Windows Defender (version 1593) review: Windows Defender (version 1593)

Editors' note: On March 5, 2008, CNET revised its antispyware review ratings to emphasize a product's ability to remove spyware. The new ratings are based on the following formula: Installation (20 percent), Features (20 percent), Performance (50 percent), and Support (10 percent). In most cases a product's rating went down, expanding the range between highest and lowest rated.

Microsoft Windows Defender is perhaps the best free antispyware application we looked at this year, but we disagree with Microsoft's aggressive need to verify our Windows license--not once but twice--before allowing us the opportunity to download and install Windows Defender. Given that it's a free app, we would prefer that Microsoft see the larger picture and have all desktops clean of malicious spyware, regardless of their Windows status. Once Windows Defender is installed, it's pretty darn good. Advanced users will appreciate the granularity in its controls. We do continue to fault Windows Defender only for being too lenient with some adware and spyware, labeling most every item we tested as low threats, an opinion not shared by other vendors, but Windows Defender did detect 9 out the 10 spyware items in our CNET tests and was among our top products for completely removing spyware infections.

Setup
Although Windows Defender is free, you cannot simply download it and run the product. As mentioned, if you haven't already done so, you must first download and install the Windows Verification tool on your desktop, then you must validate that you are in fact running a licensed version of Windows. Only then may you download Windows Defender. Guess what? Microsoft then asks you again to validate your copy of Microsoft Windows before continuing with the Windows Defender wizard. If you follow the default settings in the installation wizard, you are automatically signed up for SpyNet, Microsoft's in-house database of spyware seen in the wild. If you do not want any information transmitted back to Microsoft, choose the Install Definition Updates Only option instead. You will also need to agree to a supplemental license agreement, one that goes beyond what you agreed to when you installed your genuine version of Windows XP SP2 or Windows Vista. And there you have it. It's like getting frisked (twice) as you walk into the post office; Microsoft makes the process of downloading and installing so unpleasant for this free application that you might not have the patience for it.

Interface
The final release of Windows Defender didn't wow us with its design. The interface looks as though some coder realized he needed a front end to go with the program and slapped together some buttons, a dropdown menu, and a few other goodies. More advanced users won't care; the interface is clean and relatively well-organized. But there's a lot of unused white space and small type.

Features
The free Windows Defender is more than adequate, although Microsoft says a more enhanced version is available in Microsoft Windows Live OneCare. Still, the free version offers a fast scanning engine and protection for non-administrator users on your system. As for specific features, advanced users may appreciate these more than the casual user would.

The Windows Defender History feature acts like HiJackThis, logging changes made to the system registry. The difference is that HiJackThis provides a snapshot; Windows Defender provides a running log of all system changes. The Tools page is Defender's catch-all page. Under Options, you'll find automatic scanning, default actions, real-time protection options, advanced options, and administrator options. Most users will not need to change these settings. There's also an option to join or leave SpyNet. As a member, quarantine lists will be sent to SpyNet for processing, alerting Microsoft to new outbreaks and new spyware.

Software Explorer is also a cool tool, allowing you to look at start-up programs, currently running programs, network-connected programs, and Winsock service providers. Reviewing these lists is another way to check against rogue applications running on your desktop. Many name programs are automatically listed as "permitted," but we found several Google products, such as Picasa, still marked "not yet classified."

Performance
For antispyware protection, Microsoft Windows Defender lands in second place in our current CNET antispyware tests. CNET Labs conducts three separate tests using spyware found to be bundled within free applications rejected by CNET Download.com (as part of its software policies, Download.com does not host applications containing known spyware). In the first test, active detection, Windows Defender detected 70 percent of the spyware; in the second test, on-demand, Windows Defender detected 80 percent of the spyware; and in the final test, removal, Windows Defender removed all traces of 70 percent of the spyware in the test.

Support
Windows Defender includes two free support incidents, although Microsoft qualifies coverage by adding: "examples of valid support scenarios are installation, configuration, definition update, detection, and removal errors." After the first two, Microsoft will charge $35 per incident. Microsoft does host several free user forums around its Windows Defender product.

Conclusion
It's hard to knock a free product that works and gives you some technical support. We only wish that Microsoft would be more aggressive with its threat ratings and actually remove items that other vendors agree could pose a danger. That said, Windows Defender performed very well in our December 2007 test results.