In the first installment of this article, we looked at the User Account Control feature in Vista and how it protects against malware. Now we’ll look at two additional tools: Windows Defender and the Malicious Software Removal tool.
Windows Defender is a spyware scanning application that looks for potential threats and shuts them down and alerts you when applications engage in suspicious activities. Windows Defender is configured to scan your computer every day at 2:00 AM. This schedule should be changed if the scan cannot be performed at this time.
You should enable the Check for updated definitions before scanning option. This is your best bet for ensuring the software is up-to-date with the latest definitions. Otherwise you must be diligent enough to manually check for updates on a regular basis.
Note: Windows Defender should be used in conjunction with third party anti-virus software.
There are several settings within the Local Computer Policy for controlling how Windows Defender behaves. The settings you configure will be specific to your requirements of your computing environment.
For example, if WSUS is used to deploy updates to Windows Defender, you should consider enabling the Turn on definition updates through both WSUS and Windows Update. In the event that the WSUS server in your environment is unavailable, Vista will use Windows Update to check for new definitions.
Malicious Software Removal Tool
Even with the appropriate security measures in plan, there is still the risk that an instance of malware can go undetected by your anti-virus software or even disable it. The Malicious Software Removal Tool is designed for such situations. When the tool is run, it detects and removes any malicious software it finds on your computer.
Although the tool is not necessary if you are running up-to-date anti-virus software, it does provide another layer of protection. The tool is installed with Vista and is available as a free download for Windows XP. You can locate the tool by typing mrt.exe in the Search field on the Start menu.
When the tool is run, you can choose the type of scan to perform. As you can see from the exhibit, you can perform a Quick, Full or Custom scan. If you choose a Quick scan, the Malicious Software Removal Tool will scan the areas of a computer that are likely to contain malicious software.
With a Full scan, the entire system is checked for malware. You should perform a Full scan every once in a while but be advised that it can take up to a few hours depending on your system. Finally, you can opt to perform a Custom scan and choose the folders or areas of your computer that you want the Malicious Software Removal Tool to scan. The results of the scan will indicate whether any malicious software was found on your computer.
In the last installment of this article, we’ll look at how Software Restriction Policies, Internet Explorer and the Windows Firewall work to protect your computer against malware.