Microsoft Windows Defender is perhaps the best free antispyware application we looked at this year, but it's lacking when compared to brand-name antivirus-plus-antispyware solutions. We also disagree with Microsoft's aggressive need to verify our Windows licence (not once but twice) before allowing us the opportunity to download and install Windows Defender. Given it's a free app, we would prefer that Microsoft see the larger picture and have all desktops clean of malicious spyware, regardless of their Windows status. Once Windows Defender is installed, it's not bad, though it could be better. Advanced users will appreciate the granularity in its controls. We fault Windows Defender only for being too lenient with some adware and spyware, labelling most every item we tested as low threats, an opinion not shared by other vendors.
Although Windows Defender is free, you cannot simply download and run the product. As mentioned, if you haven't already done so, you must first download and install the Windows Verification tool on your desktop, then you must validate that you are in fact running a licensed version of Windows. Only then may you download Windows Defender. Guess what? Microsoft then asks you again to validate your copy of Microsoft Windows before continuing with the Windows Defender wizard. If you follow the default settings in the installation wizard you are automatically signed up for Microsoft SpyNet, Microsoft's in house database of spyware seen in the wild. If you do not want any information transmitted back to Microsoft, choose the Install Definition Updates Only option instead. You will also need to agree to a supplemental licence agreement (one that goes beyond what you agreed to when you installed your genuine version of Windows XP SP2 or Windows Vista). And there you have it. It's like getting frisked (twice) as you walk into the post office; Microsoft makes the process of downloading and installing unpleasant for such a pithy application.
The final release of Windows Defender didn't wow us with its design. The interface looks as though some coder realised they needed a front end to go with the program and slapped together some buttons, a dropdown menu, and a few other goodies. More advanced users won't care; the interface is clean and relatively well-organised. But there's a lot of unused white space and small type.
The final version of Windows Defender includes, among other changes from the beta, support for Windows XP SP2 x64 editions. There's also an enhanced scanning engine, a new interface, and protection for non-administrator users on your system. As for specific features, advanced users will appreciate these more than the casual user.
The Windows Defender History feature acts like HijackThis, logging changes made to the system registry. The difference is that HiJackThis provides a snapshot; Windows Defender provides a running log of all system changes. The Tools page is Defender's catch-all page. Under Options, you'll find automatic scanning, default actions, real-time protection options, advanced options, and administrator options. Most users will not need to change these settings. There's also an option to join or leave SpyNet. As a member, quarantine lists will be sent to SpyNet for processing, alerting Microsoft to new outbreaks and new spyware.
Software Explorer is also a cool tool, allowing you to look at start-up programs, currently running programs, network connected programs, and Winsock service providers. Reviewing these lists is another way to check against rogue applications running on your desktop. Many name programs are automatically listed as "permitted", but we found several Google products, such as Picasa, marked "not yet classified".
Windows Defender is fast at scanning, but we found it always removed all the traces of sample spyware in our tests. Overall, Windows Defender is neither excellent nor seriously deficient. In exclusive testing by CNET Labs, Windows Defender's active shields identified and blocked seven out of eight spyware samples we attempted to install, missing only one generic Trojan, Compare-prices.zip. For scanning and removing existing spyware samples, Windows Defender faired worse, catching and removing only half. As for the removal itself, in half the cases Windows Defender left some spyware residue behind, creating the possibility that some of the sample spyware could reinstall itself.
Windows Defender includes two free support incidents, except Microsoft qualifies it by adding "examples of valid support scenarios are installation, configuration, definition update, detection, and removal errors." After the first two, Microsoft will charge US$35 per incident. Microsoft does host several free user forums around its Windows Defender product.
It's hard to knock a free product that works and gives you some technical support. We only wish that Microsoft would be more aggressive with its threat ratings and actually remove items that other vendors agree could pose a danger. Now that the Anti-Spyware Coalition has agreed upon best practices, perhaps Microsoft will improve its test results next year.