Windows Defender Explained

  • Comments 16
  • Likes

Hi, I’m Mike Chan, a product manager for Windows Vista. I wanted to let everyone know about a great feature that is included in Windows Vista. The threat of malicious software is still a problem that many customers face today and Microsoft has been making progress against these threats over the past few years with a combination of guidance, industry partnership and security technologies. One of our latest technologies to combat malicious and unwanted software is with Windows Defender (WD), which helps prevent poor performance and unwanted pop-up ads that can be caused by spyware. Windows Defender also helps keep private information out of the hands of spyware and other potentially unwanted software. Using Windows Defender is easy with single click access to features such as a quick scan. Windows Defender also works in the background to protect you against software that attempts to install onto your machine without proper consent or notification. One of the little known facts about Windows Defender is that it is now implemented as a system service so it provides protection for all users and utilizes User Account Control (UAC) ( to take any actions that need administrator privileges. The UI runs under the user context, but all scanning and cleaning activities are accomplished by the service. Furthermore, there is integration with IE ( so that downloads are scanned when they are downloaded to help ensure that you do not accidentally download malicious software. This is accomplished using the IOfficeAntiVirus API ( Note, the API is used for any file scanning, not just for Office or AntiVirus. Also, Windows Defender is not a replacement for AntiVirus and Microsoft always recommends that customers deploy a full AV product. Also, Microsoft is committed to providing our customers with free on-going definition updates so you don’t ever have to worry about your protection expiring. The added security that Windows Defender provides lets you get back to using your computer without unneeded interruptions. For more information, visit and remember to check out the Microsoft anti-malware blog (


  • Nice.

  • Thanks Mike

  • Nice! Great to see a blog specially for Windows Vista.

  • Windows Vista users run with the least priviledges and not as admin, the services run in a separated session from the user session, drivers and Vista components are almost completely in user space and not in kernel space, there's the UAP in order to authorize the programs to run, IE7+ use the protected mode, etc.
    So I think Windows Defender is a great program, but it's not so important on Windows Vista.

  • I’d like to respond to Luca’s comment about the relevance of Windows Defender on Vista. We have made many improvements to security including UAC (new name for UAP), IE7+protected mode and better kernel isolation, but Windows Defender is still very much a needed part of Windows Vista. The reason is that it turns out much malicious software today installs on a machine due to social engineering instead of vulnerability exploits. Also, there can be unwanted software that also runs happily as a user context (they still have access to all your user information and adware can run under the user context as well). Therefore, in order to help protect the users' information, as well as help the customer be more safe by alerting them to potentially unwanted software before they install it, Windows Defender is still very relevant on Windows Vista and in fact works better on Vista as we have integration with both UAC and IE7.

    Mike Chan [MSFT]

  • What the hell do you think your doing microsoft. I dont won't your new os! Stop stealing open source code and using it!

  • I hope there is a way to disable&uninstall all these user-protection systems in your new operating system?

  • Alex, Mike Chan here – the product manager for Windows Defender. There is indeed a way to disable Windows Defender as well as many of the other user protection technologies that come with Vista. If you have alternative anti-spyware products, or your own favorite personal firewall, you can disable the respective technology in Windows Vista. Our first goal is the security of our customers, so as long as you have protection that you trust, feel free to use it!

  • Do you know if Windows Vista will have a code injection protection? A warning if a process is injecting some code into another process.

  • What about "Tracks Eraser" from MS Spyware Beta 1?  There are several blogs and posts out there of complaints that Defender did not continue on with this tool.

    I am one of those who is dissapointed that this tool is gone.

    I have a secific issue that cannot be resolved and short of bringing my PC to Washington and throwing it through a window at MS HQ to make someone there fix it because nothing else will.  I was going to try tracks eraser from an old Spyware Beta 1 download, but upon installation, it forced me to immediately upgrade to Defender.

    Specifically, how does one clear the Address Bar in IE 6 of addresses that are "remembered" somewhere on my computer in a file that doesn't exist to the obvious user when Tools - Internet Options - Content tab - Auto Complete - Clear DOES NOT WORK.  Nor do the suggested registry edits.  Nor do the "clear history", delete temp files, buttons or any other button for that matter in all of Windows XP designed to clear "history", "autocomplete" or the like form fields.  And there's not a KB article to be found that solves the issue either.  Where are these URLs "remembered"?  Where/How can I blow them away?

    In the mean time I have to disable Auto Complete so I don't get prompted with "remembered" URLs.

    Tracks eraser, I am sure, would have taken care of this issue for me.  PUT IT BACK so I can find out.

  • You are correct – Windows Defender does not monitor code injection.  The way Windows Vista protects against code "injection" such as buffer overflows is through enabling the DEP (data execution prevention) that prevents code from being executed if it is "injected" into a buffer which is marked as "data only."

  • Hi Eric S:  IE7 is the answer – the reason why Windows Defender no longer includes "Tracks Eraser" is because much of its functionality will be duplicated with IE7, so download and use the IE7 beta and you will see the privacy "eraser" buttons there.

  • Thank you much for that comment.  I also found a site that offered much insight into my problem.  And after researching further myself, there is a lot of truth to the information and my issue has been resolved with their product.

    Thanks again!

  • I am also disappointed with the omission of "tracks eraser" from the Beta 2 of Windows Defender, and I do not agree with Winblog that IE7 is the answer.

    Tracks eraser went further than only cleaning out IE. With one click of the button, recent file lists and temp files of windows, office, WMP, etc. were also cleaned (I remember I checked 17 items to be cleaned). This was very useful to keep a computer free from garbage, and to protect privacy on shared computers.

    Can you explain why it was removed, and what you propose as alternative?


  • Mike, Windows defender is all very nice and all. But I need to please know what AntiVirus program I can run with Vista build 5456. Norton will not install. I had to turn off UAC because its annoying. The pop ups were driving me bannanas. No one, and I mean no one will want UAC active after spending an hour with it. I guarantee it. Again, if anyone has a clue which antivirus, if any will work smoothly, please let me know.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment