Thwarting Spyware with Windows Defender

I've been troubleshooting Windows PCs for many years. It used to be that most problems were caused by users accidentally deleting system files or making ill-advised attempts to edit the Registry or some other important configuration file. Recent versions of Windows (particularly XP) could either prevent these kinds of PEBCAK (Problem Exists Between Chair and Keyboard) issues or recover from them without a lot of trouble.

However, I think we're all too well aware of the latest menace to rise in the past few years, and it has taken over as the top cause of desperate troubleshooting calls I receive: malware, the generic term for malicious software such as viruses and Trojan horses. The worst malware offender by far these days is spyware, a plague upon the earth that threatens to deprive a significant portion of the online world of its sanity.

As often happens with new concepts, the term spyware has become encrusted with multiple meanings as people attach similar ideas to a convenient and popular label. However, spyware is generally defined as any program that surreptitiously monitors a user's computer activitiesparticularly the typing of passwords, PINs, and credit card numbersor harvests sensitive data on the user's computer, and then sends that information to an individual or a company via the user's Internet connection (the so-called back channel) without the user's consent.

You might think that having a robust firewall between you and the bad guys would make malware a problem of the past. Unfortunately, that's not true. These programs piggyback on other legitimate programs that users actually want to download, such as file-sharing programs, download managers, and screen savers.

This downloading and installation of a program without the user's knowledge or consent is often called a drive-by download. This is closely related to a pop-up download, the downloading and installation of a program after the user clicks an option in a pop-up browser window, particularly when the option's intent is vaguely or misleadingly worded.

To make matters even worse, most spyware embeds itself deep into a system, and removing it is a delicate and time-consuming operation beyond the abilities of even experienced users. Some programs actually come with an Uninstall option, but it's nothing but a ruse, of course. The program appears to remove itself from the system, but what it actually does is a covert reinstallit reinstalls a fresh version of itself when the computer is idle.

All this means that you need to buttress your firewall with an antispyware program that can watch out for these unwanted programs and prevent them from getting their hooks into your system. In previous versions of Windows, you needed to install a third-party program. However, Windows Vista comes with an antispyware program called Windows Defender (formerly Microsoft AntiSpyware).

You open Windows Defender using any of the following methods:

  • From the Control Panel home, click Security and then Windows Defender. (If you're using Control Panel Classic, double-click the Windows Defender icon.)
  • Click Start, All Programs, Windows Defender.
  • Double-click the Windows Defender icon in the taskbar's notification area.

Whichever method you use, you end up at the Windows Defender Home screen. This window shows you the date, time, and results of your last scan, as well as the current Windows Defender status.

Spyware Scanning

Windows Defender protects your computer from spyware in two ways: It can scan your system for evidence of installed spyware programs (and remove or disable those programs, if necessary), and it can monitor your system in real time to watch for activities that might be caused by spyware (such as a drive-by download or data being sent via a back channel).

For the scanning portion of its defenses, Windows Defender supports three different scan types:

  • Quick Scan - This scan checks just those areas of your system where evidence of spyware is likely to be found. This scan usually takes just a couple of minutes.
  • Full System Scan - This scan checks for evidence of spyware in system memory, all running processes, and the system drive (usually drive C:), and it performs a "deep scan" on all folders. This scan might take 30 minutes or more, depending on your system.
  • Select Drives and Folders - This scan checks just the drives and folders that you select. The length of the scan depends on the number of locations you select and the number of objects in those locations.

The Quick scan is the default, and you can initiate one at any time by clicking the Scan link. Otherwise, pull down the Scan menu and select Quick Scan, Full Scan, or Custom Scan, the last of which displays the Select Scan Options page.

Windows Defender Settings

By default, Windows Defender is set up to perform a Quick scan of your system every morning at 2:00 a.m. To change this, click Tools, and then click Options to display the Options page. Use the controls in the Automatic Scanning section to specify the scan frequency time and type.

The rest of the Options page offers options for customizing Windows Defender. There are four more groups:

  • Default Actions Set the action that Windows Defender should take if it finds alert items (potential spyware) in the High, Medium, and Low categories: Signature Default (Windows Defender's default action for the detected spyware), Ignore, or Remove.
  • Real-Time Protection Options Enables and disables real-time protection. You can also toggle security agents on and off. Security agents monitor Windows components that are frequent targets of spyware activity. For example, activating the Auto Start security agent tells Windows Defender to monitor the list of startup programs to ensure that spyware doesn't add itself to this list and run automatically at startup.
  • Advanced Options Use these options to enable scanning inside compressed archives and to prevent Windows Defender from scanning specific folders.
  • Administrator Options This section has a check box that toggles Windows Defender on and off, and another that, when activated, allows non-Administrators to use Windows Defender.