Windows Defender, officially called Windows Defender Antivirus in Windows 10 Creators Update, is an anti-malware component of Microsoft Windows. It was first released as a free antispyware program download for Windows XP, shipped with Windows Vista and Windows 7 and made into a full antivirus program replacing Microsoft Security Essentials as part of Windows 8 and later versions.
Video Windows Defender
Basic features
Before Windows 8, Windows Defender protected against spyware. It included a number of real-time security agents that monitored several common areas of Windows for changes which might have been caused by spyware. It also included the ability to easily remove installed ActiveX software. Windows Defender featured integrated support for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their system. Protection against viruses was added in Windows 8; Windows Defender in Windows 8 resembles Microsoft Security Essentials (MSE) and uses the same virus definitions.
In Windows 10, Windows Defender settings are controlled by the Settings app, and the Settings button opens the Settings app. In the Windows 10 Anniversary Update, toast notifications appear to announce the results of a scan, even if no viruses are found. The same update introduced a new flat logo.
Maps Windows Defender
History
Beta
Windows Defender is based on GIANT AntiSpyware, which was originally developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004. While the original GIANT AntiSpyware supported older Windows versions, support for the Windows 9x line of operating systems was later dropped.
The first beta version of Microsoft AntiSpyware was released on January 6, 2005, and was basically a repackaged GIANT AntiSpyware. More builds were released in 2005, with the last Beta 1 refresh released on November 21, 2005.
At the 2005 RSA Security conference, Chief Software Architect and co-founder of Microsoft, Bill Gates, announced that Windows Defender (which was known as Microsoft AntiSpyware prior to November 4, 2005) would be made available free of charge to all validly licensed Windows 2000, Windows XP, and Windows Server 2003 users to help secure their systems against the increasing malware threat.
Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a significant user interface redesign. The core engine was rewritten in C++, unlike the original GIANT-developed one, which was written in Visual Basic. This improved the application's performance. Also, since beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the computer even when a user is not logged on. Beta 2 also requires Windows Genuine Advantage validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1); Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including HTTP cookies, web cache, and Windows Media Player playback history. Microsoft later released German and Japanese versions of Windows Defender (Beta 2).
General availability
On October 24, 2006, Microsoft released Windows Defender. It supports Windows XP and Windows Server 2003; however, unlike the betas, it does not run on Windows 2000.
Conversion to antivirus
Windows Defender was released with Windows Vista and Windows 7, serving as their built-in antispyware component. In Windows Vista and Windows 7, Windows Defender was superseded by Microsoft Security Essentials, an antivirus product from Microsoft which provided protection against a wider range of malware. Upon installation, Microsoft Security Essentials disabled and replaced Windows Defender. In Windows 8, Microsoft upgraded Windows Defender into an antivirus program very similar to Microsoft Security Essentials for Windows 7 and using the same virus definition updates. MSE itself does not run on Windows versions beyond 7. In Windows 8 and Windows 10, Windows Defender is on by default. It switches itself off upon installation of a third-party anti-virus package.
Starting with Windows 10, Microsoft began to transfer the control of Windows Defender out of its native client. Initially, its "Settings" dialog box was replaced by dedicated page in the Settings app. In Windows 10 Creators Update, Windows Defender is renamed Windows Defender Antivirus to distinguish it from Windows Defender Security Center. The latter has become the default avenue to interface with Windows Defender. While there is no shortcut on the Start menu for Windows Defender's native client, it can still run.It was latter removed in Windows 10 Spring Creators Update and transferred to Windows Defender Security Center.
Advanced features
- Real-time protection
- In the Windows Defender options, the user can configure real-time protection options.
- Browser integration
- Integration with Internet Explorer and Microsoft Edge enables files to be scanned as they are downloaded to detect malicious software inadvertently downloaded. Although it does not integrate with non-Microsoft web browsers, Windows Defender scans for malicious downloaded files as part of its real-time protection.
Windows 10's Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed. It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.
Windows Vista-specific functionality
Windows Defender had additional functionality in Windows Vista which was removed in subsequent versions of Windows:
- Security agents
- Security agents monitor the computer for malicious activities.
- Auto Start - Monitors lists of programs that are allowed to automatically run when the user starts the computer
- System Configuration (settings) - Monitors security-related settings in Windows
- Internet Explorer Add-ons - Monitors programs that automatically run when the user starts Internet Explorer
- Internet Explorer Configurations (settings) - Monitors browser security settings
- Internet Explorer Downloads - Monitors files and programs that are designed to work with Internet Explorer
- Services and Drivers - Monitors services and drivers as they interact with Windows and programs
- Application Execution - Monitors when programs start and any operations they perform while running
- Application Registration - Monitors tools and files in the operating system where programs can register to run at any time
- Windows Add-ons - Monitors add-on programs for Windows
- Software Explorer
- The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and Winsock providers (Winsock LSPs). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by community members. The Software Explorer feature has been removed from Windows Defender in Windows 7.
- Notification of startup programs that run as an administrator
- Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered suspicious behavior for a startup item). This automatic blocking is related to the User Account Control functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in if they desire the item to run at startup.
- User interface
- In Windows Vista, it is possible to close the window and have the program run in the system tray while a scan is running. However, in Windows 7, this functionality was removed and the window must remain open while a scan is running.
Windows Defender Offline
Windows Defender Offline (formerly known as Standalone System Sweeper) is a bootable standalone antimalware program that runs from a bootable disk and is designed to scan infected systems while their operating systems are offline. Since Windows 10 Anniversary Update, offline functionality is integrated into the regular Windows Defender program.
Mitigated security vulnerability
On 5 May 2017, Tavis Ormandy, a vulnerability researcher for Google, discovered a security vulnerability in the JavaScript analysis module (NScript) of Microsoft Antimalware Engine (MsMpEngine) that impacted Windows Defender, Microsoft Security Essentials and System Center Endpoint Protection. By 8 May 2017, Microsoft had released a patch to all affected systems. Ars Technica commended Microsoft for its unprecedented patching speed and said that the disaster had been averted.
Reviews
During the December 2017 test of various antimalware software performed by AV-TEST on Windows 10 platform Windows Defender has earned 6 out of 6 points for detection of various malware samples, earning it "AV-TEST Certified" seal. Also, during February 2018 "Real-World Protection Test" by AV-Comparatives Windows Defender has achieved 100% detection rate of malicious URL samples, along with 3 "false positive" results.
See also
- Security and safety features new to Windows Vista
References
External links
- Microsoft Security Portal
Source of article : Wikipedia