Windows Defender Beta 2 Review

Suzi Turner, of fame, had said she would do a review of Windows Defender Beta 2, and she’s finally gotten around to it. I myself plan on reviewing it, but it’s little league baseball time and I have been very busy in the evenings. I may end up waiting until my son get’s his machine all infected again.

As promised a few days ago, I finally got a virtual machine upgraded to Service Pack 2 for testing Windows Defender Beta 2. For the sake of convenience, I’ll refer to it as WD for most of this post. When I wrote about WD previously, I mentioned the review at where WD was tested against 6 keyloggers, which is not a particularly valuable test in my opinion.

The tests were done on a virtual machine with Windows XP with SP2, fully patched, running in VMware Workstation 5.5.1. Testing consisted of two parts. For the first test, I had WD running with all components of real-time protection turned on. I surfed to Claria’s website and downloaded two Claria apps, GotSmiley and a screensaver. When I downloaded the apps, Windows Defender presented an alert and asked whether or not to remove, get more information or ignore. I chose ignore and allowed the installation. After installation, I did the full scan and WD detected both apps correctly and asked me to select an action.

In the second test, I went to a website known to spyware researchers as a consistently reliable source of spyware. Immediately prior to going to the site, I ran InCtrl5 in order to track changes to the system. I turned off WD’s real-time protection for this test so I could test scan and removal capabilities. I had to restart the test twice because the vm quickly became so infested it froze. On the third try, after about 5 minutes on the site, I disconnected NAT, killing the internet connection for the vm, so I didn’t lose control of the machine. Before running any scans I ran InCtrl5 again. In less than 6 minutes, the spyware had added 230 registry keys, deleted 32 keys, added 386 values, deleted 82 values, changed 46 values, added 16 folders, and added 389 files. I ended up with the following:

CmdServices, also known as Command
NetMon aka Network Monitor
Paytime.exe, related to CoolWebSearch
AvenueMedia/Internet Optimizer also known as DyFuCa
CAS-Client (ConsumerAlertSystem)
TagASaurus, aka enbrowser
drsmartload1.exe aka Troj/Drsmartl-N
MoneyTree Dialer
Service: Windows Overlay Components – file name C:\WINDOWS\tihotdj.exe, aka Trojan.Adclicker
My homepage was changed to c:\secure32.html

Click here to read the results, they are very interesting as it includes some info about the major free anti spyware programs. I just wish she would’ve included X-Cleaner in it as well, as it is one of the best programs, in my personal opinion. Suzi posted an article about the review here, but that just links to the zdnet post, the main reason to click there is to read everything else, loads and loads of spyware info, including research and info on our favorite spyware app, 180solutions.