Microsoft Press Windows Vista Administrator's Pocket Consultant ebook
Page 57
With a quick scan, Windows Defender checks areas of memory, the registry, and the file system known to be used by spyware programs, but doesn't perform a comprehensive search for spyware. To start a quick scan, click the Scan button on the Windows Defender toolbar.
With a full scan, Windows Defender performs a thorough check of all areas of the memory, the registry, and the file system for spyware. To start a full scan, click the Scan Options button (located to the right of the Scan button on the tool-bar) and then select Full Scan.
With a custom scan, Windows Defender performs a thorough check of all areas of the memory and the registry, but only checks the areas of the file system that you specify. To start a custom scan, click the Scan Options button (located to the right of the Scan button on the toolbar) and then select Custom Scan. Next, click Select and specify the drives or folders to scan. Finally, click Scan Now.
Checking for Updates
Windows Defender can't do its job of protecting a computer if the spyware definitions are out of date. By default, Windows Defender automatically checks for updated spyware definitions prior to performing an automatic scan. If the computer has access to the Internet or an update server, Windows Defenders is then able to update the spyware definitions. If the computer doesn't have access to the Internet or an update server, Windows Defender is not able to update the spyware definitions and you'll need to manually update the spyware definitions by following these steps:
Click Start and then click Control Panel.
In Control Panel, click Security and then click Check For New Definitions under Windows Defender.
If Windows Defender is open, you can also check for updates by following these steps:
Click the Windows Defender Help Options button. This is the button to the right of the Help button.
Select About Windows Defender.
Click Check For Updates.
Quarantining and Allowing Programs
Windows Defender is configured by default to automatically remove dangerous malicious programs. Other programs that are malicious but not necessarily dangerous may be quarantined. A user may also receive notification about a malicious program and elect to either allow it to run or to quarantine it. Windows Defender tracks details regarding both allowed items and quarantined items.
Quarantined items are disabled and moved to a protected location on the computer, where they can't cause problems. You view and manage quarantined items by clicking Tools and then clicking Quarantined Items. On the Quarantined Items page, quarantined items are listed by name with an alert level and a time stamp. You can manage quarantined items as follows:
Permanently remove all quarantined programs by clicking Remove All.
Permanently remove a specific program by clicking it and then clicking Remove.
Restore a specific a program by clicking it and then clicking Restore.
Allowed items are those that are identified and tracked by Windows Defender but allowed to run on the computer. You can view or manage currently allowed items by clicking Tools and then clicking Allowed Items. On the Allowed Items page, allowed items are listed by name with an alert level and a recommendation for how each program should be handled. If you want Windows Defender to start monitoring the activities of an allowed program again, click the item and then select Remove From List. Windows Defender will then notify the user of any possible malicious activity related to this program.
Managing Automatic Updates
The standard automatic updating feature in Windows Vista is called Windows Update. Windows Update is an enhanced version of the standard automatic update feature included in previous releases of Windows. Not only is Windows Update used to update the operating system, it is also used to update programs that ship with the operating system, such as Microsoft Windows Internet Explorer 7 in Windows Vista, and hardware device drivers. The sections that follow discuss how Windows Update works and how it can be used to help keep a computer up-to-date.
An Overview of Windows Update
Windows Update is a client component that connects periodically to a designated server and checks for updates. Once it determines that updates are available, it can be configured to download and install the updates automatically or to notify users and administrators that updates are available. The server component to which Windows Update connects is either the Windows Update Web site hosted by Microsoft or a designated Windows Update Services server hosted by your organization.
Unlike previous versions' automatic updating features, which only distribute and install critical updates, Windows Update supports distribution and installation of the following:
Critical updates Updates that are determined to be critical for the stability and safeguarding of a computer
Security updates Updates that are designed to make the system more secure
Update roll-ups Updates that include other updates
Service packs Provide a comprehensive update to the operating system and its components, which typically include critical updates, security updates, and update roll-ups
A key part of the extended functionality allows Windows Update to prioritize downloads so that updates can be applied in order of criticality. This allows the most critical updates to be downloaded and installed before less critical updates. You can also control how a computer checks for new updates and how it installs them. The default polling interval used to check for new updates is 22 hours. Through Group Policy, you can change this interval. By default, every day at 3:00 A.M. local time, computers install updates they've downloaded. You can modify the installation to require notification or change the install times if desired.
Windows Vista reduces the number of restarts required after updates by allowing a new version of an updated file to be installed even if the old file is currently in use by an application or system component. To do this, Windows Vista marks the in-use file for update and then automatically replaces the file the next time the application is started. With some applications and components, Windows Vista can save the application's data, close the application, update the file, and then restart the application. As a result, the update process has less impact on users.
Real World
Automatic updating uses the Background Intelligent Transfer Service (BITS) to transfer files. BITS is a service that performs background transfers of files and allows interrupted transfers to be restarted. BITS Version 2.0, which is included with Windows Vista, improves the transfer mechanism so that bandwidth is used more efficiently, which in turn means less data is transferred and the transfer is faster. Through Group Policy, BITS can be configured to download updates only during specific times and to limit the amount of bandwidth used. You configure both settings using the Maximum Network Bandwidth That BITS Uses setting under Computer ConfigurationAdministrative TemplatesNetworkBackground Intelligent Transfer Service in Group Policy. Additionally, using BITS 2.0, Windows Vista can obtain updates from trusted peers across a local area network (LAN) as well as from an update server or from Microsoft directly. Once a peer has a copy of an update, other computers on the local network can automatically detect this and download the update directly from the peer, meaning a required update may only need to be transferred across the wide area network (WAN) once rather than dozens or hundreds of times.
You can use automatic updating in several different ways. You can configure systems to do the following:
Install updates automatically With this option, the operating system retrieves all updates at a configurable interval (22 hours by default) and then installs the updates at a scheduled time, which by default is every day at 3:00 A.M. This represents a change in behavior because users are not required to accept updates before they are installed. Updates are instead downloaded automatically and then installed according to a specific schedule, which can be once a day at a particular time or once a week on a particular day and time.
Download updates but let me choose whether to install them With this option (the default), the
operating system retrieves all updates as they become available and then prompts the user when they are ready to be installed. The user can then accept or reject each update. Accepted updates are installed. Rejected updates are not installed, but they remain on the system so that they can be installed later.
Check for updates but let me choose whether to download and install them With this option, the operating system notifies the user before retrieving any updates. If the user elects to download the update, she still has the opportunity to accept or reject it. Accepted updates are installed. Rejected updates are not installed, but they remain on the system so that they can be installed later.
Never check for updates When automatic updates are disabled, users are not notified about updates. You can, however, download updates manually from the Windows Update Web site (http://www.windowsupdate.microsoft.com/).
When Windows Update is configured for automatic update and install, users are not notified of update availability or installation. In a workgroup environment, a Windows Update icon is placed in the notification area to provide an initial notification. This icon is a yellow shield with an exclamation point. Clicking this icon allows you to configure the initial update and installation schedule. Whenever there are notifications, the icon is displayed as well. In an Active Directory domain environment, a Windows Update icon is not placed in the notification area. It is assumed that in a domain, administrators will configure Windows Update for users. Notifications are only displayed for users if you change the default configuration to require user interaction.
Configuring Automatic Updating
Windows Vista organizes updates into two broad categories:
Security and recommended updates Includes critical updates, security updates, update roll-ups, and service packs for the operating system and programs that ship with the operating system
Drivers and other optional updates Includes updates to drivers that are provided with the operating system and recommended optional updates
By default, Windows Vista is configured to automatically install security and recommended updates only. New updates are installed daily at 3:00 A.M. You can configure automatic updates on a per-computer basis by completing the following steps:
Click Start and then click Control Panel. In Control Panel, click System And Maintenance.
On the System And Maintenance page, click Windows Update. This displays the Windows Update page.
In the left panel, click Change Settings. This displays the Change Settings page.
Specify whether and how updates should occur. By default, Install Updates Automatically is selected.
If you've enabled updates and want to also install drivers and optional updates, select the Include Recommended Updates… check box.
Click OK.
In an Active Directory domain, you can centrally configure and manage automatic updating using the policy settings under Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update and under User ConfigurationAdministrative TemplatesWindows ComponentsWindows Update. Table 15-1 summarizes the key policies.
Table 15-1: Policies for Managing Automatic Updating
Policy Setting
Description
Enabling Windows Update Power Management
When enabled and the computer is configured for automated, scheduled installation of updates, Windows Update will use the computer's power management features to wake the computer from hibernation at the scheduled update time and then install updates.
Allow Automatic Updates Immediate Installation
When enabled, this setting allows Automatic Updates to immediately install updates that do not interrupt Windows services or require the computer to be restarted. These updates are installed immediately after they are downloaded and are ready to install.
Allow Non-Administrators To Receive Update Notifications
When enabled, this setting allows any user logged on to a computer to receive update notifications as appropriate for the Automatic Updates configuration. If disabled or not configured, only administrators receive update notifications.
Automatic Updates Detection Frequency
When enabled, this setting sets the interval to be used when checking for updates. By default, computers check approximately every 22 hours for updates. If you enable this policy and set a new interval, that interval will be used with a wildcard offset of up to 20 percent of the interval specified. This means that if you set an interval of 48 hours, the actual polling interval would be dependent on the computer and be between 38 and 48 hours.
Configure Automatic Updates
When you enable this setting, you can configure how Automatic Updates works using similar options to those described later in this chapter. You can also schedule the installation.
Delay Restart For Scheduled Installations
By default, when a restart is required after an automatic update, the computer is restarted after a five-minute delay. To use a different delay, enable this policy and then set the delay time.
Turn On Recommended Updates Via Automatic Updates
When enabled, recommended updates, including those from drivers and other optional updates, are installed along with other updates.
Enable Client-Side Targeting
When enabled, this setting allows an administrator to define a target group for the current Group Policy Object. Client-side targeting allows administrators to control which updates are installed on specified groups of computers. Before an update is deployed, it must be authorized for a particular target group.
No Auto-Restart For Scheduled Automatic Updates Installations
When enabled, this setting specifies that the computer will not automatically restart after installing updates that require a restart if a user is currently logged on. Instead, Automatic Updates will notify the user that a restart is needed and wait until the computer is restarted. Restarting the computer enforces the updates.
Re-Prompt For Restart With Scheduled Installations
When enabled and when Automatic Updates is configured for scheduled installation of updates, this setting ensures the logged-on user is prompted again after a set interval if a restart was previously postponed. If the setting is disabled or not configured, the default reprompt interval of 10 minutes is used.
Remove Access To Use All Windows Update Features
When you enable this setting, all Windows Update features are removed. Users are blocked from accessing Windows Update, and automatic updating is completely disabled.
Reschedule Automatic Updates Scheduled Installations
When enabled, this setting specifies the amount of time for Automatic Updates to wait after system startup before proceeding with a scheduled installation that was previously missed.
Specify Intranet Microsoft Update Service Location
When enabled, this setting allows you to designate the fully qualified domain name of the Microsoft Update Services server hosted by your organization and of the related statistics server. Both services can be performed by one server.
Checking for Updates
The main Windows Update page provides details on the last time the computer or a user checked for updates, the last time updates were installed, and the current automatic update configuration. You can determine Windows Update usage or manually check for updates by following these steps:
Click Start and then click Control Panel. In Control Panel, click System And Maintenance.
On the System And Maintenance page, click Windows Update. Statistics are provided regarding the most recent check for updates, the last time updates were installed, and the current update configuration.
If you want to manually check for updates, click Check For Updates.
Viewing Update History and Installed Updates
The Windows Update download manager tracks both successful and failed updates using an update history log. You can access this log by following these steps:
Click Start and then click Contro
l Panel. In Control Panel, click System And Maintenance.
On the System And Maintenance page, click Windows Update.
In the left panel, click View Update History. This displays the History page.
On the History page, updates listed with a Successful status were downloaded and installed. Updates listed with an Unsuccessful status were downloaded but failed to install. To remove an update while accessing the History page, click Installed Updates. Then on the Installed Updates page, right-click the update that you do not want and select Remove.
Modifying or Removing Automatic Updates to Recover from Problems
If an automatic update causes a problem on a system, don't worry. You can remove an automatic update in the same way that you uninstall any other program. Simply follow these steps:
Click Start and then click Control Panel. In Control Panel, click System And Maintenance.
On the System And Maintenance page, click Windows Update.
Click View Update History and then click Installed Updates.
To modify an update, select it in the list provided and then click Change.
To remove an update, select it in the list provided and then click Remove.
Restoring Declined Updates
If a user declines an update that you want to install, you can restore the update so that it can be installed. To do this, complete the following steps:
Click Start and then click Control Panel. In Control Panel, click System And Maintenance.
On the System And Maintenance page, click Windows Update.
Click Restore Hidden Updates.
On the Restore Hidden Updates page, select an update you want to install and then click Restore.
Windows Vista will unhide the declined update so that it can be reselected and installed through the normal notification and installation process.