that there is no harmful or unwanted software on your system and that your computer is running normally. If you have not run a scan yet, or your last scan was a while ago, you will be prompted with scan options.
Select the scan option that best suits what you want to do. If you want to perform a quick scan of the most common areas within your system affected by malware, check the Quick scan radio button. If you want to check your entire system, check the Full system scan radio button (note that a full system scan will take far longer to perform than a quick scan). You can also specify which drives or areas of your system you want Windows Defender to scan.
Click on Scan Now to begin a scan.
Once the scan is complete, you can view the report. If anything malicious is found, you will be asked how you want to handle it. (Because this was a quick scan, there still may be an issue with this system, however; a full system scan should be run to verify that the system is in fact free of malicious software.)
By clicking on Tools on top of the Windows Defender dialog box, you can adjust the settings for Windows Defender and select other tools to further secure your system. Once you open the Tools and Settings configuration within Windows Defender, you can change the settings, use Microsoft SpyNet, view quarantined items, use the Windows Defender Software Explorer, set allowed items, and visit and use the Microsoft Windows Defender public Web site.
How to Use the Windows Defender Software Explorer
One of the newest and most helpful tools Microsoft has added to Vista and Windows Defender is Software Explorer. Software Explorer provides you with an unfettered view of the software that is currently running on your computer, along with details of each piece. It also helps you monitor programs that are set to start when the computer boots, programs that run in the background or as background processes, and programs that are used to perform low-level network functions (i.e., Winsock service providers).
WINDOWS DEFENDER NOTE
To use some Software Explorer options, you must be logged on as Administrator or be a member of the Administrators group.
Using Software Explorer
Changing how a program runs on your computer, such as blocking Internet or network connections and ending processes, can cause problems with Windows and other programs that you use. Use Software Explorer to change how a program runs on your computer only if you are certain the program is causing a problem. Once you open Software Explorer, you can select which category of programs you want to view or adjust.
Other Related Tools
In the Tools and Settings dialog of Microsoft Defender, you can find links to more tools and settings. Here you will find SpyNet, a very useful Web site that helps you find information on malware as well as information on combating it and protecting yourself and your system from its threat of damage.
Using Microsoft SpyNet
Microsoft SpyNet is the network of Windows Defender users that helps determine which programs are classified as spyware. Because the face of malware constantly evolves, so does SpyNet and its hardworking team of security enthusiasts.
SpyNet works to build known signature files for commonly seen malware and to find malware that is new to the scene. It is recommended that you visit SpyNet to get acclimated with the site and the benefits it offers, and that you check back often for updates.
If you commonly surf the Internet and are worried about the effects of malware on your system, visiting SpyNet can give you an advantage, as you will be better educated on what can happen to your system, what is currently happening to others, and how you can support and better secure your OS, your browser, your identity, and your personal data.
Windows Defender Summary
Malware is a threat to computer systems, networks, and the public Internet. With the release of Windows Vista, Microsoft has developed new weapons in the battle against malware. Windows Vista, Internet Explorer 7, and associated software are hardened and ready for war.
Malware is any software product or program created with an intent to cause damage or harm. The most common forms of malware are viruses, Trojans, and worms. Viruses are malicious programs that are commonly installed on a target host with the intent to cause harm or damage. Common virus types include e-mail viruses, boot sector viruses, application viruses, and macro viruses. Worms are a form of malware that will propagate from host to host in order to spread and replicate across a network. A Trojan will appear harmless to the recipient, but actually contains a malicious payload. Trojans that contain a virus as a payload are called droppers. Spyware is the biggest malware issue to date. Spyware exploits include malicious scripts that do everything from rewriting browsers to perform malicious functions, to forcing payment for legitimate revenue streams to a secondary source (usually that of the attacker).
Windows Vista and Internet Explorer 7 were developed to thwart many common exploits and build a foundation in which new ones can be mitigated. New to Vista and Internet Explorer 7 is an updated Windows Firewall. The new outbound filtering feature in the personal firewall helps to apply more granular control over traffic traversing it, and is more flexible than previous versions. The new Phishing Filter is used to verify the validity of the sites you visit so that your personal information and data are not compromised.
User Account Control (UAC) allows a user to change computer settings while running as a standard user, instead of requiring administrator privileges to perform most tasks. The updated Windows Defender utility detects malware on your system and, when used in conjunction with SpyNet, can help to eliminate most spyware attacks and exploits. The new Windows Security Center (WSC) is full of configurable options and tools to help you build a strong security posture so that you can safely surf the Internet without constantly worrying about your system. As you can see, there are many ways you can apply defense in depth for a more secure infrastructure.
Malware is definitely a threat, but these new tools and features help to provide a more secure experience. Microsoft Vista takes steps to ensure that the base OS is not jeopardized, and Internet Explorer 7 provides a secure framework in which to operate. Although the battle against malware continues, at least with Vista and Internet Explorer 7 you are well armed to fight that battle.
Solutions Fast Track
Malware Fundamentals
• Malware is any software product or program created with the intent to cause damage or harm. The most common types of malware are viruses, Trojans, and worms.
• A virus is a malicious program that is commonly installed on a target host with the intent to cause harm or damage. A virus (just like the medical version of the term) infects the host, usually by being installed by the end user of the target host. A virus is almost always executed by the end user without him knowing the true intention of the malware.
• An e-mail virus is transmitted via e-mail and contains a payload that is activated when the end user is provoked to activate it, or when something in the e-mail client and how it reads e-mail (and scripts) activates the payload upon delivery or viewing, without opening the e-mail (such as with an automatic reading pane found in most e-mail clients).
• Boot sector viruses are often transmitted via disk and are written to the master boot record on the hard disk. Application viruses are executable programs that infect your system when you run them, and macro viruses are commonly embedded in documents (such as Microsoft Word documents).
• Worms will propagate. They are programmed to “scan” the network from the infected target host to find other hosts with open and vulnerable services and ports.
• A Trojan horse will appear harmless enough for the recipient to install, but it contains a secret payload that usually is a virus or other form of malware.
• Spyware exploits are also used to obtain user information. Spyware analyzes what sites you visit and what your browsing habits are, and then invades your privacy further by using that information to market products to you, as well as by preventing you from removing the spyware.
• You should periodically update every piece of software you install on your system. You can do this by installing the latest updates, hotfixes, security patches, and service packs. Keep on top of when new patches come out, and try to test and install them to keep your system at its best.
• Windows Service Hardening (WSH) limits the amount of damage an attacker can do if a service is compromised.
• Network Access Protection (NAP) is used to prevent clients from connecting to the network if they are infected with malware.
Improvements in Internet Explorer 7
• Internet Explorer 7 comes with Windows Vista by default as the built-in Web browser. New features in Internet Explorer 7 help to prevent the inception and spread of malware. To help protect a user’s personal information and the security of Vista in general, Internet Explorer 7 comes with many advances in security, as well as tools that protect users from such malware attacks as phishing and spoofing. It also includes a new Protected Mode to further secure a user’s browsing experience.
• The new outbound filtering feature in the Windows Firewall helps users to apply more granular control over traffic traversing the firewall.
• User Account Control allows a user to change computer settings while running as a standard user.
• The Windows Defender utility detects malware on your system and, when used in conjunction with SpyNet, can help to eliminate most spyware attacks and exploits.
• Phishing is the exploit that hackers use to obtain personal information from unsuspecting users. The Microsoft Phishing Filter is new to Internet Explorer 7. It protects you from phishing attacks while you surf the Internet.
• The Windows Security Center (WSC) is the brain and nervous system for Vista when it comes to security. Here, you can configure most (if not all) security functionality for the client system. In addition, it monitors your running systems and recommends ways to help mitigate risk and solve security-related issues.
• The WSC, which debuted in Windows XP SP2, has been updated with new features, tools, and functionality. With it, you can centrally control a personal firewall application, and make sure the OS and your antivirus software are up-to-date.
• In the WSC, you can configure four main security areas: the Windows Firewall, Automatic Updates, Windows malware protection, and other security settings, including Internet Explorer security settings.
• The updated Windows Firewall now scans traffic bidirectionally. Previous versions scanned in only a single direction.
• Once your firewall is configured, you need to update it only if you want to restrict or allow access to new programs, or if you want to change settings.
• You can turn on automatic updating in the WSC, which will allow Windows to monitor and download updates for you.
• The Malicious Software Removal Tool can help you to remove malware from your OS and is usually downloaded via Windows Update.
• User Account Control prevents unauthorized changes from taking place. Another level of security applied to the defense in depth model, UAC will warn you whenever Windows needs your permission to continue with the use of a program or other application.
• The Microsoft Baseline Security Analyzer (MBSA) is a freely downloadable tool from Microsoft. It is designed for IT professionals who need to check the security settings on host computers.
Windows Defender
• Windows Defender provides continuous security against malware. If it detects anything suspicious, it will alert you of what it finds.
• Windows Defender is composed of three separate agents. Internet agents are used to monitor changes to Internet access settings, as well as to stop unauthorized connection attempts via the network. System agents are used to monitor changes to your system’s settings, such as passwords and permissions. Application agents are used to monitor changes to applications installed on your OS, such as Internet Explorer being modified by downloadable toolbar applications.
• Windows Defender is used locally to protect an end user’s Web browsing experience. Windows Defender does not include enterprise management tools.
• Windows Defender features an updated scanning engine, simplified alerting functionality, multiple-language support, and other enhancements.
• Changing how a program runs on your computer, such as blocking Internet or network connections and ending processes, can cause problems with Windows and other programs that you use. Use Software Explorer to change how a program runs on your computer only if you are certain the program is causing a problem. Once you open Software Explorer, you can select which category of programs you want to view or adjust.
• Microsoft SpyNet is the network of Windows Defender users that helps determine which programs are classified as spyware.
• SpyNet builds known signature files for commonly seen malware and finds malware that is new to the scene. It is recommended that you visit SpyNet to get acclimated with the site and the benefits it offers, and that you check back often for updates.