http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en
Windows Defender, previously known as Microsoft AntiSpyware, is a software product from Microsoft designed to prevent, remove and quarantine spyware on Microsoft's Windows 2000, Windows XP, Windows Server 2003, and Windows Vista operating systems. It is an integrated component of Windows Vista and available as a free addon for previous supported versions of Microsoft Windows
Windows Defender is based on GIANT AntiSpyware, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004. While the original GIANT AntiSpyware supported older versions of Windows, support for the Windows 9x line of operating systems was dropped. However, Sunbelt Software, which was originally GIANT's partner, sells a product based in the same technology called Counterspy which still has support for older Microsoft operating systems.
At the 2005 RSA Security conference, Chief Software Architect and co-founder of Microsoft, Bill Gates, announced that Windows Defender (which was actually known as Microsoft AntiSpyware prior to November 4, 2005) will be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure Windows users world-wide against the increasing threat of malware. Microsoft's upcoming Windows Vista operating system will also have Defender included as an integrated part of the operating system, and will be enabled by default.
Windows Defender not only features scanning of the system similar to other free products on the market, but also includes a number of Real-Time Security Agents that monitor several common areas of Windows for changes which may be caused by spyware. It also includes the ability to easily remove ActiveX applications that are installed. Also integrated is support for Microsoft's SpyNet™ network, that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their system
Beta 1
The first release of Microsoft AntiSpyware was released in beta form on January 6, 2005 and was basically a repackaged GIANT AntiSpyware. It was then a free product (though only for genuine installations of Windows) and the word GIANT disappeared from the product. Few new features were added over the GIANT product; it was mainly a temporary re-branding release until it could be rewritten and rebranded. More builds were released as 2005 progressed, with the last Beta 1 refresh released on November 21, 2005.
[edit] Beta 2
Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a significant redesign, resulting in huge improvements. The core engine was rewritten in C++, unlike the original GIANT-developed one, which was written in Visual Basic [1]. This improved the performance of the application. Also, the program now works as a Windows service, unlike the earlier release, which enables the application to protect the computer even when a user is not logged on. Because of this, the Windows Defender application is technically an interface to the service, which is also called by the same name. In addition, the application now protects more points-of-entry than the original application, while providing a more streamlined and intuitive interface. Beta 2 also requires Windows Genuine Advantage validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). This consists of removed functionality of the System Explorer tool found in MSAS (Beta 1) and the Tracks Eraser tool, which allows the user to easily delete many different types of temporary files found in Windows, including cookies, temporary internet files, and Windows Media Player playing history. Microsoft recently released a German and Japanese version of Windows Defender (Beta 2).
[edit] RTM
On October 24, 2006, Microsoft announced the final release of Windows Defender.[1] It supports Windows XP and Windows Server 2003; however, unlike the betas, it does not support Windows 2000. Support for Windows 2000 was cut because at the time of RTM release, Windows 2000 was considered not to be "a popular consumer operating system" and had reached the end of its mainstream support period.[2] Despite all this, users have reported that the Installsheild package bundled with this release of Windows Defender contains an artificial rule that stops Windows Defender from installing on a Windows 2000 computer. The artificial condition contained in the installer is known as VersionNT > 500. (Windows 2000 is considered Windows NT 5.) This condition can be removed using an Installsheild editor such as Orca. Once removed from the Installsheild package, Windows Defender will run fine on Windows 2000
[edit] Real-time protection
In the Windows Defender Options you can configure the Real-time Protection options:
Auto Start - Monitors lists of programs that are allowed to automatically run when you start your computer
System Configuration (settings) - Monitors security-related settings in Windows
Internet Explorer Add-ons - Monitors programs that automatically run when you start Internet Explorer
Internet Explorer Configurations (settings) - Monitors browser security settings
Internet Explorer Downloads - Monitors files and programs that are designed to work with Internet Explorer
Services and Drivers - Monitors services and drivers as they interact with Windows and your programs
Application Execution - Monitors when programs start and any operations they perform while running
Application Registration - Monitors tools and files in the operating system where programs can register to run at any time
Windows Add-ons - Monitors add-on programs (also known as software utilities) for Windows
[edit] IE integration
There is integration with Internet Explorer which enables files to be scanned when they are downloaded to help ensure that one does not accidentally download malicious software. This implementation is similar to the real-time scanners of many Anti-Virus products on the market.
[edit] Software explorer
The Advanced Tools section allows users to discover potential vulnerabilities for themselves with a series of "Software Explorers". In Beta 1, users were able to browse downloaded ActiveX controls, running processes or Startup programs, Internet Explorer BHOs, settings or Toolbars, the Windows hosts file, Winsock LSPs or Shell Execute Hooks. Windows Defender has removed some of this capability, only providing views of startup programs, currently running software, and Windows sockets providers (Winsock LSPs). The explanation given for removing the ActiveX controls and Tracks Eraser functionality is that that functionality is now found in Internet Explorer 7.
In each explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites you to submit the program to SpyNet™ for analysis by experts.
[edit] Browser restore
The Browser Restore feature, a component of the previous version Microsoft AntiSpyware, allowed users to restore all or some of Internet Explorer's settings such as the default search engine back to the defaults. This will sometimes revert the changes made by browser hijackers, though further action is sometimes required.
[edit] Erase tracks
Microsoft AntiSpyware (Beta 1) contained a track erasing feature which could erase the usage history for various Microsoft and third-party applications. The extent to which such items are really erased is not documented. This feature however, was removed in Beta 2 and is unlikely to return.
[edit] Windows Vista specific functionality
Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered a bad behaviour for a startup item). There is no known easy way to automatically unblock these items, the only suggestion given is to "contact the software vendor for an updated version" which is Vista compatible (does not require administrator privileges to run). This automatic blocking is related to the UAC (User Account Control) functionality in Windows Vista, and requires the user to manually run each of these startup items each time they log in. If there is no updated version of the startup item, the only currently known way to circumvene this behavior is to disable UAC altogether (since this is also a UAC related functionality, disabling Windows Defender while not disabling UAC will not solve the issue).
http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/50360/50360.html
http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/50360/50360.html
Microsoft Corp.'s Windows AntiSpyware technology has been renamed "Windows Defender" and has been expanded to detect and remove rootkits, keystroke loggers and other forms of malware.
ADVERTISEMENT The revamped application will be bundled into the Windows Vista operating system, but users will be free to choose a competing spyware protection product from a redesigned Windows Security Center.
Jason Garms, group program manager for Microsoft's anti-malware technology team, made the announcement in a blog entry that also included confirmation that rootkit detection will be fitted into the product.
As previously reported, Microsoft will use rootkit detection technology from its Strider Ghostbuster research project.
Strider Ghostbuster is a prototype tool developed by Microsoft's Cybersecurity and Systems Management Research Group.
Click here to read more about Microsoft's rootkit detection technology.
"Our solution has really been about more than just the standard definition of spyware," Garms said.
"We've always said we will provide visibility and control, as well as protection, detection and removal from other potentially unwanted software, including rootkits, keystroke loggers and more."
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.
"Making the engineering change from 'Windows AntiSpyware' to 'Windows Defender' took a lot of careful coordination across our team to ensure that the strings in the UI got changed, the help files all got updated, registry keys, file names and properties, as well as a couple of images all got changed," Garms said.
The revamped product will be fitted with a new user interface and a significant change to the way malware signature updates are delivered.
Read more here about Microsoft's plans to bundle its anti-spyware software with Vista.
"The engine is now moved to a system service, and signatures are delivered over Windows Update. The detection mechanisms have also been radically improved by applying to spyware threats all the great detection technology we use in our anti-virus engine," Garms added.
Although the changes are being geared for Windows Vista, Garms said the enhancements will also be available to existing Windows XP users via a software refresh.
In Vista, users will be allowed to disable or turn off Windows Defender and install a third-party anti-spyware application.
The Vista Security Center will also be able to detect if an anti-spyware application such as Windows Defender is running and operating normally.
http://news.com.com/Windows+AntiSpyware+becomes+Defender/2100-7355_3-5937989.html