Jump to content

Microsoft Defender Antivirus

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Mbrickn (talk | contribs) at 00:31, 12 August 2020 (Application Guard: Unbolded heading). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Microsoft Defender
Other namesRenamed to Microsoft Defender Antivirus in Windows 10 May 2020 Update and later
Developer(s)Microsoft
Stable release
4.18.2006.10 / 29 June 2020; 4 years ago (2020-06-29)[1]
Operating systemWindows XP and Windows Server 2003[2]
Included withWindows 10
PredecessorMicrosoft Security Essentials
TypeAntivirus software
Websitewww.microsoft.com/en-us/microsoft-365/microsoft-defender-for-individuals Edit this on Wikidata

Microsoft Defender (known as Windows Defender before Windows 10 May 2020 Update or Windows Defender Antivirus in Windows 10 Creators Update and later) is an anti-malware component of Microsoft Windows.[3] It was first released as a downloadable free anti-spyware program for Windows XP, and was later shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials as part of Windows 8 and later versions.[3]

Basic features

Before Windows 8, Windows Defender only protected users against spyware.[4] It includes a number of real-time security agents that monitor several common areas of Windows for changes which might have been caused by spyware. It also has the ability to remove installed ActiveX software.[5] Windows Defender featured an integrated support for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their systems. Protection against viruses was subsequently added in Windows 8; which resembles Microsoft Security Essentials (MSE). It also uses the same anti-malware engine and virus definitions from MSE.

In Windows 10, Windows Defender settings are controlled in the Windows Defender Security Center. In the Windows 10 Anniversary Update, a new logo is introduced and a pop-up notification will appear to announce the results of a scan, even if no viruses are found.[6]

History

Beta

Microsoft AntiSpyware Beta 1 (Version 1.0.701) running on Windows XP

Windows Defender was initially based on GIANT AntiSpyware, formerly developed by GIANT Company Software, Inc. The company's acquisition was announced by Microsoft on December 16, 2004.[7][8] While the original GIANT AntiSpyware officially supported older Windows versions, support for the Windows 9x line of operating systems was later dropped by Microsoft.

The first beta release of Microsoft AntiSpyware from January 6, 2005 was a repackaged version of GIANT AntiSpyware[7] There were more builds released in 2005, with the last Beta 1 refresh released on November 21, 2005.

At the 2005 RSA Security conference, Bill Gates, the Chief Software Architect and co-founder of Microsoft, announced that Windows Defender (formerly Microsoft AntiSpyware prior to November 4, 2005) would be made available free-of-charge to users with validly licensed Windows 2000, Windows XP, and Windows Server 2003 operating systems to secure their systems against the increasing malware threat.[9]

Windows Defender (Beta 2) was released on February 13, 2006. It featured the program's new name and a redesigned user interface. The core engine was rewritten in C++, unlike the original GIANT-developed AntiSpyware, which was written in Visual Basic.[10] This improved the application's performance. Also, since beta 2, the program works as a Windows service, unlike earlier releases, which enables the application to protect the system even when a user is not logged on. Beta 2 also requires Windows Genuine Advantage (WGA) validation. However, Windows Defender (Beta 2) did not contain some of the tools found in Microsoft AntiSpyware (Beta 1). Microsoft removed the System Inoculation, Secure Shredder and System Explorer tools found in MSAS (Beta 1) as well as the Tracks Eraser tool, which allowed users to easily delete many different types of temporary files related to Internet Explorer 6, including HTTP cookies, web cache, and Windows Media Player playback history.[7] German and Japanese versions of Windows Defender (Beta 2) were later released by Microsoft.[11][12]

General availability

On October 24, 2006, Microsoft released Windows Defender. It supports Windows XP and Windows Server 2003; however, unlike the betas, it does not run on Windows 2000.[13]

Conversion to antivirus

Windows Defender was released with Windows Vista and Windows 7, serving as their built-in anti-spyware component. In Windows Vista and Windows 7, Windows Defender was superseded by Microsoft Security Essentials, an antivirus product from Microsoft which provided protection against a wider range of malware. Upon installation, Microsoft Security Essentials disabled and replaced Windows Defender.[14][15][16] In Windows 8, Microsoft upgraded Windows Defender into an antivirus program very similar to Microsoft Security Essentials for Windows 7[17] and using the same virus definition updates. MSE itself does not run on Windows versions beyond 7. In Windows 8 and Windows 10, Windows Defender is on by default. It switches itself off upon installation of a third-party anti-virus package.[18]

Starting with Windows 10, Microsoft began to transfer the control of Windows Defender out of its native client. Initially, its "Settings" dialog box was replaced by a dedicated page in the Settings app. In Windows 10 Creators Update, Windows Defender is renamed Windows Defender Antivirus to distinguish it from Windows Defender Security Center. The latter has become the default avenue to interface with Windows Defender.[19] While there was no shortcut on the Start menu for Windows Defender's native client, it could still run.[20][21] It was later removed in the Windows 10 April 2018 Update and transferred to Windows Defender Security Center.

Advanced features

Windows Defender notification toast in Windows 8, reporting taking action to clean detected malware.

Real-time protection

In the Windows Defender options, the user can configure real-time protection options. Windows 10's Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed.[6] It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.[22]

Browser integration

Integration with Internet Explorer and Microsoft Edge enables files to be scanned as they are downloaded to detect malicious software inadvertently downloaded. As of April 2018, Windows Defender is also available for Google Chrome via an extension and works in conjunction with Google Safe Browsing.

Application Guard

A feature released in early 2018, Windows Defender Application Guard is a feature exclusive to Microsoft Edge that allows you to sandbox your current browsing session from your system. This prevents a malicious website or malware from affecting your system and your browser. Application Guard is a feature only available on Windows 10 Pro & Windows 10 Enterprise.

Windows Vista-specific functionality

Windows Defender had additional functionality in Windows Vista which was removed in subsequent versions of Windows:[23]

Security agents

Security agents which monitor the computer for malicious activities:

  • Auto Start – Monitors lists of programs that are allowed to automatically run when the user starts the computer
  • System Configuration (settings) – Monitors security-related settings in Windows
  • Internet Explorer Add-ons – Monitors programs that automatically run when the user starts Internet Explorer
  • Internet Explorer Configurations (settings) – Monitors browser security settings
  • Internet Explorer Downloads – Monitors files and programs that are designed to work with Internet Explorer
  • Services and Drivers – Monitors services and drivers as they interact with Windows and programs
  • Application Execution – Monitors when programs start and any operations they perform while running
  • Application Registration – Monitors tools and files in the operating system where programs can register to run at any time
  • Windows Add-ons – Monitors add-on programs for Windows

Software Explorer

The Advanced Tools section allows users to discover potential vulnerabilities with a series of Software Explorers. They provide views of startup programs, currently running software, network connected applications, and Winsock providers (Winsock LSPs). In each Explorer, every element is rated as either "Known", "Unknown" or "Potentially Unwanted". The first and last categories carry a link to learn more about the particular item, and the second category invites users to submit the program to Microsoft SpyNet for analysis by community members.[24][25] The Software Explorer feature has been removed from Windows Defender in Windows 7.[26]

Notification of startup programs that run as an administrator

Windows Defender in Windows Vista automatically blocks all startup items that require administrator privileges to run (this is considered suspicious behavior for a startup item). This automatic blocking is related to the User Account Control functionality in Windows Vista, and requires users to manually run each of these startup items each time they log in if they desire the item to run at startup.[27]

User interface

In Windows Vista, it is possible to close the window and have the program run in the system tray while a scan is running. However, in Windows 7, this functionality was removed and the window must remain open while a scan is running.

Windows Defender Offline

Windows Defender Offline (formerly known as Standalone System Sweeper)[28] is a bootable standalone anti-malware program that runs from a bootable disk designed to scan infected systems while their operating systems are offline.[29] Since Windows 10 Anniversary Update, the offline functionality is integrated into the regular Windows Defender program.

Mitigated security vulnerability

On May 5, 2017, Tavis Ormandy, a vulnerability researcher from Google, discovered a security vulnerability in the JavaScript analysis module (NScript) of Microsoft Antimalware Engine (MsMpEngine) that impacted Windows Defender, Microsoft Security Essentials and System Center Endpoint Protection. By May 8, 2017, Microsoft had released a patch to all affected systems. Ars Technica commended Microsoft for its unprecedented patching speed and said that the disaster had been averted.[30][31]

Reviews

During the December 2017 test of various anti-malware software carried out by AV-TEST on Windows 10 platform, Windows Defender has earned 6 out of 6 points in detection rate of various malware samples, earning its "AV-TEST Certified" seal.[32] Also, during February 2018 "Real-World Protection Test" performed by AV-Comparatives, Windows Defender has achieved 100% detection rate of malicious URL samples, along with 3 false positive results.[33]

AV-TEST test of Defender October 2019 shows it provides excellent protection both against viruses and 0-day / malware attacks.

See also

References

  1. ^ "KB4052623". catalog.update.microsoft.com. Retrieved 16 December 2019.
  2. ^ "Windows Defender". Download Center. Microsoft. 23 May 2007. Archived from the original on 29 April 2012.
  3. ^ a b "What is Windows Defender?". Computer Hope. Retrieved 31 December 2017.
  4. ^ Shultz, Greg. "Windows Defender: Past, present, and future". Retrieved 13 June 2017.
  5. ^ "How to Remove an Active-X Control in Windows". Microsoft. Retrieved 31 December 2017.
  6. ^ a b "What's new in Windows Defender for Windows 10 Anniversary Update". windowscentral.com. Retrieved 27 March 2018.
  7. ^ a b c Thurrot, Paul (6 October 2010). "Microsoft Windows Anti-Spyware Preview: Paul Thurott's SuperSite for Windows". SuperSite for Windows. Retrieved 26 November 2013.
  8. ^ "Microsoft Acquires Anti-Spyware Leader GIANT Company". PressPass. Microsoft. 16 December 2004. Retrieved 11 November 2009.
  9. ^ "Gates Highlights Progress on Security, Outlines Next Steps for Continued Innovation". PressPass. Microsoft Corporation. 15 February 2005. Retrieved 11 November 2009.
  10. ^ Thurrott, Paul (14 February 2006). "Windows Defender Beta 2 Review: Paul Thurrott's SuperSite for Windows". SuperSite for Windows. Retrieved 26 November 2013.
  11. ^ "Windows Defender: Startseite" (in German). Microsoft Corporation. Archived from the original on 30 January 2009. Retrieved 8 May 2011.
  12. ^ "マイクロソフト セキュリティ At Home" (in Japanese). Microsoft Corporation. Archived from the original on 18 January 2010. Retrieved 8 May 2011.
  13. ^ Thurrott, Paul (24 October 2006). "Finally, Microsoft Ships Windows Defender". Windows IT Pro. Retrieved 8 May 2011.
  14. ^ Thurrott, Paul (18 June 2009). "Microsoft Security Essentials Public Beta". Paul Thurrott's SuperSite for Windows. Retrieved 8 May 2011.
  15. ^ Hau, Kevin (23 June 2009). "Windows Defender and Microsoft Security Essentials". Microsoft Answers. Microsoft Corporation. Retrieved 8 May 2011.
  16. ^ Marius, Marius Oiaga (30 August 2010). "Microsoft Security Essentials 1.0 and 2.0 Disable Windows Defender". Softpedia. SoftNews NET SRL. Retrieved 8 May 2011.
  17. ^ Windows 8 Consumer Preview: Set Up Windows 8 with the Web Installer
  18. ^ "Protect your PC". Support (12 ed.). Microsoft. 8 September 2016. Retrieved 14 December 2016.
  19. ^ Lich, Brian (18 May 2017). "Windows Defender Antivirus in the Windows Defender Security Center app". docs.microsoft.com. Microsoft.
  20. ^ Popa, Bogdan (24 August 2017). "Quick Tip: Use the Old Windows Defender in Windows 10 Creators Update". Softpedia. SoftNews.
  21. ^ Williams, Wayne (24 August 2017). "How to get the classic Windows Defender back on Windows 10 Creators Update". BetaNews.
  22. ^ "How to enable Windows 10's Block at First Sight protection in Windows Defender". betanews.com. Retrieved 27 March 2018.
  23. ^ "Protect Your PC with New Security Features in Windows Vista". Microsoft. November 2006. Retrieved 12 April 2018.
  24. ^ "Using Software Explorer in Windows Defender". Support. Microsoft. Archived from the original on 14 October 2009. Retrieved 26 April 2017.
  25. ^ O'Reilly, Dennis (22 April 2008). "Software Explorer keeps unneeded apps from auto-starting". CNET. CBS Interactive. Retrieved 9 May 2015.
  26. ^ Thurrott, Paul (6 October 2010). "Windows 7 Annoyances". Supersite for Windows. Penton. Retrieved 9 May 2015.
  27. ^ "Error message when you start a Windows Vista-based computer: 'Windows has blocked some startup programs'". Support. Microsoft. 23 September 2011. Archived from the original on 7 April 2015. Retrieved 26 April 2017.
  28. ^ Whitney, Lance. "Utility Spotlight: Repair Your PC Infection". technet.microsoft.com. Retrieved 16 April 2018.
  29. ^ "Help protect my PC with Windows Defender Offline". support.microsoft.com. Retrieved 16 April 2018.
  30. ^ Anthony, Sebastian (9 May 2017). "Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable". Ars Technica. Condé Nast.
  31. ^ "Microsoft Security Advisory 4022344". TechNet. Microsoft. 8 May 2017.
  32. ^ "The best antivirus software for Windows Home User". AV-TEST.org. AV-TEST. 2018. Retrieved 12 April 2018.
  33. ^ "Real-World Protection Test" (PDF). AV-Comparatives.com. AV-Comparatives. 2018. Retrieved 12 April 2018.