Windows Vista Anti-Spyware Concise Manual

Perhaps considering that spyware on the Internet is particularly embarrassing, Microsoft has built a pretty good anti-spyware software, Windows Defender, in Windows Vista.

Windows Defender Overview

Windows Defender was formerly known as Giant Antispyware from Giant. In December 2004, Microsoft acquired Giant and renamed Giant Antispyware to Microsoft Antisyware (Beta 1). On February 16 this year, it was officially renamed to Windows Defender (Beta 2).

Compared to Microsoft Antisyware Beta 1 and other third-party anti-spyware tools, Windows Defender Beta 2 has the following significant advantages:

1) It requires only a small amount of manual intervention by the user. Windows Defender can easily work at its best.

2) Windows Defender's work interface is very simple, it is difficult to find its "travel", it does not add an icon in the taskbar notification area like other similar software. But once the Windows system is found to be vulnerable to spyware, it will immediately "appear" to help us solve the problem.

3) Windows Defender software updates are integrated into Windows Update without the need for extra effort.

One of the most important advantages is that Windows Defender is free, really cheap and full, and can provide enough spyware protection for home users.

Why can't I see the notification area icon for Windows Defender

If everything is working fine, Windows Defender will completely disappear from the notification area of ​​the taskbar. This may be unfamiliar to users familiar with the previous version of Microsoft Antispyware, and may feel that Windows Defender does not protect our computers in real time.

Although Windows Defender does not appear in the notification area of ​​the taskbar, Windows Defender actually launches a background service that silently escorts our computer. We can use the following steps to verify:

1) Enter "services.msc" in the Run dialog and press Enter to open the "Services" snap-in window.

2) In the detailed pane on the right side of the open window, navigate to the "Windows Defender Service" service, double-click and open its properties dialog box, as shown in Figure 1.

3) You can see that the startup type of the "Windows Defender Service" service is "Automatic", which means that the service is automatically started with the system, its service status is "Started", Windows Defender is silently We serve, but it is more "low-key".

Windows Defender Real-Time Monitoring

Windows Defender enables real-time monitoring by default. Once it detects a hazard to the system, it will pop up a warning message box.

If you install an application and find that it is "entrained" with spyware (such as the notorious 3721), Windows Defender will immediately pop up the warning box shown in Figure 2.

At this time, you can directly click the “Delete All” button on the warning box. If you are not at ease, you can click the “Review” button to view it. The result is shown in Figure 3.

After confirming the error, you can click the “Delete All” button to start the cleaning process. Since the file and registry keys involved in 3721 are more, the cleaning process takes a little time, as shown in Figure 4. . After the cleanup is complete, the system may prompt for a reboot to ensure that the protection action takes effect.

Windows Defender Manual Scan

In addition to real-time monitoring, the system defaults to a quick scan of the system every day to maximize protection of our system.

In addition, we can also manually scan:

1) Click the drop-down arrow to the right of the "Scan" button in the Windows Defender main window, you can see in the expanded drop-down menu Three menu items: Quick Scan, Full Scan, and Custom Scan for fast, full, and custom scans of the system.

2) Click “Custom Scan” to enter the “Select Scan Options” page, select the “Scan selected drives and folders” option on it, and then click “Select on the right” " button.

3) Specify the drive and folder you want to scan on the dialog that opens, as shown in Figure 5. Click the "OK" button to return to the "Select Scan Options" page and click the "Scan Now" button to start scanning.

Customizing Windows Defender Configuration

Windows Defender's custom configuration is very powerful, and the default configuration already provides sufficient security. Here we can also customize it:

First click on the "Tools" button in the Windows Defender main window, then click on "Options" to enter the configuration page.

Auto Scan Configuration

In the Auto Scan section, you can specify the frequency of the scan, as shown in Figure 6. The default is to scan every day, we can specify to scan once a week, for example, you can choose to scan on Sunday. You can also specify the time of the scan. The default is 2 am, which can be adjusted.

Real-time monitoring customization

You can also customize the functions of real-time monitoring. In the “Real-time protection options” section of the “Options” page, you can select the options involved in real-time monitoring. It is recommended to check all, as shown in Figure 7.

Windows Defender Advanced Features

Although Windows Defender is very different from its predecessor, Microsoft Antispyware, it retains the most essential part of Microsoft Antispyware, the Software Explorer. This feature helps us understand and configure the self-starting process, current running tasks, and network connections in detail, which are described separately.

First click on the Tools button in the Windows Defender main window, then click on "Software Explorer" to go to the "Software Explorer" page.

Configuring the self-starting process

Selecting the "Startup Program" option in the "Category" drop-down list box will display all the self-starting processes of the current system on the left side of the page, and by Manufacturers are classified.

arbitrarily select one of the self-starting processes, you can view its specific information in the detailed pane on the right: for example, whether it has a digital signature (and shows the vendor that provides the signature), the application is located Path, startup type, whether it is a process that comes with Windows, and so on.

For example, select the "Microsoft Windows Explorer" process in the process list on the left, you can view the specific information of the process in the detailed pane on the right, as shown in Figure 8.

● From the "Digital Signature Party" column, you can know that the process is digitally signed by "Microsoft Windows Verification Intermediate PCA" and should be a trusted process.

● From the "File Path" column, you can see that the program file for this process is located at "D:WINDOWSexplorer.exe".

Currently running tasks

Select the "currently running programs" option in the "Category" drop-down list box to display all the started processes on the left side of the page, and by Manufacturers are classified.

Although the currently started process can be viewed in the Task Manager, Windows Defender provides far more information than the Task Manager.

Here you can select a "Microsoft Generic Host Process for Win32 Services" (svchost.exe) process in the process list on the left, you can see its specific information in the detailed pane on the right, as shown in Figure 9.

The vast majority of information is similar to the information you get from viewing the self-starting process. But one of the "service" information is very useful, you can view the system services loaded by the process, for example, in this example we can see that the process is loaded with DCOM Server Process Launcher, Plug and Play and other services.

For some processes, we can click the "end process" button on the right to abort the process, but not all processes can be aborted by this method (this time the "end process" button is grayed out ), this is because these processes are important processes of Windows Vista, and if forced to terminate, it may cause the system to crash.

Network Connection Program

Select the “Network Connection Program” option in the “Category” drop-down list box to display all network connection processes on the left side of the page, and follow the manufacturer. Classified.

This function is very useful. For example, we select the "Messenger" process in the process list on the left, and you can see the specific information of the process in the detailed pane on the right, as shown in Figure 10.

You can see the TCP/IP port that Messenger opens locally and the port that the remote IP address is listening to. If you want to abort the process, click the "End Process" button on the right. If you want to block Messenger's inbound connection, click the "Incoming Block" button on the right.

Clicking the "Incoming Block" button on the right side actually cancels the exception of "Windows Live Messenger 8.0" in the Windows Firewall. We can verify it by following these steps:

Enter "firewall.cpl" in the Run dialog box, press Enter to open the "Windows Firewall" dialog box, and switch to the "Exceptions" tab.

In the "Exceptions" tab, we can see that the checkbox to the left of the exception for "Windows Live Messenger 8.0" is cleared, as shown in Figure 11.