Anti-Malware Engineering Team

This blog provides information about what's happening in the anti-malware technology team at Microsoft. We're the team that builds the core antivirus, antispyware, anti-rootkit, and related technology, which is then used across a number of Microsof


What's in a name?? A lot!! Announcing Windows Defender!

  • Comments 71
  • Likes

Every week seems like a big week for us in the engineering team working on our anti-malware technology. However, last week was especially important in a sentimental way. We got the final name for the cool technology our team has been developing for Windows. The name, after long consideration by our product marketing and branding folks, is "Windows Defender"! What's really cool about this name is that it’s more positive than "Windows AntiSpyware". Windows Defender is about what Windows will do for customers, defending them from spyware and other unwanted software. Our solution has really been about more than just the standard definition of "spyware". We’ve always said we will provide visibility and control, as well as protection, detection and removal from other potentially unwanted software, including rootkits, keystroke loggers and more.

Making the engineering change from "Windows AntiSpyware" to "Windows Defender" took a lot of careful coordination across our team to ensure that the strings in the UI got changed, the help files all got updated, registry keys, file names and properties, as well as a couple of images all got changed. All this work was completed and tested last Thursday, and is currently making its way through our build systems in Windows to make it into the main build environment, where official builds come from. We're pretty excited by the name, and by the sleek new UI and other improvements we've been making in it to help make Windows Vista the best operating system around! But Windows Defender is about a lot more than just a name change. The engine is now moved to a system service, and signatures are delivered over Windows Update. The detection mechanisms have also been radically improved by applying to spyware threats all the great detection technology we use in our antivirus engine.

As part of this engineering milestone, we've also started to prime the Windows Update software distribution channels with signatures for Windows Defender. This is important so the signatures are available when we ship the next beta. So, for enterprise and corporate customers that are using Windows Server Update Services, you will start seeing "Windows Defender" in the product category dialog as well as a new classification called "Definition Updates". So, now you'll know what that means.

In addition to the work that my team's been doing to develop this for Windows Vista over the past many months, it will also be available to existing Windows XP users, replacing the current Windows AntiSpyware technology we've been shipping in beta since January. More details on that in a future post. If you're not using our current Windows AntiSpyware beta, please give that a try!

I hope you like the name, and we can't wait to get Windows Defender into your hands to try. If you have any thoughts about the name, I'd be happy to read your feedback, and share it with out team. Hopefully in the next few days I can even get a screen shot posted for you!

Best wishes,

  • I don't like the new name.

    Ever heard of "Hacker Defender" -- it protects malware from Hackers.
    Likewise "Windows Defender" will protect you from Windows!

    Frankly "Windows Antispyware" is a fine name. The name is descriptive to tell you what the product does. You are going to confuse a lot of people with this new name.

  • I really like the new name. Windows AntiSpyware is a great product also. I really can't wait for the new build!

    Keep up the good work!

  • I love it. Its all about having confidence in your computer again and the name says it all. I can't wait to see the new UI. Will it continue to use a Splash screen or since it will use a system service that won't be necessary?

  • Definition updates will be released through Windows Update, once a month?

    Isn't that a little dangerous? It seems rather slow for a malware definition update cycle. Also, a definition file update shouldn't need the heavy machinery of a solution designed to deliver executable patches, should it?

  • Vista and XP are mentioned but not W2K Pro. Is there any hope?

  • A little off-topic. There is a bug in AntiSpyware Beta 1. The whole program freezes when it hits a key in the registry with no permissions... Just thought you would like to know.

  • I hope this won't be OLD WINE in a NEW BOTTLE.

  • I think the name will hit a home-run on the marketting front. At the end of the day, though, it doesn't really matter what it is called as long as it does a good job. From everything I have seen it will do just that. The only thing I am waiting patiently for is the corporate version and deployment/management/MMC tools to match.

  • I like this new name. "Windows Defender" is simple and easy to understand. I look forward to the release of "Windows Defender".

  • The name is really meaningless. What it does is what matters. Keep the marketing people out!

    Why oh why did you go with Win Update? The best security feature Windows has is the Limited User function. By going to Win Update, you have effectively killed any chance MSAS will ever be able to used by a Limited User.

    I am truly confused on what you guys at MS think about... :-(

  • When can be actually expect this new build? I hope you keep it pretty low resources. If we have to run antispyware, at least make it very lightweight.

  • I don't like the name.

    The name is confusing and not clear.

    What will be defended exactly?

    "Defender" is a general word, and don't explain what will be defended.

    For sure the "normal" windows user will think windows is complete defended by "Windows Defender", and gives that user a false feeling of security.

    Smokey [Wilders]

  • I like the name for the same reason x doesn't, heh. As a name, "AntiSpyware" creates two problems for me; it re-inforces the inaccurate term "spyware" (most commercial malware derives revenue in ways other than sending home information, so it doesn't "spy" on you, as RATs do for example) and it creates grounds for legal challenge from commercial malware vendors who can claim unfair detection because thier software doesn't "spy", isn't "spyware", etc.

    By toning down the bad-guy rhetoric ("Our software removes software that users have indicated a desire to remove; live with it") the defense tool vendor can avoid litigation from commercial malware vendors.

    I like these new technical developments, but how will MSFT answer charges from other defensive scanners that they are leveraging an unfair advantage by using the Windows Update system to deliver updates?

  • Since no one has asked yet, will it remove Sony's DRM rootkit that game cheaters have now embraced to hide their cheats from game cheating detection systems such as the one used by WoW.

  • Sounds like a super hero.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment