Software:Microsoft Defender

From HandWiki
Short description: Anti-malware software
Microsoft Defender Antivirus
Microsoft Defender 2020 Fluent Design icon.png
Other namesWindows Defender
Developer(s)Microsoft
Stable release
4.18.2207.7 / 6 September 2022; 22 months ago (2022-09-06)[1]
Operating system
PredecessorMicrosoft Security Essentials
TypeAntivirus software

Microsoft Defender (specifically Microsoft Defender Antivirus, and formerly Windows Defender) is an anti-malware component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 and later versions.[3]

Basic features

Before Windows 8, Windows Defender only protected users against spyware.[4] It includes a number of real-time security agents that monitor several common areas of Windows for changes which might have been caused by spyware. It also has the ability to remove installed ActiveX software.[5] Windows Defender featured an integrated support for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware[citation needed], and what applications and device drivers they allow to be installed on their systems. Protection against viruses was subsequently added in Windows 8; which resembles Microsoft Security Essentials (MSE). It also uses the same anti-malware engine and virus definitions from MSE.

In Windows 10, Windows Defender settings are controlled in the Windows Defender Security Center. In the Windows 10 Anniversary Update, a new logo is introduced and a pop-up notification will appear to announce the results of a scan, even if no viruses are found.[6]

History

Microsoft AntiSpyware (Beta 1)

Microsoft AntiSpyware Beta 1 (Version 1.0.701) running on Windows XP

Windows Defender was initially based on GIANT AntiSpyware, formerly developed by GIANT Company Software, Inc.[7] The company's acquisition was announced by Microsoft on December 16, 2004.[8][9] While the original GIANT AntiSpyware officially supported older Windows versions, support for the Windows 9x line of operating systems was later dropped by Microsoft.

The first beta release of Microsoft AntiSpyware from January 6, 2005, was a repackaged version of GIANT AntiSpyware.[8] There were more builds released in 2005, with the last Beta 1 refresh released on November 21, 2005.

At the 2005 RSA Security conference, Bill Gates, the Chief Software Architect and co-founder of Microsoft, announced that Microsoft AntiSpyware would be made available free-of-charge to users with validly licensed Windows 2000, Windows XP, and Windows Server 2003 operating systems to secure their systems against the increasing malware threat.[10]

Windows Defender (Beta 2)

On November 4, 2005, it was announced that Microsoft AntiSpyware was renamed to Windows Defender.[11][12] Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a redesigned user interface. The core engine was rewritten in C++, unlike the original GIANT-developed AntiSpyware, which was written in Visual Basic.[13] This improved the application's performance. Also, since Beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the system even when a user is not logged on. Beta 2 also requires Windows Genuine Advantage (WGA) validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including HTTP cookies, web cache, and Windows Media Player playback history.[8] German and Japanese versions of Windows Defender (Beta 2) were later released by Microsoft.[14][15]

Windows Defender (Final)

On October 23, 2006, Microsoft released the final version of Windows Defender.[16] It supports Windows XP and Windows Server 2003; however, unlike the betas, it doesn't run on Windows 2000.[17]:qt Some of the key differences from the beta version are improved detection, redesigned user interface and delivery of definition updates via Automatic Updates.[18]

Conversion to antivirus

Windows Defender was released with Windows Vista and Windows 7, serving as their built-in anti-spyware component. In Windows Vista and Windows 7, Windows Defender was superseded by Microsoft Security Essentials, an antivirus product from Microsoft which provided protection against a wider range of malware. Upon installation, Microsoft Security Essentials disabled and replaced Windows Defender.[19][20]

In Windows 8, Microsoft upgraded Windows Defender into an antivirus program very similar to Microsoft Security Essentials for Windows 7[3] and using the same virus definition updates. Microsoft Security Essentials itself does not run on Windows versions beyond 7.[19] In Windows 8 and Windows 10, Windows Defender is on by default. It switches itself off upon installation of a third-party anti-virus package.[21][22]:8

Name changes

Starting with Windows 10, Microsoft began to transfer the control of Windows Defender out of its original user interface. Initially, its "Settings" dialog box was replaced by a dedicated page in the Settings app. Then, in the 1703 update, Windows Defender was renamed to Windows Defender Antivirus[23]:qt and became part of the Windows Defender Security Center app,[24]:qt but the original user interface could still be accessed by alternative methods.[25][26] In the 1803 update, its original user interface ceased to be available.[lower-alpha 1] In the 1809 update, the Windows Defender Security Center app was renamed to Windows Security Center.[32]:qt In the 2004 update, the Windows Defender Antivirus was renamed to Microsoft Defender Antivirus.[33][34]:qt

Advanced features

Real-time protection

Screenshot of Windows Defender notification toast in Windows 8, reporting taking action to clean detected malware.
Windows Defender real-time notification

In the Windows Defender options, the user can configure real-time protection options. Windows 10's Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed.[6] It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.[35]

Browser integration

Screenshot of a warning from Microsoft Defender running on Chrome notifying the user that a website has been reported as unsafe.
Demonstration of Microsoft Defender Browser Protection on Chrome. Pictured here is the warning that the website in question "has been reported as unsafe".

Integration with Internet Explorer and Microsoft Edge enables files to be scanned as they are downloaded to detect malicious software inadvertently downloaded. As of April 2018, Microsoft Defender is also available for Google Chrome via an extension and works in conjunction with Google Safe Browsing.

Application Guard

Screenshot showing the distinctive differences between a normal Microsoft Edge window and a Microsoft Edge with Application Guard window.
Application Guard on Microsoft Edge

A feature released in early 2018, Windows Defender Application Guard is a feature exclusive to Microsoft Edge that allows users to sandbox their current browsing session from the system. This prevents a malicious website or malware from affecting the system and the browser. Application Guard is a feature only available on Windows 10 Pro and Enterprise. In May 2019, Microsoft announced Application Guard for Google Chrome and Firefox. The extension, once installed, will open the current tabs web page in Microsoft Edge with Application Guard enabled.

Controlled Folder Access

A Screenshot of a Notification showing Microsoft Defender has blocked access to a protected folder.
A notification showing Microsoft Defender has blocked access to a protected folder.

Controlled Folder Access is a feature introduced with Windows 10 Fall Creators Update to protect a user's important files from the growing threat of ransomware. This feature was released about a year later after the Petya family of ransomware first appeared. The feature will notify the user every time a program tries to access these folders and will be blocked unless given access via the user. Windows will warn the user with a User Account Control popup as a final warning if they opt to "Allow" a program to read Controlled Folders.

Windows Vista-specific functionality

Windows Defender had additional functionality in Windows Vista which was removed in subsequent versions of Windows:[36]

Security agents

Security agents which monitor the computer for malicious activities:

  • Auto Start – Monitors lists of programs that are allowed to automatically run when the user starts the computer
  • System Configuration (settings) – Monitors security-related settings in Windows
  • Internet Explorer Add-ons – Monitors programs that automatically run when the user starts Internet Explorer
  • Internet Explorer Configurations (settings) – Monitors browser security settings
  • Internet Explorer Downloads – Monitors files and programs that are designed to work with Internet Explorer
  • Services and Drivers – Monitors services and drivers as they interact with Windows and programs
  • Application Execution – Monitors when programs start and any operations they perform while running
  • Application Registration – Monitors tools and files in the operating system where programs can register to run at any time
  • Windows Add-ons – Monitors add-on programs for Windows

Software Explorer

The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and Winsock providers (Winsock LSPs). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by community members.[37][38] The Software Explorer feature has been removed from Windows Defender in Windows 7.[39]

Notification of startup programs that run as an administrator

Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered suspicious behavior for a startup item). This automatic blocking is related to the User Account Control functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in if they desire the item to run at startup.[40]

User interface

In Windows Vista, it is possible to close the window and have the program run in the system tray while a scan is running. However, in Windows 7, this functionality was removed and the window must remain open while a scan is running.

Windows Defender Offline

Windows Defender Offline (formerly known as Standalone System Sweeper)[41] is a stand-alone anti-malware program that runs from bootable removable media (e.g. CD or USB flash drive) designed to scan infected systems while the Windows operating system is offline.[42] Since Windows 10 Anniversary Update in 2016, the option to boot into Windows Defender Offline can be initiated from within Windows itself, negating the need for the separate boot disk.

Mitigated security vulnerability

On May 5, 2017, Tavis Ormandy, a vulnerability researcher from Google, discovered a security vulnerability in the JavaScript analysis module (NScript) of Microsoft Antimalware Engine (MsMpEngine) that impacted Windows Defender, Microsoft Security Essentials and System Center Endpoint Protection. By May 8, 2017, Microsoft had released a patch to all affected systems. Ars Technica commended Microsoft for its unprecedented patching speed and said that the disaster had been averted.[43][44]

Reviews

During a December 2017 test of various anti-malware software carried out by AV-TEST on Windows 10, Windows Defender earned 6 out of 6 points in detection rate of various malware samples, earning its "AV-TEST Certified" seal.[45]

During a February 2018 "Real-World Protection Test" performed by AV-Comparatives, Windows Defender achieved a 100% detection rate of malicious URL samples, along with 3 false positive results.[46]

An AV-TEST test of Windows Defender in October 2019 demonstrated it provides excellent protection both against viruses and 0-day / malware attacks.[47]

On December 1, 2021, AV-TEST gave Defender a maximum protection score of 34 points after successfully managing to detect ten out of ten ransomware samples in a lab test.[48]

See also

Notes

  1. As reported in Microsoft forums,[27] comments to news articles[28][29] and other forums.[30][31]

References

  1. "KB4052623". https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623. 
  2. 2.0 2.1 "Windows Defender". Microsoft. 23 May 2007. http://www.microsoft.com/en-us/download/details.aspx?id=17. 
  3. 3.0 3.1 Kingsley, Robert (18 January 2013). "Windows Defender in Windows 8 and Windows 7 – What's New & Different?". https://www.digitalcitizen.life/windows-defender-windows-8-and-windows-7-what-s-new-and-different/. 
  4. Shultz, Greg (17 November 2016). "Windows Defender: Past, present, and future". http://www.techrepublic.com/article/windows-defender-past-present-and-future/. 
  5. "How to Remove an Active-X Control in Windows". Microsoft. https://support.microsoft.com/en-us/help/154850/how-to-remove-an-activex-control-in-windows. 
  6. 6.0 6.1 "What's new in Windows Defender for Windows 10 Anniversary Update". 26 July 2016. http://www.windowscentral.com/whats-new-windows-defender-windows-10-anniversary-update. 
  7. "Microsoft Acquires Anti-spyware Leader Giant Company Software Inc.". December 2004. http://www.giantcompany.com/. 
  8. 8.0 8.1 8.2 Thurrot, Paul (6 October 2010). "Microsoft Windows Anti-Spyware Preview: Paul Thurott's SuperSite for Windows". SuperSite for Windows. http://winsupersite.com/product-review/microsoft-windows-anti-spyware. 
  9. "Microsoft Acquires Anti-Spyware Leader GIANT Company". 16 December 2004. https://news.microsoft.com/2004/12/16/microsoft-acquires-anti-spyware-leader-giant-company/. 
  10. "Gates Highlights Progress on Security, Outlines Next Steps for Continued Innovation". PressPass. 15 February 2005. http://news.microsoft.com/2005/02/15/gates-highlights-progress-on-security-outlines-next-steps-for-continued-innovation/. 
  11. Garms, Jason (4 November 2005). "What's in a name?? A lot!! Announcing Windows Defender!". http://blogs.technet.com/antimalware/archive/2005/11/04/413700.aspx. 
  12. Dodson, Steve (4 November 2005). "Microsoft Windows AntiSpyware is now......"Windows Defender"". http://blogs.technet.com/stevedod/archive/2005/11/04/413701.aspx. 
  13. Thurrott, Paul (14 February 2006). "Windows Defender Beta 2 Review: Paul Thurrott's SuperSite for Windows". SuperSite for Windows. http://winsupersite.com/article/product-review/windows-defender-beta-2-review. 
  14. "Windows Defender: Startseite" (in de). Microsoft Corporation. http://www.microsoft.com/germany/windows/products/winfamily/defender/default.mspx. 
  15. "マイクロソフト セキュリティ At Home" (in ja). Microsoft Corporation. http://www.microsoft.com/japan/protect/default.mspx. 
  16. "Windows Defender: Release notes". 23 October 2006. http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx. 
  17. "Windows® Defender". 8 November 2006. http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en. 
  18. "Frequently asked questions about Windows Defender". 13 February 2006. http://www.microsoft.com/athome/security/spyware/software/about/faq.mspx. 
  19. 19.0 19.1 Hau, Kevin (23 June 2009). "Windows Defender and Microsoft Security Essentials". Microsoft Answers. Microsoft Corporation. http://answers.microsoft.com/en-us/protect/forum/protect_start/windows-defender-and-microsoft-security-essentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd. 
  20. Marius, Marius Oiaga (30 August 2010). "Microsoft Security Essentials 1.0 and 2.0 Disable Windows Defender". http://news.softpedia.com/news/Microsoft-Security-Essentials-1-0-and-2-0-Disable-Windows-Defender-154342.shtml. 
  21. "Microsoft Defender Antivirus compatibility". 17 December 2020. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility. 
  22. Bott, Ed (2013). Introducing Windows 8.1 for IT Professionals. Microsoft Press (published 15 October 2013). ISBN 978-0-7356-8427-0. https://download.microsoft.com/download/E/5/3/E5395265-D2CD-4451-A2BB-B4504C000E80/Microsoft_Press_ebook_Introducing_Windows_ITPro_PDF.pdf. 
  23. "What's new in Windows 10, version 1703 for IT Pros". 9 May 2017. https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1703. 
  24. Lich, Brian (18 May 2017). "Windows Defender Antivirus in the Windows Defender Security Center app". https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus. 
  25. Popa, Bogdan (24 April 2017). "Quick Tip: Use the Old Windows Defender in Windows 10 Creators Update". http://news.softpedia.com/news/quick-tip-use-the-old-windows-defender-in-windows-10-creators-update-515104.shtml. 
  26. Williams, Wayne (24 August 2017). "How to get the classic Windows Defender back on Windows 10 Creators Update". https://betanews.com/2017/04/24/how-to-get-the-classic-windows-defender-back-on-windows-10-creators-update/. 
  27. "How to Get the Old Windows Defender in Windows 10 Back". https://social.microsoft.com/Forums/security/zh-CN/d29c94a5-8578-4d63-a197-d524b0dd7619/. ""There appears to be no way to access the "classic UI" in 1803."" 
  28. "How to Get the Old Windows Defender in Windows 10 Back". 29 June 2017. https://www.maketecheasier.com/get-back-old-windows-defender-windows10/. ""Since the new Windows 10 Update 1803, this no longer works. (Comments section)"" 
  29. "Get Classic Windows Defender in Windows 10 Creators Update". 18 April 2017. https://winaero.com/classic-windows-defender-windows-10-1703/. ""Classic UI its gone on windows 10 enterprise 1803, try other way pls (Comments section)"" 
  30. "Version 1803 and Windows Defender". https://www.windowsbbs.com/goto/post?id=660953. ""In previous versions a link to [...] MSASCui.exe" opened the program in the "classic" user interface but no longer."" 
  31. "Windows 10 & Windows Defender Interface". https://www.speedguide.net/forums/showthread.php?287736. ""the "Classic" Windows Defender interface has been removed in the 1803 version of Windows 10"" 
  32. "What's new in Windows 10, version 1809 for IT Pros". September 2018. https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809. 
  33. "Announcing Windows 10 Insider Preview Build 18945". 26 July 2019. https://blogs.windows.com/windowsexperience/2019/07/26/announcing-windows-10-insider-preview-build-18945. 
  34. "Windows Security: Microsoft Defender Antivirus & More". June 2020. https://www.microsoft.com/en-us/windows/comprehensive-security. 
  35. "How to enable Windows 10's Block at First Sight protection in Windows Defender". 18 November 2016. http://betanews.com/2016/11/18/windows-10-block-at-first-sight-protection-in-windows-defender/. 
  36. "Protect Your PC with New Security Features in Windows Vista". Microsoft. November 2006. https://technet.microsoft.com/en-us/library/2006.11.defender.aspx. 
  37. "Using Software Explorer in Windows Defender". Support. Microsoft. http://windows.microsoft.com/en-us/windows-vista/using-software-explorer-in-windows-defender. 
  38. O'Reilly, Dennis (22 April 2008). "Software Explorer keeps unneeded apps from auto-starting". CNET. CBS Interactive. http://www.cnet.com/news/software-explorer-keeps-unneeded-apps-from-auto-starting/. 
  39. Thurrott, Paul (6 October 2010). "Windows 7 Annoyances". Supersite for Windows. Penton. http://winsupersite.com/article/windows-7/windows-7-annoyances. 
  40. "Error message when you start a Windows Vista-based computer: 'Windows has blocked some startup programs'". Support. Microsoft. 23 September 2011. https://support.microsoft.com/en-us/kb/930367. 
  41. Whitney, Lance. "Utility Spotlight: Repair Your PC Infection". https://technet.microsoft.com/en-us/library/hh547009.aspx. 
  42. "Help protect my PC with Windows Defender Offline". https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc. 
  43. Anthony, Sebastian (9 May 2017). "Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable". Condé Nast. https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/. 
  44. "Microsoft Security Advisory 4022344". Microsoft. 8 May 2017. https://technet.microsoft.com/en-us/library/security/4022344. 
  45. "The best antivirus software for Windows Home User". AV-TEST.org. AV-TEST. 2018. https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2017/. 
  46. "Real-World Protection Test". AV-Comparatives.com. AV-Comparatives. 2018. https://www.av-comparatives.org/wp-content/uploads/2018/03/avc_factsheet2018_02.pdf. 
  47. "Test Microsoft Windows Defender 4.18 for Windows 10 (194015)". https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2019/microsoft-windows-defender-4.18-194015/. 
  48. "9 Security Packages for Consumer Users in an Advanced Threat Protection Test against Ransomware". AV-TEST.org. AV-TEST. 2021. https://www.av-test.org/en/news/9-security-packages-for-consumer-users-in-an-advanced-threat-protection-test-against-ransomware. 

External links