Windows Defender Beta 2 Review

Way back in December 2004, Microsoft purchased Giant Company Software, which not coincidentally at the time made the best anti-spyware package in the world, Giant Antispyware. I happened to be a big f...

Paul Thurrott

October 6, 2010

10 Min Read
ITPro Today logo in a gray background | ITPro Today

Way back in December 2004, Microsoft purchased Giant Company Software, which not coincidentally at the time made the best anti-spyware package in the world, Giant Antispyware. I happened to be a big fan of Giant Antispyware, and even more coincidentally, I happened to interview Giant co-founder Andrew Newman less than a week before his company was purchased by Microsoft. Microsoft renamed Giant Antispyware to Windows Antispyware and issued a Beta 1 version two weeks after the acquisition (see my preview).

Over the ensuing 13 months, Windows Antispyware was updated with numerous spyware definition releases and a few small functional changes, and the product was eventually renamed to Windows Defender. But the Beta 1 moniker was never changed, and certainly the public beta release hasn't been rebranded or changed in any appreciable way. I've gotten many queries over the past year about what was going on. People wondered when Beta 2--and the eventual final release--would ever ship. Finally, I can tell you what's happened.

Back to square one: Microsoft completely rebuilds Windows Defender

Though Giant Antispyware was an awesome product for its day, it had some technical shortcomings. First, it was built with Visual Basic, which isn't a great platform for creating globalized and localized applications, a necessity for any Microsoft product. Second, it targeted the 32-bit Intel x86 platform that still dominates today's computing world, but Microsoft knew that the 64-bit x64 platform would eventually take off, so it needed to work seamlessly in 64-bit OSes as well. Too, with spyware taking on an increasingly dangerous role, Microsoft knew it would have to integrate Windows Defender into Windows Vista, it's next generation Windows version (see my activity center), so that work had to be completed. Finally, Giant Antispyware was a normal Windows application, and not a service. This limitation meant that it could only be used by administrator-level users, and only when a user was logged on.

These technical issues all had to be overcome before Microsoft would be ready to ship the final version of Windows Defender. Throughout 2005, the software giant worked at rearchitecting Windows Defender as a service, and one that is written in managed C++, not Visual Basic. The code was tweaked to support 32-bit and 64-bit versions. And the crucial Windows Vista integration was begun; we saw the first fruits of this work in the Windows Vista December 2005 CTP release (see my review). Also, Microsoft wanted Windows Defender to work well with its other security products. For example, Defender will integrate tightly with Windows OneCare Live, Microsoft's upcoming PC health subscription service (see my Windows Live Preview for details). This integration work required that the Defender and OneCare Live teams work together on a common user interface for their products that would look at home in both Windows XP and Windows Vista.

In short, it's not surprising that it took Microsoft over a year to iron out these and other issues. But I do find it pleasantly surprising that the Beta 1 version of Windows Antispyware has held up so well during this time. Despite its many limitations, Windows Antispyware Beta 1 remained a top anti-spyware solution for the entire previous year. It's just great technology.

And now, the future has arrived. On February 14, 2006, Microsoft announced the public release of Windows Defender Beta 2. I've been working with the Beta 2 code for the past week or so. Here's what I've discovered.

Windows Defender Beta 2

Windows Defender Beta 2 is a much-improved version of the worlds-best anti-spyware package. It visually resembles the Vista version we saw in December 2005, but also integrates quite nicely into an XP system, which is how I tested it. This integration is apparent right from the installation. For example, the dialog in the Windows Defender setup routine that asks whether you'd like to use the system's default settings for SpyNet participation (see below) or choose other options looks and feels like the Automatic Updates screen you see after installing Windows XP Service Pack 2 (SP2, Figure).

The new Defender Dashboard

Once Windows Defender Beta 2 is up and running, you'll experience a much-streamlined solution. While there appears to be Windows Defender application (Figure), it's literally just a front-end for the Windows Defender service, which runs constantly in the background and works properly regardless of which type of user account you're using. It even works when no one is logged on.

This new front-end is essentially a dashboard for Windows Defender's features. After updating to the latest spyware definitions, you probably won't be interacting with the front-end much any more, unless you manually launch the application or a real problem develops.

If you're familiar with Windows OneCare Live, you'll like what Microsoft has done with Windows Defender. And unlike Vista-style applications like Internet Explorer 7 Beta 2 (see my review), where the Vista-type navigation controls look out of place, the new UI utilized by Windows Defender somehow seems right. There's no traditional menu or toolbar along the top of the product. Instead, a new type of toolbar, with Back and Forward buttons, runs along the top, providing access to the home screen, Scan, History, Tools, and Help.

You'll spend most of your time in the home screen, which provides status information about Windows Defender. If there's a problem--say, your spyware definitions are out of date--this screen will alert you and allow you to fix it.

If you click the Scan button, you'll initiate a Quick Scan (Figure), but you can trigger a full scan by clicking the small drop-down arrow next to the Scan button in the toolbar. There's also an option for Custom Scan, in which you scan only selected drives and folders.

The History screen lets you access a complete record of Windows Defender's activities on your system, including the actions its taken against specific spyware products (Figure).

From the Tools option, you can access a variety of settings and tools (Figure). For example, you can configure when Windows Defender scans your system automatically (every day at 2:00 perhaps), and what it should do by default when it encounters different types of items (high alert items, medium alert items, and low alert items). The available tools have dropped significantly from the Giant Company Software releases, but that's in keeping with Microsoft's philosophy that this product should do one thing as well as possible, and not provide a kitchen sink's worth of functionality like its predecessor. You can view and restore quarantined items, view or change programs you've allowed to run, and access what's called the Software Explorer.

That last option is the most interesting. Here, you can view or modify system settings that are often very difficult to get at in a stock Windows system (Figure). For example, you can change the view to Currently Running Programs and get a nice look at what's going on in your PC, far nicer than the standard Task Manager view (Figure). Here's what I mean: In Task Manager, you'll often see numerous processes listed as svchost.exe, which is a Windows shell around executable DLLs, but never an explanation about what processes are hiding inside those shells. In Windows Defender's Software Explorer, those processes are identified as Microsoft Generic Host Process for Win32 Services, and you can see which processes are actually running inside them (under the Services heading). Suddenly those things don't seem so scary anymore.

And that's about it for the UI. As noted previously, you shouldn't really need to interact with the Windows Defender Dashboard all that much. It just stays out of your way.

Fewer interruptions

On a related note, the ever-present tray icon from Windows Antispyware Beta 1 is missing as well. Microsoft's new mantra for this release is that it should not be as annoying (or more annoying) than the spyware you're trying to eradicate. So there's no tray icon, and almost no pop-up windows. Yes, you read that right: No more annoying pop-up windows.

"There used to be too many pop-ups," Mike Chan, a Microsoft product manager told me. "So we've minimized the interruptions, and Windows Defender now works in the background, keeping your system secure."

Base engine improvements

While the user experience-related improvements are certainly welcome, and what the user will notice most when compared to Beta 1, Microsoft has also made dramatic improvements under the hood. These base engine improvements include a new detection removal capability so that the engine can use heuristics to detect more spyware than before. It also works with ZIP files and other archive file formats, allowing Windows Defender to silently crack open archive files you've downloaded and block malicious software before you open the archive. This is important because many malware installers utilize archive installers, so its better to stop the ZIP file before you open it.

Windows Defender also works in conjunction with Internet Explorer (IE) 6 or 7, but only in Windows XP with Service Pack 2 (SP2) or Windows Server 2003 with SP1 (that is, not in Windows 2000). On those systems, Windows Defender can scan files you're downloading and block them when you attempt to execute them. So, for example, if you manually choose to install an IE add-on or other type of Web download, Windows Defender can actually block that install (Figure). "We'll actually short circuit the run option you selected," Chan told me, noting that the user could override Windows Defender if desired.

Naturally, Windows Defender updates and updated spyware definitions will be shipped via Automatic Updates (AU), and not through some proprietary in-application service. This feature is available now in Beta 2 (and in the Vista version that shipped in December).

Widespread support for Windows versions

One of the best new features of Windows Defender is that it natively supports x64 versions of Windows (though you'll have to download a separate executable for x64). Also, though the initial version of Windows Defender will only be made available in a US English version, Microsoft is working to deliver globalized and accessible versions of the product in the coming weeks and months. 4-6 weeks from now, German and Japanese language versions of the product will ship, and after that, Windows Defender will be localized into other languages.

Spynet community features

As with the previous beta and the Giant Company Software product, Windows Defender Beta 2 is backed by a community of users called Spynet, which essentially provides a voting mechanism for software that is detected as being in the "unknown" category. If Windows Defender runs into software that it doesn't yet understand because Microsoft's analysts haven't yet determined its status (as spyware, potentially spyware, or safe), then you will be able to see how other Windows Defenders users have handled the application. What you'll see is a percentage score for the offending application, with Windows Defender telling you what percentage of users installed the application and what percentage declined. "We're providing users with information and guidance at a much earlier stage than before," Chan noted. "It's extremely unique to Windows Defender."

Availability and licensing

On Tuesday, February 14, 2006, Microsoft issued a public version of Windows Defender Beta 2 for Windows 2000 (SP4+), Windows XP (SP+) and Windows Server 2003 (SP1+), as well as a separate x64 version for both Windows XP and Windows Server 2003 platforms. As previously promised, Windows Defender will continue to be completely free, but Microsoft isn't sure when the final version will ship. "We'll see what the feedback looks like for Beta 2 and proceed accordingly," Chan told me.

Conclusions

Windows Defender Beta 2 combines the best-of-breed spyware detection and removal functionality from the old Giant Antispyware product and turns it into a stellar application that all Windows users should immediately download and install. Lightweight, effective, and unobtrusive, Windows Defender is anti-spyware done right, and I still consider this to be the best anti-spyware solution on the market. Highly recommended.

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like