Programming4us
         
 
 
Windows

Windows Vista : Configuring Network Security - Windows Defender

12/29/2010 8:08:26 PM

Windows Defender, included with Windows Vista, helps users detect and remove known spyware and other potentially unwanted software. Windows Defender protects your computer with automated and real-time scanning and software removal.

Because spyware and other potentially unwanted software can try to install itself on your computer any time you connect to the Internet or when you install some programs, it is recommended that you have Windows Defender running whenever you use your computer.

Windows Defender offers three ways to help keep spyware and other potentially unwanted software from infecting your computer:

  • Real-time protection. Running in the background, Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer. It also alerts you when programs attempt to change important Windows settings.

  • Scanning options. You can use Windows Defender to actively scan your disks for spyware and other potentially unwanted software that might be installed on your computer and to automatically remove any malicious software that is detected during a scan (see Figure 1). Windows Defender can be set up to scan automatically according to a schedule or manually.

    Figure 1. Windows Defender.

  • SpyNet community. The online Microsoft SpyNet community helps you see how other people respond to software that has not yet been classified for risks.

You can also use Windows Defender to constantly monitor your system to offer real-time protection. The real-time protection uses nine security agents to monitor the critical areas of your computer that spyware may attack. Then, an agent detects potential spyware activity, it stops the activity, and raises an alert. The agents include the following:

  • Microsoft Internet Explorer Configuration. Monitors browser security settings so that they do not get changed by spyware.

  • Internet Explorer Downloads. Monitors files and applications that work within Internet Explorer, such as ActiveX controls and software installation applications to make sure spyware is not being installed with the files and applications.

  • Internet Explorer Add-Ons (Browser Helper Objects). Monitors browser applications that automatically run when you start Internet Explorer to make sure that these programs are not spyware.

  • Auto Start. Monitors applications that start when Windows starts to verify that these applications are not spyware.

  • System Configuration. Monitors Windows hardware and security settings to make sure they do not get changed by spyware.

  • Services and Drivers. Monitors services and drivers to make sure that spyware does not use them to access the computer.

  • Windows Add-Ons. Monitors add-on applications, also known as software utilities, that integrate with Windows.

  • Application Execution. Monitors applications to make sure that spyware does not use software application vulnerabilities to access a computer.

  • Application Registration (API Hooks). Monitors files and tools in the operating system to make sure that they do not open up applications or other files that contain spyware.

When you choose automatic scanning, you can choose the type of scan that you would like to perform:

  • Quick Scan. Checks areas on a hard disk that spyware is most likely to infect.

  • Full Scan. Checks all critical areas, all files, the registry, and all currently running applications.

  • Custom Scan. Allows you to scan specific drives and folders.


When you perform a scan, you can configure what Windows Defender will do when it identifies unwanted software (see Figure 2). The actions include the following:

  • Ignore. Windows Defender does not take any action, and the next scan will detect the item again.

  • Quarantine. Windows Defender places identified unwanted software in quarantine, which allows you to determine whether it is spyware.

  • Remove. Windows Defender removes the item from the system.

  • Always Allow. Windows Defender will not take any action and will stop detecting the item in future scans.

Figure 2. Configuring Windows Defender options.


To prevent Windows Defender from automatically taking the recommended action, such as quarantining or removing software, you need to clear the Apply Default Actions to Items Detected During a Scan option. As a result, Windows Defender will recommend an action to take for detected malicious software.

Similar to antivirus software, Windows Defender uses a definition database that lists and details the characteristics of known spyware. When software is identified as spyware, it removes the software. Like antivirus software, the definition database becomes out of data as new spyware is introduced. Therefore, you must update the database regularly for it to be effective.

To help keep your system from being compromised, Windows Defender will scan all startup items, including those specified in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Exam Alert

You can use Windows Defender to view which items load during startup and easily disable any programs that you don’t recognize.


To view all programs that are set to run at startup, click the Tools button, and then click the Software Explorer option to view all programs that are set to run at startup (see Figure 3). This enables you to view several categories of software, including what is running at that time and what is set to run at startup. For each application set to run at startup, there is additional information, including the startup type, so you can identify the mechanism used to start it, such as the registry.

Figure 3. Using Software Explorer in Windows Defender.


By deleting the correct program in Windows Defender, you prevent the program from starting whenever Windows starts. Therefore, you should open Windows Defender and remove any unfamiliar programs whose startup type is set to Registry: Local Machine.

Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run. Because this feature is related to the User Account Control (UAC) functionality in Windows Vista, and requires the user to manually run each of these startup items each time he logs in, if you cannot get an update to the software that allows a startup item to run without being an administrator, you need to disable UAC altogether.


To turn Windows Defender on or off, follow these steps:

1.
Open Windows Defender by clicking the Start button, All Programs, and then clicking Windows Defender.

2.
Click Tools, Options.

3.
Under Administrator options, select or clear the Use Windows Defender check box, and then click Save. If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.

To turn Windows Defender real-time protection on or off, follow these steps:

1.
Open Windows Defender by clicking the Start button, All Programs, and then clicking Windows Defender.

2.
Click Tools, Options.

3.
Under Real-time Protection options, select the Use Real-Time Protection (Recommended) check box.

4.
Select the options you want. To help protect your privacy and your computer, we recommend that you select all real-time protection options.

5.
Under Choose If Windows Defender Should Notify You About, select the options you want, and then click Save. If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.

If you trust software that Windows Defender has detected, you can stop Windows Defender from alerting you to risks that the software might pose to your privacy or your computer. To stop being alerted, you need to add the software to the Windows Defender allowed list. If you decide that you want to monitor the software again later, you can remove it from the Windows Defender allowed list at any time.

To add an item to the allowed list, follow these steps:

1.
The next time Windows Defender alerts you about the software, on the Action menu in the Alert dialog box, click Always Allow.

2.
If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.

To remove an item from the allowed list, follow these steps:

1.
Open Windows Defender by clicking the Start button, All Programs, and then clicking Windows Defender.

2.
Click Tools, Allowed Items.

3.
Select the item that you want to monitor again, and then click Remove From List.

4.
If you are prompted for an administrator password or confirmation, enter the password or provide confirmation.
Other -----------------
- Windows 7: Managing Your Hardware with Device Manager (part 4) - Writing a Complete List of Device Drivers to a Text File
- Windows 7: Managing Your Hardware with Device Manager (part 3) - Configuring Windows to Ignore Unsigned Device Drivers
- Windows 7: Managing Your Hardware with Device Manager (part 2) - Working with Device Drivers
- Windows 7: Managing Your Hardware with Device Manager (part 1)
- SOA with .NET and Windows Azure: WCF Extensions - WCF Transactions (part 2)
- SOA with .NET and Windows Azure: WCF Extensions - WCF Transactions (part 1)
- Windows 7: Recovering from a Problem
- Windows 7: Troubleshooting Tools (part 3) - Checking for Solutions to Problems
- Windows 7: Troubleshooting Tools (part 2) - Running the Memory Diagnostics Tool
- Windows 7: Troubleshooting Tools (part 1) - Running the Windows 7 Troubleshooters
- Windows Vista : User Account Control
- Windows 7 : Troubleshooting Strategies - Determining the Source of a Problem (part 3)
- Windows 7 : Troubleshooting Strategies - Determining the Source of a Problem (part 2)
- Windows 7 : Troubleshooting Strategies - Determining the Source of a Problem (part 1)
- Windows 7 : Enabling MAC Address Filtering
- Windows 7 : Changing the Default SSID
- Windows 7 : Disabling Network SSID Broadcasting
- Windows 7 : Encrypting Wireless Signals with WPA
- Windows 7 : Positioning the Access Point for Maximum Security
- SOA with .NET and Windows Azure : WCF Extensions - WCF Security
 
 
Most View
- Windows Small Business Server 2011 : Sharing Printers - Deploying Printers on Clients
- BizTalk 2010 Recipes: Business Rules Framework - Creating Facts
- Windows Server 2008 : Configuring FTP (part 5)
- Windwos Server 2008 : Recovering from a Server or System Failure (part 3)
- Windows 7 : Setting Up User Security - Closing Off Your Computer by Disabling All Other Users
- SQL Server 2008: Security and User Administration - Managing Permissions
- Introducing Windows Small Business Server 2011: Why Use Windows SBS 2011?
- Security Management in the Cloud - Availability Management
- SQL Server 2008 : Transparent Data Encryption
- Microsoft ASP.NET 3.5 : AJAX-Enabled Web Services - Implementing the AJAX Paradigm
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS