Thwarting Spyware with Windows Defender

Previous page
Table of content
Next page

I've been troubleshooting Windows PCs for many years. It used to be that most problems were caused by users accidentally deleting system files or making ill-advised attempts to edit the Registry or some other important configuration file. Recent versions of Windows (particularly XP) could either prevent these kinds of PEBCAK (Problem Exists Between Chair and Keyboard) issues or recover from them without a lot of trouble. However, I think we're all too well aware of the latest menace to rise in the past few years, and it has taken over as the top cause of desperate troubleshooting calls I receive: malware, the generic term for malicious software such as viruses and Trojan horses. The worst malware offender by far these days is spyware, a plague upon the earth that threatens to deprive a significant portion of the online world of its sanity. As often happens with new concepts, the term spyware has become encrusted with multiple meanings as people attach similar ideas to a convenient and popular label. However, spyware is generally defined as any program that surreptitiously monitors a user's computer activitiesparticularly the typing of passwords, PINs, and credit card numbersor harvests sensitive data on the user's computer, and then sends that information to an individual or a company via the user's Internet connection (the so-called back channel) without the user's consent.

You might think that having a robust firewall between you and the bad guys would make malware a problem of the past. Unfortunately, that's not true. These programs piggyback on other legitimate programs that users actually want to download, such as file-sharing programs, download managers, and screen savers. This downloading and installation of a program without the user's knowledge or consent is often called a drive-by download. This is closely related to a pop-up download, the downloading and installation of a program after the user clicks an option in a pop-up browser window, particularly when the option's intent is vaguely or misleadingly worded.

To make matters even worse, most spyware embeds itself deep into a system, and removing it is a delicate and time-consuming operation beyond the abilities of even experienced users. Some programs actually come with an Uninstall option, but it's nothing but a ruse, of course. The program appears to remove itself from the system, but what it actually does is a covert reinstallit reinstalls a fresh version of itself when the computer is idle.

All this means that you need to buttress your firewall with an antispyware program that can watch out for these unwanted programs and prevent them from getting their hooks into your system. In previous versions of Windows, you needed to install a third-party program. However, Windows Vista comes with an antispyware program called Windows Defender (formerly Microsoft AntiSpyware).

You open Windows Defender using any of the following methods:

  • From the Control Panel home, click Security and then Windows Defender. (If you're using Control Panel Classic, double-click the Windows Defender icon.)

  • Click Start, All Programs, Windows Defender.

  • Double-click the Windows Defender icon in the taskbar's notification area.

Whichever method you use, you end up at the Windows Defender Home screen, shown in Figure 6.7. This window shows you the date, time, and results of your last scan, as well as the current Windows Defender status.

Figure 6.7. Windows Defender removes spyware from your system and keeps your system safe by preventing spyware installations.


Spyware Scanning

Windows Defender protects your computer from spyware in two ways: It can scan your system for evidence of installed spyware programs (and remove or disable those programs, if necessary), and it can monitor your system in real time to watch for activities that might be caused by spyware (such as a drive-by download or data being sent via a back channel).

For the scanning portion of its defenses, Windows Defender supports three different scan types:

  • Quick Scan This scan checks just those areas of your system where evidence of spyware is likely to be found. This scan usually takes just a couple of minutes.

  • Full System Scan This scan checks for evidence of spyware in system memory, all running processes, and the system drive (usually drive C:), and it performs a "deep scan" on all folders. This scan might take 30 minutes or more, depending on your system.

  • Select Drives and Folders This scan checks just the drives and folders that you select. The length of the scan depends on the number of locations you select and the number of objects in those locations.

The Quick scan is the default, and you can initiate one at any time by clicking the Scan link. Otherwise, pull down the Scan menu and select Quick Scan, Full Scan, or Custom Scan, the last of which displays the Select Scan Options page shown in Figure 6.8.

Figure 6.8. In the Scan menu, select Custom Scan to see the Select Scan Options page.


Windows Defender Settings

By default, Windows Defender is set up to perform a Quick scan of your system every morning at 2:00 a.m. To change this, click Tools, and then click Options to display the Options page shown in Figure 6.9. Use the controls in the Automatic Scanning section to specify the scan frequency time and type.

Figure 6.9. Use the Options page to set up a spyware scan schedule.


The rest of the Options page offers options for customizing Windows Defender. There are four more groups (most of which you can see in Figure 6.10):

  • Default Actions Set the action that Windows Defender should take if it finds alert items (potential spyware) in the High, Medium, and Low categories: Signature Default (Windows Defender's default action for the detected spyware), Ignore, or Remove.

  • Real-Time Protection Options Enables and disables real-time protection. You can also toggle security agents on and off. Security agents monitor Windows components that are frequent targets of spyware activity. For example, activating the Auto Start security agent tells Windows Defender to monitor the list of startup programs to ensure that spyware doesn't add itself to this list and run automatically at startup.

    Tip

    Windows Defender will often warn you that a program might be spyware and ask whether you want to allow the program to operate normally or to block it. If you accidentally allow an unsafe program, click Tools, Allowed Items; select the program in the Allowed Items list and then click Clear. Similarly, if you accidentally blocked a safe program, click Tools, Quarantined Items; select the program in the Quarantined Items list; and then click Restore.


  • Advanced Options Use these options to enable scanning inside compressed archives and to prevent Windows Defender from scanning specific folders.

  • Administrator Options This section has a check box that toggles Windows Defender on and off, and another that, when activated, allows non-Administrators to use Windows Defender.

Figure 6.10. The rest of the General Settings page contains options for customizing various aspects of Windows Defender.




Previous page
Table of content
Next page
Microsoft Windows Vista Unveiled
Microsoft Windows Vista Unveiled
ISBN: 0672328933
EAN: 2147483647
Year: 2007
Pages: 122
Authors: Paul McFedries
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Programming Microsoft ASP.NET 3.5
Special Edition Using FileMaker 8
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy