226 Chapter 5 User Account Control
Figure 5-20 Disabling UAC compromises system security
8. Close all windows and reboot the computer.
9. Log on by using the parent_admin account.
10. Perform an administrator task, such as changing system time, or run an application. The
parent_admin account is now running continuously with elevated privileges, and you
no longer need to give permission to continue.
11. Switch user to parent_standard.
12. Attempt to perform an administrator task, such as changing system time, or run an appli-
cation. As Figure 5-21 demonstrates, a user logged on with a standard account cannot
perform administrator tasks and is not prompted for administrator credentials.
Figure 5-21 A standard user can no longer supply administrator credentials
Lesson 1: Configuring and Troubleshooting User Account Control 227
13. Switch user to parent_admin.
14. Restore the Run All Administrators In Admin Approval mode setting to Enabled.
15. Restore to their defaults any other UAC settings that you have changed.
16. Close all windows and reboot the computer.
Optional Practice: Configuring Legacy Software to Run In
Windows Vista
In this practice session, you use the Windows Vista Program Compatibility Wizard to config-
ure legacy software so that it runs in Windows Vista. You should carry out this practice only
if you have legacy software—typically, a third-party program—that you want to run in Windows
Vista. If you have no such requirement, you do not need to perform the practice. If in the future
you need to run such software or if a user you are supporting has this requirement, then you
can do the practice.
 Practice 1: Running the Program Compatibility Wizard
In this practice you use the Program Compatibility Wizard. The practice also demonstrates
that you can often run a utility from the same Windows Vista Help and Support screen that
you use to obtain information about it.
1. If necessary, log on using the parent_admin account.
2. Locate the software that you want to run. Typically, this will be on an installation CD-

ROM or possibly in the Windows.old subdirectory. The software must not be an anti-
virus program, a disk utility, or any other system program.
3. In Windows Vista Help And Support, search for “Compatibility Wizard.”
4. Click the Start The Program Compatibility Wizard link.
5. Click the Click To Open The Program Compatibility Wizard link.
6. The Welcome page appears. Click Next.
7. Select an option from the page shown in Figure 5-22. The option you select depends on
the location of your legacy software. If in doubt, select I Want To Locate The Program
Manually, click Next, and then click Browse.
228 Chapter 5 User Account Control
Figure 5-22 Selecting a program location
8. Select the legacy program you want to run, as shown in Figure 5-23. Your legacy program
will almost certainly be different from the one shown in the figure. Click Next.
Figure 5-23 Selecting a program
Lesson 1: Configuring and Troubleshooting User Account Control 229
9. Select the OS that is recommended for the program or that previously successfully sup-
ported the program. Click Next.
10. Specify display settings, as shown in Figure 5-24. Click Next.
Figure 5-24 Specifying display settings for legacy software
11. Many legacy programs (unfortunately) can run only in the context of an administrator
account. If this is the case with your legacy program, select the Run This Program As An
Administrator check box. Click Next.
12. If you are happy with your settings, click Next.
13. In the UAC dialog box, click Allow.
14. If you have configured the settings correctly, the legacy program should run. If it is an
installation program, you can install the software.
15. You are prompted to inform Windows Vista whether the compatibility settings you con-
figured were satisfactory, as shown in Figure 5-25. If so, select Yes, Set This Program To
Always Use These Compatibility Settings. Click Next.
230 Chapter 5 User Account Control

Figure 5-25 Setting the legacy program to use the specified settings
16. If you want to, send information about your program compatibility settings to Microsoft.
Select either Yes or No, and then click Next.
17. Click Finish to close the wizard.
Lesson Summary
■ You can use the Program Compatibility Wizard to run legacy programs in Windows
Vista. Where such programs write to protected areas, Windows Vista sets up directories
in the user profile to clone the protected areas.
■ By default, UAC ensures that an administrator account runs without elevated privileges
except when such privileges are required to perform an administrator task. The user
grants permission for this to happen.
■ A standard user is, by default, prompted to supply administrator credentials if he or she
attempts to perform an administrator task.
■ The built-in Administrator account is disabled by default. When enabled, it does not, by
default, use UAC and always runs with elevated privileges.
■ You can configure UAC settings to change the user experience of administrators, stan-
dard users, and the built-in Administrator.
■ You can configure UAC settings to change how Windows Vista handles unsigned appli-
cation files and UIAccess applications.
■ You can disable Secure Desktop. You can also disable UAC entirely, but this is not rec-
ommended.
Lesson 1: Configuring and Troubleshooting User Account Control 231
Lesson Review
You can use the following questions to test your knowledge of the information in Lesson 1,
“Configuring and Troubleshooting User Account Control.” The questions are also available on
the companion CD if you prefer to review them in electronic form.
NOTE Answers
Answers to these questions and explanations of why each answer choice is correct or incorrect are
located in the “Answers” section at the end of the book.
1. Ian McLean is writing Chapter 5 of a book about Windows Vista. He wants to generate

a figure that shows a UAC dialog box. He has not changed any UAC settings. He logs on
with the administrator account he created when he installed Windows Vista and
attempts to change the system time. When the UAC dialog box appears, he presses Print
Screen, and then clicks Cancel to close the box. He opens Microsoft Paint and selects the
Edit menu, but Paste is not available. What has he done wrong?
A. He should not have clicked Cancel on the UAC dialog box.
B. He should have disabled Secure Desktop.
C. He should have logged on as a standard user. UAC does not apply to administrators.
D. He should have logged on with another administrator account. UAC does not apply
to the administrator account that he created when he installed Windows Vista.
2. What setting disables UAC?
A. User Account Control: Run All Administrators In Admin Approval Mode is Disabled
B. User Account Control: Run All Administrators In Admin Approval Mode is Enabled
C. User Account Control: Behavior Of The Elevation Prompt For Administrators In
Admin Approval Mode is set to Elevate without prompting
D. User Account Control: Behavior Of The Elevation Prompt For Administrators In
Admin Approval Mode is set to Prompt For Credentials
3. You want to ensure that legacy applications that attempt to write to protected parts of the
registry or file system cannot run in Windows Vista. What UAC setting do you configure?
A. User Account Control: Only Elevate Executables That Are Signed And Validated is
Enabled
B. User Account Control: Only Elevate Executables That Are Signed And Validated is
Disabled
C. User Account Control: Virtualize File And Registry Write Failures To Per-User
Locations is Enabled
D. User Account Control: Virtualize File And Registry Write Failures To Per-User
Locations is Disabled
232 Chapter 5 User Account Control
4. You want to configure UAC settings. You open Local Security Policy from the Adminis-
trative Tools menu and expand Security Settings. How do you access the UAC settings?

A. Expand Local Policies, and select Security Options.
B. Expand Local Policies, and select Audit Policy.
C. Expand Local Policies, and select User Rights Assignment.
D. Select Software Restriction Policies.
5. You have installed Windows Vista Ultimate on a computer that is part of a workgroup.
Which of the following UAC settings are enabled by default? (Choose all that apply.)
A. User Account Control: Admin Approval Mode For The Built-In Administrator
Account
B. User Account Control: Virtualize File And Registry Write Failures To Per-User
Locations
C. User Account Control: Only Elevate Executables That Are Signed And Validated
D. User Account Control: Only Elevate UIAccess Applications That Are Installed In
Secure Locations
E. User Account Control: Run All Administrators In Admin Approval Mode
F. User Account Control: Switch To The Secure Desktop When Prompting For
Elevation
6. You are having difficulty running a legacy Windows 95 program in Windows Vista. You
discover that the program will run only in the context of an administrator account. How
do you run this program?
A. You cannot run legacy programs that run only in the context of an administrator
account.
B. You need to enable the User Account Control: Virtualize File And Registry Write
Failures To Per-User Locations setting.
C. You need to run the Program Compatibility Wizard and select the Run This Pro-
gram As An Administrator check box.
D. You need to enable the User Account Control: Only Elevate Executables That Are
Signed And Validated setting.
Chapter 5 Review 233
Chapter Review
To further practice and reinforce the skills you learned in this chapter, you can perform the fol-

lowing tasks:
■ Review the chapter summary.
■ Review the list of key terms introduced in this chapter.
■ Complete the case scenarios. These scenarios set up real-world situations involving the
topics of this chapter and ask you to create a solution.
■ Complete the suggested practices.
■ Take a practice test.
Chapter Summary
■ UAC ensures that user accounts runs without elevated privileges unless the task the user
wants to carry out requires such privileges. By default, administrators grant permission
for this to happen while standard users need to supply the credentials of an administra-
tor account. UAC does not apply to the built-in Administrator account by default.
■ Windows Vista permits legacy software that attempts to write to protected areas by vir-
tualizing these areas in the user’s profile. You can use the Program Compatibility Wizard
to run legacy programs that have compatibility issues.
■ UAC settings determine how Windows Vista handles unsigned application files and
UIAccess applications and whether Secure Desktop is enabled when a UAC dialog box
is generated.
Key Terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book.
■ access token
■ account escalation
■ Admin Approval mode
■ administrator application
■ context
■ credentials
■ digitally signed
■ legacy programs
■ local Administrators group

234 Chapter 5 Review
■ privileges
■ Secure Desktop
■ User Account Control (UAC)
Case Scenarios
In the following case scenarios, you will apply what you have learned about configuring and
troubleshooting UAC and running legacy applications. You can find answers to these ques-
tions in the “Answers” section at the end of this book.
Case Scenario 1: Giving Advice On User Account Control
You are an IT professional for a company that provides equipment for home and small busi-
ness users. Your company’s customer installations typically consist of between four and eight
workstations configured as a workgroup. Your company has recently been supplying worksta-
tions that run Windows Vista, and you have been asked to give advice about UAC. Answer the
following questions:
1. Don Hall, the Chief Executive of Margie’s Travel, is not convinced about UAC. He wants
to know why he, as an administrator, needs to click Continue every time he wants to per-
form an administrator-level task. What do you tell him?
2. Don is unconvinced. As an administrator he wants to be able to perform all tasks with-
out prompting. What setting can he change to accomplish this with the least impact on
network security?
3. Don does not want any users logged on with standard accounts to be able to change con-
figurations that affect any other user. As an IT professional, part of whose job specifica-
tion is to advise on security, what do you tell him? If he insists on reconfiguring UAC,
how best can he achieve his objectives with the least impact on network security?
4. Don wants to make the minimum number of changes to UAC configuration while assur-
ing that he, as an administrator, is not prompted to give permission while performing
administrative tasks while standard users are prohibited from initiating such tasks. How
can Don reconfigure UAC to meet this goal, and what warning would you give?
Case Scenario 2: Running Legacy Programs
As an IT professional providing customer support, you need to advise customers about run-

ning legacy programs. Answer the following questions:
1. Kim Ackers wants to prohibit any legacy program that attempts to write to protected reg-
istry locations from running. What UAC setting should she configure?
Chapter 5 Review 235
2. Don Hall cannot run a legacy program because it needs to run with a full administrator
access token. How can he run the program?
3. You have a legacy virus protection program that you want to run in Windows Vista. You
have read that the Windows Vista Program Compatibility Wizard can help configure leg-
acy software so it can run. Should you use this wizard in this instance? If not, why not?
Suggested Practices
To help you successfully master the exam objectives presented in this chapter, complete the
following tasks.
Configure and Troubleshoot User Account Control
■ Practice: Investigate Additional UAC Settings The first practice session in this chapter
asks you to reconfigure the UAC settings most commonly changed and investigate the
results. Reconfigure the settings not specified in the practices and investigate the results.
Configure Legacy Programs to Run in Windows Vista
■ Practice: Locate and Configure Legacy Programs Locate some legacy programs. If you or
some friends and colleagues have old software installation CD-ROMs for Windows 95,
Windows 98, or Windows ME, you can use setup programs on those disks. Configure
the software so it runs in Windows Vista.
Take a Practice Test
The practice tests on this book’s companion CD offer many options. For example, you can test
yourself on just one exam objective, or you can test yourself on all the 70-620 certification
exam content. You can set up the test so that it closely simulates the experience of taking a cer-
tification exam, or you can set it up in study mode so that you can look at the correct answers
and explanations after you answer each question.
MORE INFO Practice tests
For details about all the practice test options available, see the “How to Use the Practice Tests” sec-
tion in this book’s Introduction.


237
Chapter 6
Configuring Internet Explorer
Security
Any computer that accesses the Internet comes under attack when a user browses webpages.
Spyware can be covertly installed on your computer, often when you download and install
other programs, such as music or video file sharing programs. It can generate annoying adver-
tisements (this type of spyware is sometimes called adware), collect personal information, or
change the configuration of your computer, generally without your consent.
Eliminating all spyware is exceptionally difficult. However, Microsoft Windows Defender,
which ships with Windows Vista, can scan for, identify, and eliminate most spyware. In this
chapter, you learn how to configure Windows Defender, update your spyware definitions, and
manage applications by using the Software Explorer feature.
Spyware is only one of the several ways that your computer can be attacked while browsing
the Internet. Internet Explorer 7+ (IE7+) offers a number of features that dynamically protect
you from unwanted Internet content and other attacks. You can invoke protected mode, block
pop-up windows, configure security zones and privacy settings, manage add-ons, and config-
ure the phishing filter service. Phishing is a type of scam that attempts to lure Internet users
into disclosing personal information, such as their social security numbers, bank account
details, or credit card numbers.
Exam objectives in this chapter:
■ Configure Windows Defender.
■ Configure Dynamic Security for Internet Explorer 7.
Lessons in this chapter:
■ Lesson 1: Configuring Windows Defender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
■ Lesson 2: Configuring Dynamic Security for Internet Explorer 7+. . . . . . . . . . . . . . . 266
238 Chapter 6 Configuring Internet Explorer Security
Before You Begin
To complete the lessons in this chapter, you must have done the following:

■ Installed Windows Vista Ultimate on a personal computer, as described in Chapter 1,
“Installing Windows Vista Client,” and Chapter 2, “Windows Vista Upgrades and
Migrations.”
■ Created an administrator account and standard accounts and enabled the Run com-
mand on the Start menu, as described in Practices 1, 2, and 3 of Chapter 4, “Configuring
and Troubleshooting Internet Access,” Lesson 1, “Configuring and Troubleshooting
Parental Controls and Content Advisor.”
No additional configuration is required for this chapter.
Real World
Ian McLean
Not all software that generates advertisements or tracks your online activities is neces-
sarily unauthorized. For example, you might sign up for a free music service and consent
to receive targeted advertisements as part of your agreement. Removing the software that
generates the advertising would breach your agreement and result in your no longer
being able to download music files. Always read download agreements carefully and be
wary of anything that is offered “for free.”
Lesson 1: Configuring Windows Defender 239
Lesson 1: Configuring Windows Defender
Windows Defender helps protect your computer against pop-ups, slow performance, and
security threats caused by spyware and other unwanted software. It features real-time protec-
tion and a monitoring system that recommends actions against spyware when it is detected. It
also minimizes interruptions and helps you stay productive.
As an information technology (IT) professional, you should run antispyware software such as
Windows Defender regularly. You would find it extremely embarrassing and unprofessional if
your own machine became seriously infected. However, your first duty is to protect your col-
leagues by ensuring that Windows Defender is correctly configured on their machines. You
might also provide help desk support to customers, possibly as part of a warranty agreement,
and advise them on how best to protect their systems.
Spyware and other potentially unwanted software can attempt to install itself any time you
connect to the Internet. It can also infect your computer when you install some programs

using a CD-ROM, DVD-ROM, or other removable media. Unwanted or malicious software
(malware) can also run at unexpected times, not only when it is installed.
This lesson explores Windows Defender features—for example, real-time protection, IE7+ inte-
gration, and Software Explorer. It describes how you configure custom scans, update your spy-
ware definitions, and address definition update issues. It looks at the facilities that Windows
Defender provides for managing applications.
After this lesson, you will be able to:
■ Configure Windows Defender real-time protection.
■ Configure and run a custom scan.
■ Schedule a scan and specify actions to be taken based on the alert level of potential
threats.
■ Schedule spyware definition updates.
■ Troubleshoot definition update issues and spyware removal.
■ Use Software Explorer to manage applications.
Estimated lesson time: 50 minutes
Real-Time Protection
Windows Defender provides real-time protection whether or not you have opened the Windows
Defender program from the All Programs menu and whether or not you are logged on. Windows
Defender real-time protection alerts you when spyware or potentially unwanted software
attempts to install or run on your computer. It also alerts you when programs attempt to
240 Chapter 6 Configuring Internet Explorer Security
change important Windows settings. Not all programs are necessarily malicious, and real-time
protection provides a number of alert levels, as listed in Table 6-1.
Table 6-1 Windows Defender Real-Time Protection Alert Levels
Alert Level What Has Been Detected What You Need To Do
Severe Widespread or exceptionally mali-
cious programs—for example, viruses,
Trojan horses, or worms—that affect
your privacy and the security of your
computer and could damage your

computer.
Remove this software immediately.
High Programs that potentially collect per-
sonal information and affect your pri-
vacy or damage your computer—for
example, by changing settings without
your knowledge or consent.
Remove this software immediately.
Medium Programs that potentially affect your
privacy or make changes to your com-
puter that could affect your computing
experience—for example, by collecting
personal information or by changing
settings.
Review the alert details to see why the
software was detected. If you do not
like the way that the software operates
or if you do not recognize and trust the
publisher, consider blocking or remov-
ing the software.
Low Software that might collect informa-
tion about you or your computer or
change how your computer works but
is operating in agreement with licens-
ing terms displayed when you
installed the software.
This software is typically benign when
it runs on your computer, unless it was
installed without your knowledge. If
you are unsure whether to allow it,

review the alert details or check to see
if you recognize and trust the pub-
lisher of the software.
Not yet
classified
Programs that are typically benign
unless they are installed on your com-
puter without your knowledge.
If you recognize and trust the software,
allow it to run. If you do not recognize
the software or the publisher, review
the alert details to decide what action
to take. If you are a SpyNet community
member, check the community ratings
to see if other users trust the software.
Lesson 1: Configuring Windows Defender 241
Depending on the alert level, you can choose one of the following actions:
■ Ignore Allows the software to be installed or run on your computer. If the software is
still running during the next scan or if the software tries to change security-related set-
tings on your computer, Windows Defender will alert you about this software again.
■ Quarantine Moves the software to another location on your computer and then pre-
vents the software from running until you choose to restore it to its original location or
remove it.
■ Remove Permanently deletes the software.
■ Always Allow Adds the software to the Windows Defender allowed list and allows it to
run on your computer. Windows Defender no longer alerts you to risks that this soft-
ware might pose. You should add software to the allowed list only if you trust both the
software and the software publisher.
Windows Defender real-time protection also alerts you if software attempts to change impor-
tant Windows settings. In this case, the software is already running on your computer and you

can choose one of the following actions:
■ Permit Allows the software to change security-related settings on your computer.
■ Deny Prevents the software from changing security-related settings on your computer.
Quick Check
■ You receive a Windows Defender real-time protection alert that warns you that a
potentially malicious program is attempting to run on your computer. You can
choose one of several options. What choices do you have?
Quick Check Answer
■ Ignore
■ Quarantine
■ Remove
■ Always Allow
You can configure real-time protection by clicking Tools in Windows Defender, clicking
Options, and scrolling to the Real-Time Protection Options settings, as shown in Figure 6-1.
242 Chapter 6 Configuring Internet Explorer Security
Figure 6-1 Real-Time Protection Options dialog box
In the dialog box shown in Figure 6-1, you can choose the software and settings that you want
Windows Defender real-time protection to monitor. However, Microsoft recommends that you
use all of the real-time protection options, called agents. For this reason, the practice session
later in this lesson does not ask you to reconfigure real-time options. Table 6-2 lists these
agents and states the purpose of each.
Table 6-2 Windows Defender Real-Time Protection Agents
Real-Time
Protection Agent
Purpose
Auto Start Monitors programs that are allowed to automatically run when you start
your computer. Spyware and other malware are often configured to run
automatically when Windows starts, enabling them to run without your
knowledge and collect information. Programs configured in this way can
also make your computer start or run slowly.

System Configura-
tion (Settings)
Monitors security-related settings in Windows. Spyware and other mal-
ware can change hardware and software security settings and then collect
information that can be used to further undermine security.
Internet Explorer
Add-ons
Monitors programs that automatically run when you start IE7+. Spyware
and other malware can masquerade as web browser add-ons and run
without your knowledge.
Lesson 1: Configuring Windows Defender 243
MORE INFO Windows Defender real-time protection
For more information, search Windows Help and Support for “Understanding Windows Defender
real-time protection.”
Internet Explorer
Configurations
(Settings)
Monitors browser security settings, which are your first line of defense
against Internet attacks. Spyware and other malware can try to change
these settings without your knowledge.
Internet Explorer
Downloads
Monitors files and programs that are designed to work with IE7+, such as
ActiveX controls and software installation programs. The browser itself
can download, install, or run these files. Spyware and other malware can
be included with these files and installed without your knowledge.
Services and Drivers Monitors services and drivers. Because services and drivers perform essen-
tial computer functions, they have access to important routines in the
operating system (OS). Spyware and other malware can use services and
drivers to gain access to your computer or to run undetected on your com-

puter as if they are normal OS components.
Application
Execution
Monitors when programs start and any operations they perform while
running. Spyware and other malware can use vulnerabilities in programs
that you have installed to run without your knowledge. Windows
Defender real-time protection monitors your programs and alerts you if it
detects suspicious activity.
Application
Registration
Monitors tools and files in the OS. Programs that purport to be part of the
OS can run at any time, not just when you start Windows or another pro-
gram. Spyware and other malware can register programs to start without
notice and run, for example, at a scheduled time each day without your
knowledge.
Windows Add-ons Monitors Windows add-on programs (also known as software utilities).
Add-ons are designed to enhance your computing experience in areas
such as security, browsing, productivity, and multimedia. However, add-
ons can also install programs that collect information about you or your
online activities and expose sensitive personal information—often to
advertisers.
Table 6-2 Windows Defender Real-Time Protection Agents
Real-Time
Protection Agent
Purpose
244 Chapter 6 Configuring Internet Explorer Security
The SpyNet Community
The online Microsoft SpyNet community helps you see how other people respond to
software that has not yet been classified for risks. If you can determine whether other
community members allow or block software, this can help you choose whether to allow

it on your computer. If you participate in the community, your choices are in turn added
to the community ratings to help other people choose what to do.
Spyware is continually being developed, and SpyNet ratings help Microsoft determine
which software to investigate. For example, if members of the community identify sus-
picious software that has not yet been classified, Microsoft will analyze the software,
determine if it is spyware, and, if needed, update the Windows Defender definitions.
Up-to-date definitions help Windows Defender detect the latest spyware threats and
prevent spyware from infecting your computer. Even if software is not spyware, Windows
Defender alerts you if it detects that software is operating in a way that might be malicious
or unwanted.
If you join SpyNet, Windows Defender automatically sends information to Microsoft
about spyware, potentially unwanted software, and software that has not yet been ana-
lyzed for risks. The actions that are applied to the software are also reported to Microsoft.
To join the Microsoft SpyNet community, you open Windows Defender from the Start,
All Programs menu, click Tools, and then click Microsoft SpyNet. On the resulting win-
dow, shown in Figure 6-2, you can select your level of participation or decide that you do
not want to participate. By default, you are registered with a basic membership. If you
want to change this, select one of the other options and click Save. You need to supply
administrator credentials or, if you are an administrator, click Continue in the User
Access Control (UAC) dialog box.
Lesson 1: Configuring Windows Defender 245
Figure 6-2 Selecting the level of SpyNet participation
If Windows Defender subsequently detects software on your computer that has not yet
been classified for risks, you might be asked to send a sample of the software to
Microsoft SpyNet for analysis. In this case, Windows Defender displays a list of files that
can help analysts determine if the software is malicious. You can choose to send some or
all of the files in the list.
If you suspect that a file or program on your computer might be spyware, you can send
it to Microsoft by following the online instructions at />/security/spyware/software/support/reportspyware.mspx.
If Windows Defender alerts you about software that you do not believe to be malicious

or unwanted, you can report this to Microsoft by completing the False Positive report
form at />246 Chapter 6 Configuring Internet Explorer Security
Internet Explorer Integration
Windows Defender integrates with IE7+ to enable files to be scanned when they are down-
loaded. This helps ensure that a user does not accidentally download malicious software.
Windows Defender can block suspicious downloaded files when you attempt to execute
them. If, for example, you manually choose to install an IE7+ add-on or other type of Web
download and Windows Defender has marked the file as suspicious, it blocks that installation.
The Windows Defender service runs constantly in the background regardless of which type of
user account you are using or whether you have opened the application from the All Programs
menu. It also works when no one is logged on. Windows Defender attempts to work mainly in
the background like any other integrated IE7+ component, requiring as little user intervention
and generating as few pop-ups as possible. The developers have made a genuine attempt to
make the application less annoying than the spyware it blocks.
Windows Defender also integrates tightly with Microsoft’s PC health subscription service,
Windows Live OneCare, and with the SpyNet community. The SpyNet community was
described earlier in this chapter.
Windows Live OneCare
Windows Live OneCare is a subscription service, so you need to pay for it. It integrates
tightly with Windows Defender and extends the protection that Windows Defender pro-
vides. Windows Live OneCare helps protect your computer and provides automated
optimization features that should keep your PC running at its optimum speed. It also
regularly backs up files and settings to CD-ROM, DVD-ROM, or external hard disk.
The service provides virus and spyware scanners and a managed, two-way firewall.
These features help protect your computer from viruses, worms, Trojan horses, hackers,
and other threats. It runs continuously in the background, but you can scan individual
files and folders for viruses on demand. You can also scan attachments you receive
through Windows Live Messenger or MSN Messenger.
Windows Live OneCare regularly defragments your computer’s hard disk and removes
any unnecessary files. It helps ensure that important security updates from Microsoft are

installed efficiently and on time.
Finally, the service provides an online help service available 24 hours a day, 7 days a
week.
Lesson 1: Configuring Windows Defender 247
CAUTION Online help services can sometimes fail
A 24-hours-a-day, 7-days-a-week online help service implies that no service downtime is
scheduled. However, an online service can sometimes fail for reasons that are outside the
service provider’s control. Do not, therefore, assume the service will always be available when
you need it. If the service is down, wait for a while, and then try again.
Many of the services that Windows Live OneCare provides (backup, updates, virus scan-
ning, spyware detection, and so on) are already available for free, but you need to con-
figure and maintain them. It is unarguably convenient to have everything in the one
package, but whether you choose to pay the subscription is up to you (or your
employer). You can obtain more information about Windows Live OneCare at http://
www.windowsonecare.com/.
NOTE Further IE7+ integration
In Windows Defender Beta 1, users were able to use software explorers to browse downloaded
ActiveX controls and track eraser activities (which erase all tracking of a user’s Internet activity). The
reason that Microsoft gives for removing the ActiveX and tracks eraser functionality is that this
functionality is now found in IE7+. This is a further example of the tight integration between
Windows Defender and IE7+.
Configuring Custom Scans
You can use Windows Defender to scan for spyware and other potentially unwanted software
that might be installed on your computer, to schedule regular scans, and to automatically
remove any malicious software that is detected during a scan.
You can choose to scan only specified locations on your computer. This is known as a custom
scan. However, if a custom scan detects potentially unwanted or malicious software, Windows
Defender then automatically runs a quick scan so it can remove the detected items from other
areas of your computer if required.
You can configure a custom scan by opening Windows Defender, clicking the arrow next to

the Scan button, and then clicking Custom Scan. You can then select Scan Selected Drives And
Folders and click Select. The resulting dialog box is shown in Figure 6-3.
248 Chapter 6 Configuring Internet Explorer Security
Figure 6-3 Configuring a custom scan
You can then select the drives and folders that you want to scan, click OK, and then click Scan
Now. You configure a custom scan in the practice session later in this chapter.
Choosing Advanced Scanning Options
When you configure Windows Defender to scan your computer, you can select advanced
options. You access these options by clicking Tools in Windows Defender, clicking Options,
and scrolling to Advanced Options, as shown in Figure 6-4.
Figure 6-4 Specifying advanced scanning options
Lesson 1: Configuring Windows Defender 249
The following advanced options are available:
■ Scan The Contents Of Archived Files And Folders For Potential Threats Scanning these
locations might increase the time required to complete a scan, but spyware and other
potentially unwanted software can install itself in these locations.
■ Use Heuristics To Detect Potentially Harmful Or Unwanted Behavior By Software That Has
Not Been Analyzed For Risks
Windows Defender uses definition files to identify
known threats, but it can use heuristics to detect and alert you about potentially harmful
or unwanted software that is not yet listed in a definition file.
■ Create A Restore Point Before Applying Actions To Detected Items Because you can set
Windows Defender to automatically remove detected items, this option is provided to
enable you to restore system settings if you want to use software that you did not intend
to remove.
■ Do Not Scan These Files Or Locations Use this option to specify any files and folders
that you do not want Windows Defender to scan.
NOTE Heuristics
Heuristics is the application of experience-derived knowledge to a problem. Heuristics software
looks for known sources, commonly used text phrases, and transmission or content patterns that

experience has shown to be associated with potentially harmful or unwanted software. In simple
terms, heuristics is what a program uses to obtain the best possible answer when it does not have
enough information to guarantee a correct one.
Configuring Administrator Options
The Administrator Options section is located below the Advanced Scanning Options in the
Windows Defender Options dialog box. If you select the Use Windows Defender check box,
all users are alerted (if Windows Defender is on) when spyware or other potentially harmful
software attempts to install or run on the computer. Windows Defender checks for new defi-
nitions, scans the computer regularly, and automatically removes harmful software. However,
if only this option is selected, elevated privileges are required to configure Windows Defender
and determine when scans occur.
If, in addition, you select the Allow Everyone To Use Windows Defender check box, this allows
all users, including standard users, to scan the computer, configure how Windows Defender
deals with potentially harmful software, and review all Windows Defender activities.
250 Chapter 6 Configuring Internet Explorer Security
Scheduling Windows Defender Scans
You cannot schedule custom scans, but you can schedule either quick scans or full system
scans. Microsoft recommends that you schedule a daily quick scan. This checks the areas of
your computer that spyware and other potentially unwanted software is most likely to infect.
If you want Windows Defender to check all files and programs on your computer, you can
instead run or schedule a full scan.
Based upon the alert level, you can choose to automatically remove spyware and other poten-
tially unwanted software if it is detected during a scan, to ignore items, or to perform a default
action that Windows Defender determines based on the definition of the software it detects.
Figure 6-5 shows the relevant dialog box, which you access by clicking Tools on the Windows
Defender menu and then clicking Options. You perform this configuration in the practice ses-
sion later in this chapter.
Figure 6-5 Scheduling scans and specifying actions depending upon the alert level
NOTE Severe alert items
You cannot select a default action for software items with a severe alert rating because Windows

Defender automatically removes such an item or alerts you to remove it. If software has not yet
been classified for potential risks to your privacy or your computer, you need to review information
about the software and then choose an action.