Windows Defender

It’s historic. It’s amazing. After all these decades, Microsoft has finally built free antivirus software right into Windows. Thanks to Defender, you have no more excuse not to protect your PC. The X on the system-tray nag flag (), complaining that your PC is unprotected, will go away.

Important

Most new PCs come with aggressive, in-your-face trial versions of commercial antivirus programs like Norton and McAfee—programs that require an annual fee forever. Those companies may not like it, but you don’t need them. Windows Defender does a perfectly good job, and you already have it.

But to pacify the Nortons and McAfees of the world, Microsoft agreed to let PC companies ship new PCs with Defender turned off. So if you want Defender to defend you, you should (a) uninstall the Norton or McAfee trial version so it’ll quit bugging you, and then promptly (b) turn Defender on. To do that, open Windows Defender as described below; you’ll see the big, red “Turn on” button staring you in the face on the Home tab.

The antivirus portion of this program used to be called Microsoft Security Essentials, and you had to download it separately. (Security Essentials no longer works in Windows 8, but of course you don’t need it now.) There was something called Windows Defender in Windows 7, but it protected you only from spyware, not from viruses. In Windows 8, Defender protects you from both threats—both kinds of malware.

Malware is software you don’t know you have: viruses and spyware. You usually get it in one of two ways. First, a Web site may try to trick you into downloading it. You see what looks like an innocent button in what’s actually a phony Windows dialog box, or maybe you get an empty dialog box—and clicking the Close button actually triggers the installation.

Second, you may get spyware or viruses by downloading a program you do want—“cracked” software (commercial programs whose copy protection has been removed) is a classic example—without realizing that a secret program is piggybacking on the download.

Once installed, the malware may make changes to important system files, install ads on your desktop (even when you’re not online) or send information about your surfing habits to a Web site that blitzes your PC with pop-up ads related in some way to your online behavior.

Spyware can do things like hijacking your home page or search page so that every time you open your browser, you wind up at a Web page that incapacitates your PC with a blizzard of pop-ups. Keylogger spyware can record all your keystrokes, passwords and all, and send them to a snooper.

Figure 14-1. If Windows Defender ever does discover an infection, a system-tray balloon pops up to let you know. You’ll be able to click “Clean computer” to wipe out the virus or “Show details” to read about the infection.

Like any good antivirus program, Defender (Figure 14-1) has two functions: real-time scanning and on-demand scanning.

Real-Time Protection

Defender watches over your PC constantly, as a barrier against new infections of viruses and spyware. Each day, the program auto-downloads new definitions files—behind-the-scenes updates to its virus database, which keep it up to date with the latest new viruses that Microsoft has spotted in the wild.

Note

The Update tab shows you what definitions database you’ve got and offers a big fat Update button to download the latest one right now.

If it recognizes a virus or a piece of spyware on your PC, Defender generally zaps it automatically. Occasionally, it asks if you want to allow the questionable software to keep working, or instead remove it.

On-Demand Scanning

Defender also has a scanning function that’s designed to clean out infections you already have (a feature that, thank heaven, you’ll rarely need).

Ordinarily, the program scans your PC continuously. But if you’re feeling a little antsy, you can also trigger a scan manually.

To do that, on the Home tab, specify what you want it to check out for you:

• Quick. Scans the most vulnerable parts of your system software, in an effort to save time.

• Full. A full scan of everything on your hard drive. As you’d guess, this can take a long time.

  UP TO SPEED: Is It Spyware or Adware?

  Spyware has a less-malignant cousin called adware, and the line between the two types is exceedingly thin.

  Adware is free software that displays ads (the free version of Eudora, for example). In order to target those ads to your interests, it may transmit reports on your surfing habits to its authors. (Windows Defender doesn’t protect against adware.)

  So what’s the difference between adware and spyware? If it performs malicious actions, like incapacitating your PC with pop-ups, it’s spyware for sure.

  Proponents of adware say, “Hey—we’ve gotta put bread on our tables, too! Those ads are how you pay for your free software. Our software doesn’t identify you personally when it reports on your surfing habits, so it’s not really spyware.”

  But other people insist that any software that reports on your activities is spyware, no matter what.

• Custom. This feature lets you scan one particular disk, folder, or file—something you just got as an email attachment, for example. When you click Custom and then “Scan now,” you’re shown a checkbox hierarchy of your entire computer. Expand the disks and folders until you can turn on the exact items you want scanned; then click OK to start the scan.

Tip

Similarly, you can exclude certain disks, folders, kinds of files, or open programs from the usual automated scanning—to shut Defender up, for example, when it keeps complaining about a certain item that you know is pristine. On the Settings tab, click “Excluded files and locations,” “Excluded file types,” or “Excluded processes” (meaning programs) to specify what you want omitted. Once you’ve set things up, click “Save changes” (and authenticate if necessary).

When Defender Strikes

When Defender finds spyware, it puts the offending software into a quarantined area where it can’t do any more harm. On the History tab, you can see the quarantined software, delete it, or restore it (take it out of quarantine). In general, restoring spyware and viruses is a foolhardy move.

Here’s what you see on the History tab:

• Quarantined items. Click this button and then “View details.” You see each program Defender has taken action on, the alert level, and the date. You can use “Remove all” if you don’t recognize any of it, or you can select just one, or a few, and then click Remove or Restore. (Restore means “It’s fine. Put it back and let me run it.”)

• Allowed items. If Defender announces that it’s found a potential piece of malware, but you allow it to run anyway, it’s considered an allowed item. From now on, Defender ignores it, meaning that you trust that program completely. Allowed programs’ names appear when you click this button and then click “View details.”

  If you highlight a program’s name and then click Remove From List, it’s gone from the Allowed list, and therefore Defender monitors it once again.

Now, Defender is certainly not the only antivirus program on the planet; it’s not even the best one.

Several rival antivirus programs are free for personal use, like Avast (www.avast.com). These do have their downsides—some nag you to buy the Pro versions, for example, and there’s nobody to call for tech support.

In any case, the bottom line is this: If your PC doesn’t have antivirus software working for you right now, then getting some should be at the top of your to-do list.

Note

Get antivirus software written especially for Windows 8.1. Antivirus software from the old days won’t work.