Microsoft Tests a Windows Defense
By Rob Pegoraro
Sunday, March 5, 2006; F07
When computing experts say you should never try out beta-test versions of any system-utility software, they're almost always right. A bug in a program that lives in the core of a PC's software could lead to a complete meltdown, not just the usual crashes.
So what's something called Windows Defender (Beta 2) doing on Microsoft's home page, atop the "Popular Downloads" list?
Microsoft first released this free anti-spyware tool as "Windows AntiSpyware" in January 2005, a month after it bought the program's developer, Giant Software Co. After 13 months of development, a few revisions and one name change, this program still isn't finished-- but in that time, Windows Defender has persuaded many users to disregard the rule about beta system utilities.
I can see why. By policing how new programs try to modify Windows, Defender has swatted away much of the spyware I've thrown at it while staying out of the way otherwise. (The unwanted programs it couldn't evict defied the efforts of competing spyware removers, too.)
And it provides something horribly overdue in Windows: a simple way to inspect all the software active on a computer, including those normally hidden from view.
Plus, Windows Defender is a free security tool from Microsoft, the company whose design decisions made it so easy for spyware to invade Windows in the first place. It only seems right for Microsoft to make amends in this way.
Defender is no panacea -- the name alone oversells an application lacking anti-virus or firewall defenses. But it's a sensible way to help keep a Windows 2000 or XP PC free of hidden programs tossing up ads (adware) or tracking your online habits (spyware).
Downloading Defender ( http://www.microsoft.com/windowsdefender ) involves one brief annoyance; you must verify that you're not using a stolen copy of Windows by running a small program, either in your browser or from your hard drive. From then on, it's a quick, restart-free process to install this program, update its spyware database and scan your computer.
As it has revised Defender over the past year, Microsoft has steadily pared away its interface. Its main screen now features a total of nine buttons -- worlds simpler than most competitors.
Unfortunately, you'll have to dig a little deeper to get Defender in its most secure state. It comes preset to grant you veto power only over the actions of known offenders, a take-candy-from-strangers approach that invites trouble. (Older versions of Defender were more aggressive about this.) Click the Tools icon, then select General Settings to fix that oversight.
On a clean PC, Defender stays invisible except when it updates itself and scans the system overnight. Unlike most spyware removers, it correctly distinguishes between browser cookies set by advertising sites-- tiny, easily blocked, inert text files that can't do anything on their own-- and live software code.
If you download from the Web's sketchier sources, Defender will act, depending on when it identifies a new program as spyware. It can flag some as they download, but others go unnoticed until their installers try to force-feed code into the guts of Windows.
For example, Defender blocked downloads of the Kazaa and BearShare file-sharing programs and the Zango "search assistant." But an instant-messaging program bundling the same Zango software went unnoticed until its setup started. The same happened with a screensaver harboring the "Best Offers Direct" spyware (unlike an earlier Defender release a few months ago). But after a few system scans and reboots, Defender reported the system clean; other anti-spyware tools agreed.
Then, to simulate the stupidest behavior possible, I visited a site advertising pirated copies of computer games and invited it to install a strange ActiveX program in Internet Explorer. This time, Defender first did nothing, then threw up a flurry of dialog boxes as it tried to remove the junk spawned by this download.
Restart followed restart as Defender kept finding new instances of this "Look2Me" spyware. Once or twice, it gave a "no unwanted or harmful software detected" verdict even as new ads popped up.
But one of the most popular spyware removers, the usually effective Spybot Search & Destroy, also gave this computer a thumbs-up. Neither that nor any other program I tried could expel this nuisance; after several hours I wiped the hard drive and reinstalled Windows.
You'd be foolish to rely on Windows Defender alone to rid Windows of spyware. But you'd be about as foolish to rely on any other single anti-spyware utility.
Keep a few on hand, but also use your own common sense and switch to safer software-- like the Firefox and Opera Web browsers, which lack the ActiveX feature exploited by the pirated-games site.
Or you could just get a Mac.
Even Windows users who can stay out of trouble on their own can benefit from Defender, however. With the change in its settings outlined above, this program makes it easy to restrain many installers' pushy habits -- for instance, the 11 system-setting changes Yahoo Music Engine's setup makes, most unrelated to playing digital music.
Meanwhile, Defender's Software Explorer (in its Tools screen) offers a helpful view of what's active on your computer. It lists all the programs running now, those that launch at start-up and those that connect to the Internet -- providing not just the usual cryptic file names ("S24EvMon.exe"), but also their full names, their developers' names, whether they belong to Windows, when they were installed and so on. You can shut down or disable most of these programs with one click -- though removing them may take a trip to the Add or Remove Programs control panel.
Microsoft says Windows Defender will be built into Windows Vista, the replacement for XP due this fall; I'd expect to see a finished version of Defender for XP and 2000 by then. But the spyware problem in Windows is a mess now, and Defender can help remedy that. It would be a mistake to ignore it just because of the "Beta" in its name.
