Saturday, January 20, 2007

Windows Defender - Cool Feature

[UPDATE: Windows Defender had all the useful functionality removed in Windows 7. So someone will have to write another application to do this all over again so Microsoft can by it for billions of dollars all over again.]

Windows Defender has a feature that is pretty cool. I don't know if they added it recently or I just missed it but it really helps pinpoint the nitty gritty of your network traffic.

If you do a netstat in a command window you can see a bunch of IP addresses and ports and try to figure out which apps are generating which of those lines of traffic - and it is a pain.

Windows Defender has a section that tells you which programs and services are connected to the network, as well as the end point IPs and ports.

For example you can see a program xyz and the local IP is your local ip address connected on port 52345 and the remote IP is IP (randomly picked this out of my head) on port 80 (which you know means you are connected over HTTP probably to a web site but possibly to something else.

Then you can look up those IPs on or in the appropriate databases:,,,, to verify that the process claiming to be the Google Toolbar update checker is really going to a Google IP address.

Pretty cool and much needed...if you've been following this blog for the life of it back to the day when I was complaining about this problem with Windows (and reporting it to a guy that I know is in contact with Bill Gates.) Could I have made a difference? Who knows...I am just happy to see it.

What would be even more useful now (maybe it is there) would be to log all this traffic because I have a feeling hackers are monitoring logins and web sites and they know, for instance, when someone is remotely connected to or logged into a machine, when an app has been updated, and then they wait for you to get off and fire up their nasties. So whenever you look on the machine - it's clean. You never see a problem real that would be the next logical step. I'll have to do some research to see if it's in there already.