One of the recurring topics of this fine blog is of course cyber security. Today it seems as there are more cyber risks for all of us then every before. However ironically it is actually quite simple to avoid these security pitfalls.
- Think before you click. What I mean here is that only go to reputable websites and do not click on links or attachments in solicited email messages. We have discussed this many time so I won’t go much further here.
- Install, update and pay attention to the security protection software on your computer. Now what is unusual here is that for most consumers free security software is more then enough to protect you and this is what I want to cover here.
There is actually a wide ranging suite of Microsoft security tools and most users are unaware that they are offered for free, by Microsoft, some as part of Windows (out of the box) others available by download.
So here we go…
Malware, as Microsoft defines it
Microsoft divides malware into two broad loosely defined terms: malicious software and potentially unwanted software. The first category covers mostly self-replicating Trojans, viruses, worms, and similar code that infects your PC (typically for some evil purpose) and then seeks to infect other PCs.
The second category — potentially unwanted software — includes undesirable (and often hidden) apps such as spyware that surreptitiously tracks you, keyloggers that capture everything you type, and adware that force-feeds you popup ads. The somewhat clumsy phrase “potentially unwanted” is meant to suggest that you might not want the software if you knew what it really did.
These two categories aren’t precisely mutually exclusive. For example, some potentially unwanted spyware is also self-propagating, like a virus. What’s more, Microsoft sometimes uses the terms interchangeably. Still, these two categories will help you understand the main purposes of Microsoft’s security tools.
The Microsoft Malicious Software Removal Tool
What it is: Microsoft’s Malicious Software Removal Tool (MSRT; more info) is a basic antivirus program. It comes in all current versions of Windows — XP, Vista, Windows 7, and Windows 8. When you install Windows, MSRT is enabled by default.
What it does: MSRT automatically removes malicious software (viruses, worms, etc.) that, based on Microsoft’s internal research, is considered especially prevalent and dangerous to Windows users. MSRT currently targets about 200 of the most common malware types. You’ll find a list of them on the MSRT download page.
How it works: Windows Update automatically refreshes MSRT once a month (it’s always KB 890830), usually on the second Tuesday (aka Patch Tuesday). After updating, MSRT automatically runs, scanning your PC once and removing any active malware infections it finds. No user intervention is required.
One scan a month isn’t especially good malware protection, but you can also run MSRT manually any time you wish (see Figure 1). Simply enter mrt.exe in the XP/Vista/Win7 Start menu Search box or Win8′s Search window and press Enter. Once open, MSRT gives you a choice of quick, full, or custom scans. As you’d expect, the full scan is the most thorough.
Figure 1. The Malicious Software Removal Tool is built into your copy of Windows, and provides basic protection against a selection of common malware threats.
If you want or need a fresh copy of MSRT, it’s available via download pages for the 32-bit or 64-bit versions.
Important to know: MSRT is a strictly post-infection tool. It detects and removes malicious software from already-infected computers — and only if the malware is active and running at the time of the scan. But as MSRT Support article 890830 clearly states, the list of malware it detects represents only “a small subset of all the malicious software that exists today.”
MSRT can’t prevent new malware infections. It also doesn’t target potentially unwanted software (again: spyware, adware, etc.).
Bottom line: MSRT is a “better than nothing” anti-malware tool. There’s no real downside to keeping it on your system — its footprint is small, its impact on system operations is negligible, and it can serve as a kind of last-ditch defense against some very common malware types, should they somehow make it into your system.
But you certainly shouldn’t depend on MSRT as your only or primary defense against malicious software; it’s an incomplete anti-malware solution.
Windows Defender (XP, Vista, Win7 version)
What it is: Windows Defender is a basic tool for guarding against potentially unwanted software. Windows Defender is installed by default in Vista and Win7, and it’s a free download for XP.
What it does: Windows Defender provides always-on, real-time protection against spyware, adware, keyloggers, and so on. It self-updates and runs automatically.
How it works: Windows Defender continually monitors your PC’s files and browsing activity. When it detects potentially unwanted software, it opens a dialog box and lets you decide whether to proceed with the installation. (For more information, see the related Microsoft support article or TechNet’s Windows Defender Guide.)
You can also trigger Windows Defender (shown in Figure 2) manually whenever you want to scan your PC for spyware and other potentially unwanted software, as a Defender support article explains.
Figure 2. Windows Defender for XP, Vista, and Win7 offers real-time protection against adware, spyware, and similar potentially unwanted software.
XP users can download either 32-bit or 64-bit versions.
Important to know: Windows Defender doesn’t detect or remove viruses, worms, and similar malicious software.
Bottom line: Windows Defender complements Microsoft’s Malicious Software Removal Tool. And just like MSRT, it’s better than nothing. Together, MSRT and Defender are a sort of last line of defense — potentially helpful if no other anti-malware tools are active. Fortunately, superior tools are readily available (see next sections).
The all-in-one Microsoft Security Essentials
What it is: Microsoft Security Essentials is Microsoft’s all-in-one, consumer-security tool. It targets both types of malware — malicious software and potentially unwanted software. It’s a free download (site) for XP, Vista, and Windows 7.
What it does: MSE provides always-on, real-time protection for your PC. It detects and removes a wide range of malware. It’s also highly automated, operating with little or no user intervention (see Figure 3).
Figure 3. Operating almost entirely automatically, Microsoft Security Essentials (MSE) provides real-time protection against malware and potentially unwanted software.
How it works: By default, MSE runs continuously in the background whenever your system is on. It updates itself every day. Along with its real-time protection, it also runs scheduled scans of your PC’s memory and files. If you use its default settings, MSE requires almost no user input. But it’s also highly configurable, should you want to change its standard routines.
Important to know: MSE must be manually installed; it’s not built into any version of Windows. On MSE’s MS Download Center page, you’ll find 32- and 64-bit versions for XP, Vista, and Win7.
Typically, to avoid conflicts between AV products, a PC should run only one real-time, anti-malware/anti-spyware tool at a time. In other words, you can run MSE or Windows Defender, but not both at the same time. In fact, when MSE is installed, it disables Windows Defender.
In a similar vein, if you’re running some other always-on, anti-malware tool, you should disable or uninstall that tool before installing MSE. (MSE can’t disable non-Microsoft AV scanners.)
MSE’s principal weakness? It’s not especially adept at guarding against user error, as detailed in the April 7, 2011, Top Story, “LizaM*n infection: a blow-by-blow account.” If you click past security warnings raised by Windows, your browser, and/or MSE itself, MSE will step aside and let malware install. Moreover, based on recent antivirus testing, MSE is currently not among the top-performing AV products.
All of which means that MSE is not the ideal choice for casual or inexperienced Windows users, who are often more easily tricked into installing malware.
Bottom Line: In the right hands — primarily experienced Windows users — MSE is a fine, free security tool. I use it on my XP, Vista, and Win7 machines, and I’ve never run into trouble with an infection.
Windows Defender: Win8′s built-in security tool
What it is: Microsoft has a long history of confusing product names. In this case, the Win8 version of Windows Defender is nothing like the original Windows Defender for XP, Vista, and Win7. It is, in fact, effectively a renamed version of Microsoft Security Essentials.
What it does: In Microsoft’s own words, the Win8 version of “Windows Defender provides the same level of protection against malware as Microsoft Security Essentials.”
How it works: Win8 Defender is virtually identical to MSE in both appearance (see Figure 4) and function.
Figure 4. Despite its name, Win8’s built-in Windows Defender is really just a renamed and minimally altered version of Microsoft Security Essentials.
Important to know: Unlike MSE, Win8 Defender is built into the OS — so there’s nothing to download or install.
Bottom Line: Because Win8 Defender is really a rebranded version of MSE, I don’t recommend it for novices and inexperienced users. But it’s probably fine for anyone who takes the entire process of PC security seriously. I use it on my Win8 systems.
Two special-purpose cleanup tools
No software is perfect — that includes all anti-malware tools, from all vendors. Should your AV product fail and your system become infected, you need a powerful cleanup tool to find and remove the malware.
It’s also good practice to verify that Windows is truly free of malware — even if your full-time scanner appears to be working — by periodically running an AV tool that operates completely on its own.
Microsoft offers two such special-purpose, cleanup/verification tools. Microsoft Safety Scanner is exceptionally simple to use — just click and run. Windows Defender Offline is harder to use, but it employs the best possible techniques for detecting malware hidden at even the deepest levels of your system.
Microsoft Safety Scanner is a Windows security utility that thoroughly scans your PC (see Figure 5) to find and remove both malicious and potentially unwanted software. A standalone application, it’s active only when it’s actually running a system scan. (It’s not constantly on in the background.) That lets it coexist peacefully with whatever full-time anti-malware software you’re using.
Figure 5. Microsoft Safety Scanner works independently of your other security tools and can clean an infected system — or verify that no malware is present.
Microsoft Safety Scanner is compatible with all current Windows versions: XP, Vista, Win7, and Win8. Its info/download page includes 32- and 64-bit versions.
Safety Scanner is extremely easy to use; simply download and launch it, and then select whether you want a quick, full, or custom scan. At the end of the scanning process, you’ll get a report of what Safety Scanner found and removed.
Windows Defender Offline (WDO) is Microsoft’s most powerful anti-malware tool for consumers. It’s a self-contained, downloadable utility that operates completely outside Windows. After you’ve downloaded and launched WDO, it steps you through the process of creating bootable media (CD, DVD, flash drive, etc.) and installing the WDO files. You then restart the PC with the bootable disc/drive.
Because WDO is both operating system and AV scanner, neither the Windows installed on the system hard drive nor any other software is active. Everything on the hard drive is effectively inert. This lets WDO detect malware that is in one way or another well hidden in the Windows system. Because it’s completely standalone, WDO can’t conflict with other security tools you normally use.
WDO targets a wide range of malicious and potentially unwanted software. In operation, it looks and functions almost exactly like Microsoft Security Essentials or the Win8 version of Windows Defender.
If WDO has a weakness, it’s in the task of creating the WDO media. If your system is having difficulty running because of an infection, you’ll need either a working system to build the WDO media or you’ll need to have media you created before the infection (in which case you might not have the latest virus signatures). If you have only one PC, I recommend putting the latest version of WDO on a flash drive once a month or so.
You’ll find both 32- and 64-bit versions of WDO for all current Windows versions (XP through Win8) on its info/download page.
Putting it all together
The following table (Figure 6) is your one-stop reference for Microsoft’s six desktop security tools. It concisely summarizes which Windows versions they’re for, which kinds of malware they target, and whether they’re for prevention or cleanup/verification.
Take your pick: they’re all free!
Figure 6. Microsoft’s six desktop-PC security tools
Now if you made it through this entire article I am very proud off you.