MORE INFORMATION
Q: What is Windows Security Center?
A: Windows Security Center lets you automatically verify the status
of the major security functions:
Firewall, Automatic Updates,
and Virus Protection. A new Windows Security Center feature in Control
Panel tells
you whether these key security capabilities are turned on and up-to-date.
When a problem is detected, you receive
notification and a
list of recommended steps
that may
help secure your computer.
Q: When will I interact with, or see, Windows Security Center?
A: When all three Windows Security Center components, Firewall, Automatic Updates, and Virus Protection, are in a secure and up-to-date state, no alerts appear. This condition is known as the "green" state. If any one of the three components are in a non-secure or undetectable state, a red icon that is shaped like a shield appears in the icon tray and a balloon message states that "Your computer might be at risk." This condition is known as the "red" state. If you are using an antivirus or firewall program that you monitor yourself, the computer is in a "yellow" state.
Q: How does Windows Security Center detect third-party products and their status?
A: Windows Security Center uses a two-tiered approach for detection
status.
One tier is
manual, and the
other tier is automatic through Windows Management
Instrumentation (WMI). In manual detection mode, Windows Security Center
searches for registry keys and files that
are provided to Microsoft by independent software
manufacturers.
These registry keys and files let Windows
Security Center detect
the status
of independent
software. In WMI mode, software manufacturers determine their own
product status and report that status back to Windows Security Center through a WMI
provider. In both
modes,
Windows Security Center tries to determine whether
the following is true:
- An antivirus program is present.
- The antivirus
signatures are up-to-date.
- Real-time
scanning or on-access scanning
is turned on
for antivirus programs.
- For firewalls, Windows Security Center detects whether a
third-party
firewall is installed and whether the firewall is turned on or not.
Q: Will Windows Security Center indicate that my computer is protected when, in fact, my computer may not be protected for whatever reason? Does Windows Security Center provide a false sense of security?
A: An installed program
will always provide the most detailed information about the
status of that program. In WMI mode, Windows
Security Center will only report information that
is provided by software
manufacturers.
Therefore, no
inconsistency in
information will exist between the installed program
and Windows Security Center.
In manual detection mode, certain
cases may
occur where a program incorrectly reports its state to
Windows Security Center.
However, precautions have been taken to help make sure
that
these cases
are rare situations. The most common case of false
reporting would be an antivirus program that appears to have up-to-date
signatures, when,
in fact,
a more recent signature is available. In this case, the manual
detection mechanism uses details that
are provided by the program
manufacturer to determine when a signature is
considered out-of-date,
but, for some reason, an anomaly causes the program to
provide an incorrect message. However,
because signatures are regularly updated, the
incorrect message will remain
only
while manual detection methods are being used.
The message will be corrected when
the next signature update is delivered, generally within a matter of
days or hours.
Q: What recommendations are made when my antivirus program is out-of-date or when I have no antivirus program installed?
A: When Windows
Security Center does not detect an antivirus program,
you
receive the following
message:
Your
computer may be at risk. Antivirus software might not be installed. Click this
balloon to fix this problem.
If
you click the balloon,
Windows Security Center
starts. If you then
click
Recommendations,
Windows Security Center displays a
Recommendation
dialog
box. If you click
How?,
you are
directed to a Web page that lists Microsoft Windows Security Center antivirus
partners.
When Windows
Security Center detects that an antivirus program is out-of-date,
you
receive the following message:
Program_Name reports
that it might be out of date.
If
you click
Recommendations,
the following two options appear:
-
Update one of your installed antivirus programs. Note: You'll have to make sure
that you have a current subscription with your antivirus provider to do this.
- Get
another antivirus program. How?
Q: Are all the major antivirus manufacturers participating?
A: We have received cooperation from all the major antivirus
manufacturers.
Q: What about Symantec? Why does Windows Security Center not detect the status of Norton products?
A: Symantec's product status architecture is unique among firewall
and antivirus manufacturers and requires a different approach to guarantee
detection of Symantec
products. Symantec is in the process of developing WMI providers
and has plans to distribute the
WMI providers to all active customers shortly
after Windows XP SP2 releases.
The
Symantec WMI providers will enable full detection by
Windows Security Center for
active Norton customers.
Without the updated WMI providers, Windows Security Center will detect only
whether
Norton products
exist. No
status detection
will be available. You will receive a "red alert" message
because Windows XP could not detect an up-to-date
and active antivirus
program. For more information about Symantec and Windows XP SP2, visit the following Symantec Web site:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Q: Will I be forced to use certain third-party antivirus or firewall software? Can I use software that is not detected by Windows Security Center?
A: You are not required
to use
an antivirus or firewall
software program that is compliant with Windows Security Center. If you use
software that is not detectable, you may select
Windows Security Center options
that let
you monitor your
security status on your own. This
scenario causes a "yellow"
caution state, but
you will not receive messages that prompt you to change your configuration.
If you prefer not to be alerted in any circumstance, you
can turn off all notifications.
To turn off
all notifications, follow these steps:
- Click Start, click Run,
type wscui.cpl, and then click OK.
- In the Resources area, click
Change the way Security Center alerts me.
- Click to clear the following check boxes:
- Firewall
- Automatic Updates
- Virus Protection
- Click OK.
Q: What happens if an antivirus or firewall software manufacturer decides not to participate?
A: Windows Security Center will try to tell
you about
antivirus or firewall programs that
reside on your computer. If a manufacturer decides not to participate, Windows Security
Center will not be able to detect the
manufacturer's programs.
Q: Does Windows Security Center recognize third-party firewalls?
A: Yes.
Windows Security Center will recognize third-party
firewalls. Third-party
firewall manufacturers work with Windows Security Center by
using the same process as the antivirus software
manufacturers.
Q: Do third-party firewall manufacturers have to do anything to be recognized by Windows Security Center?
A: Yes. For
manual detection to
occur, third-party
firewall software must be
compatible with Windows Security Center detection. However, any firewall
software
manufacturer can create
a WMI provider and report program status directly to Windows Security Center.
The third-party products that this
article discusses are manufactured by companies that are independent of
Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the
performance or reliability of these products.