Section 10.3. Windows Defender: All Versions


10.3. Windows Defender: All Versions

Spyware is software that you don't know you have. You usually get it in one of two ways. First, a Web site may try to trick you into downloading it. You'll see what looks like an innocent button in what's actually a phony Windows dialog box, or maybe you'll get an empty dialog boxand clicking the Close box actually triggers the installation.

Second, you may get spyware by downloading a program that you do want"cracked" software (commercial programs whose copy protection has been removed) is a classic examplewithout realizing that a secret program is piggybacking on the download.

Once installed, the spyware may make changes to important system files, install ads on your desktop (even when you're not online) or send information about your surfing habits to a Web site that blitzes your PC with pop-up ads related in some way to your online behavior.

Spyware can do much damage beyond simply tracking what you do on the Internet. It can, for example, hijack your home page or search page, so every time you open your browser, you wind up at a Web page that incapacitates your PC with a blizzard of pop-ups. Keylogger spyware can record all of your keystrokes, passwords and all, and send them to a snooper.

POWER USERS' CLINIC
A More Powerful Way to Customize the Firewall

The Windows Firewall Settings screen gives you a good deal of control over how the Windows Firewall works. But it governs only inbound network traffic, not outbound. It also offers no way to create a log (a text-file record) of all attempts to contact your PC from the network or the Internet, which can be handy when you suspect that some nasty hacker has been visiting you in the middle of the night.

There is, however, an even more powerful Firewall control panel. In an effort to avoid terrifying novices, Microsoft has hidden it, but it's easy enough to open. It's called the Windows Firewall With Advanced Security applet.

To fire it up, type wf.msc into the Start menu's Search box, and then double-click the result. It lets you customize outbound as well as inbound connections. You can also make Windows Firewall create a log of all its activities, which you can later read using Notepad or another text editor.


Fortunately, Microsoft has provided, in Windows Vista, its first-ever anti-spyware program. It's called Windows Defender (Control Panel Security Windows Defender).


Note: Defender used to be called Microsoft AntiSpyware. Microsoft changed the name because Defender not only scans your PC looking for spyware, just like several free programs, but also monitors important corners of the operating system that are common spyware targets. The watched areas include startup programs, system preference settings, Internet Explorer settings and downloads, and so on.
UP TO SPEED
Is It Spyware or Adware?

Spyware has a less-malignant cousin called adware, and the line between the two types is exceedingly thin.

Adware is free software that displays ads (the free version of Eudora, for example). In order to target those ads to your interest, it may transmit reports on your surfing habits to its authors. (Windows Defender doesn't protect against adware.)

So what's the difference between adware and spyware? If it performs malicious actions, like incapacitating your PC with pop-ups, it's spyware for sure.

Proponents of adware say, "Heywe've gotta put bread on our tables, too! Those ads are how you pay for your free software. Our software doesn't identify you personally when it reports on your surfing habits, so it's not really spyware."

But other people insist that any software that reports on your activities is spyware, no matter what.


Windows Defender protects you against spyware in two ways. First, it's a kind of silent sentinel that sits in the background, watching your system. When it detects a piece of spyware trying to install itself, Defender zaps it. Second, it scans your hard drive for infections every day, and removes what it finds.

You don't need to do anything to turn Windows Defender on. It runs every time you start Windows. And every night at 2 a.m., if your PC is turned on, Defender scans your system, killing any spyware it finds.

To see Windows Defenders' recent activities, select Control Panel Security Windows Defender, as shown in Figure 10-4. At a glance, youll see if your PC is safe.

Figure 10-4. This screen tells when you last scanned for spyware, whether Defender found any spyware, and your daily scanning schedule. Pay particular attention to the "Definition version." This tells you how up-to-date your spyware definitions are. If they're more than a week old, use Windows Update (Chapter 20) to get the latest definitions .


Most of the time, Windows Defender doesn't find any spyware. If it ever does, Windows lets you know. An alert message pops up and asks if you want to allow the questionable software to keep working, or instead remove it. Here's how you should respond:

  • If the alert level is Severe, High, or Medium , let Windows Defender remove the spyware immediately.

  • If the alert level is Low , read the message for details. If you don't like what you read, or if you don't recognize the publisher of the software, tell Windows Defender to block or remove the software.

  • Not yet classified generally denotes a harmless program. If you recognize the software's name, let it run normally. If not, search the program's name with Google to help you decide whether to let it run or not.

For basic operations, that's all you need to know about Windows Defender. But there's a lot more you can dig into, and it's worthwhile to explore it. Across the top of the screen, you'll see four links: Home, Scan, History, and Tools. You know all about Home already; it's where you are when you first run the program, as shown in Figure 10-4. Here's what you need to know about the rest:

10.3.1. Scan

This link scans your PC for spyware. Click it to start a scan, or click the button to change the kind of scan. Your choices:

  • Quick Scan is what Windows Defender does every night. It scans those parts of your PC most likely to be infected by spyware, plus any programs you're currently running. (Why would you run a Quick Scan if it already ran last night? Maybe because you've just installed a piece of software, or you've visited a dubious Web site.)

  • The Full Scan is more thoroughgoing; it looks at every single file on all of your hard disks, as well as any programs currently running. If you suspect you've been infected by spyware, run the Full Scan to whack it. It takes considerably longer than a Quick Scan.

  • The Custom option lets you specify which folders you want to scan, just in case you think spyware might be lurking in a non-obvious spot.

10.3.2. History

This tab offers a log of all the actions Windows Defender has taken (Figure 10-5). For each program it's taken action on, it lists the name, the alert level, the action it took, the date, and whether the action was successful. Click a listing to find out more details about it, like its location, file name, and description of why Defender considered the program suspicious.

Figure 10-5. Windows Defender shows you all the actions it's taken. Most of what you'll see in its history are decisions to permit software to continue to function, because the programs don't appear to be malicious. Shown here is what it did when confronted with Avast antivirus softwarelet it keep working .


Techies will be glad to see more rarefied information here, such as the Registry key each program uses.

10.3.3. Tools

Here's where Microsoft has assembled Windows Defender's advanced tools:

  • Options . Schedule how and when Windows Defender should run, and what actions it should take when it comes across suspicious software, among other options.

    The factory setting is to scan your system every night at 2 a.m. Of course, there's a good chance your PC won't be turned on at that hourso use these options to specify a time when your PC is turned on.

    You can also select a Quick Scan or Full Scan. It's set to Quick Scan, but if you set it to run at a time when you're not using the PC, it can't hurt to set it to do a Full Scan. This section also lets you specify what Defender should do when it comes across high-, medium-, and-low alert items. "Default action," which tells Defender to use its own judgment, is the best setting.

  • Quarantined items . When Defender finds spyware, it puts the offending software into a quarantined area where it can't do any more harm. This tab lets you see the quarantined software, delete it, or restore it (take it out of quarantine). In general, restoring spyware is a foolhardy move.

  • Allowed items . If Defender announces that it's found a potential piece of malware, but you allow it to run anyway, it's considered an Allowed Item. From now on, Defender ignores it, meaning that you trust that program completely. Allowed programs' names appear on this list.

    If you highlight a program's name and then click Remove From List, it's gone from the Allowed list, and therefore Defender monitors it once again.

  • Software Explorer . This area (Figure 10-6) is primarily for experts who want to take a detailed look at the programs on your PC and remove any that look suspicious.

    Figure 10-6. Plenty of programs configure themselves to run automatically every time you start Windows, but they don't bother to tell you that. This can bog your system down. Software Explorer is a great way to hunt down these programs down. Disable any you don't want to run on startup. You'll still be able to run the program manually, so it won't interfere with running the program whenever you want .


    From the drop-down list, choose the category of programs you want to examine, like Startup Programs. Click anything in the list to read the name of its publisher, a description, the executable file that runs itenough details to make your head spin. You can click Remove, Disable, or (if you've already disabled something but want to allow it to run again) Enable. (If these buttons are dimmed, click Show For All Users first.)

  • Microsoft SpyNet . One of Defender's most potent tricks is learning about emerging spyware types from the Microsoft SpyNet network, which harnesses the collective wisdom of Vista fans all over the Internet.

    Suppose, for example, that Windows Defender can't determine whether or not some new program is spyware. It can send out an online feeler to see how people in the network have handled the same programfor example, if other Vista fans removed it (having determined that it's spyware)and then use what it finds out to handle your own copy of that program.

    Microsoft says that all of this information is anonymous. If you're OK with that, you can opt in to the SpyNet community here.

    POWER USERS' CLINIC
    Data Execution Prevention

    One of Windows Vista's new security features, Data Execution Prevention (DEP), isn't well-known, but it protects you against a variety of threats. It monitors important Windows services (background programs) and programs to make sure that no virus has hijacked them to your PC from within its own system memory. If DEP finds out an attack is underway, it automatically closes the offending service or program.

    DEP comes set to protect only Windows itselfnot other programs. You can, though, ask DEP to monitor every program on your system, or programs that you specify. The upside is better protection; the downside is that DEP could conflict with those programs, causing them to run erratically or not at all. In such cases, though, you can always turn off DEP protection for the affected programs.

    (Note: If DEP suddenly starts interfering with important Windows files and features, a recently installed program could be at fault. Try uninstalling it, or inquire if the publisher has a DEP-friendly version; that may solve the problem.)

    To turn on DEP for some or all programs, open Control Panel System and Maintenance System "Advanced system settings." In the Performance section, click Settings, and then click the Data Execution Prevention tab, shown here. Select "Turn on DEP for all programs and services except those I select," then click OK.

    Should you find that DEP interferes with a program, click Add, then follow the directions for selecting it.

    Incidentally, at the bottom of the Data Execution Prevention screen, you can see whether or not your PC offers DEP circuitry , which reduces its speed impact. If not, Windows runs a software-based version of DEP.


  • Windows Defender website . This link takes you to the Windows Defender site, which contains a few moderately useful help resources about spyware.




Windows Vista. The Missing Manual
Windows Vista: The Missing Manual
ISBN: 0596528272
EAN: 2147483647
Year: 2006
Pages: 284
Authors: David Pogue

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net