Windows 7 / Security and Privacy

Understanding Microsoft SpyNet

Microsoft's goal is to create definitions for all qualifying software. However, thousands of new applications are created and distributed every day, some of which have behaviors unwanted by some people. Because of the rapid pace of newly released software, people can possibly encounter potentially unwanted software that Microsoft has not yet classified. In these cases, Windows Defender should still warn the user if the software takes a potentially undesirable action such as configuring itself to start automatically each time the computer is restarted.

To help users determine whether to allow application changes (detected by real-time protection) when prompted, Windows Defender contacts Microsoft SpyNet to determine how other users have responded when prompted about the same software. If the change is part of a desired software installation, most users will have approved the change, and Windows Defender can use the feedback from SpyNet when informing the user about the change. If the change is unexpected (as it would be for most unwanted software), most users will not approve the change.

Two levels of SpyNet participation are available:

  • Basic Windows Defender sends only basic information to Microsoft, including where the software came from, such as the specific URL, and whether the user or Windows Defender allowed or blocked the item. With basic membership, Windows Defender does not alert users if it detects software or changes made by software that has not yet been analyzed for risks. Although personal information might possibly be sent to Microsoft with either basic or advanced SpyNet membership, Microsoft will not use this information to identify or contact the user.
  • Advanced Advanced SpyNet membership is intended for users who have an understanding of the inner workings of the operating system and might be able to evaluate whether the changes an application is making are malicious. The key difference between basic and advanced membership is that with advanced membership, Windows Defender will alert users when it detects software or changes that have not yet been analyzed for risks. Also, advanced membership sends additional information to SpyNet, including the location of the software on the local computer, filenames, how the software operates, and how it has affected the computer.

You can configure your SpyNet level by clicking Microsoft SpyNet on the Windows Defender Tools page.

In addition to providing feedback to users about unknown software, SpyNet is also a valuable resource to Microsoft when identifying new malware. Microsoft analyzes information in SpyNet to create new definitions. In turn, this helps slow the spread of potentially unwanted software.

[Previous] [Contents] [Next]