Windows has built-in tools to help
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.
If you think your PC is infected with some kind of malware or you just want to do a scan as part of a digital cleanup, Windows has a built-in security tool that can help you on your way — no third-party software to install or pay for. It’s called Windows Security.
Once upon a time, Windows Security was called Windows Defender Security Center, but the app is largely similar. Searching “Windows Defender” in the Start menu will bring up Windows Security, and even now, Microsoft often refers to its actual antivirus scanning as Windows Defender.
Microsoft’s built-in anti-malware software used to be thought of as totally worthless, but these days, it can hang with big names like Kaspersky and Avast in independent tests (blocking 99.7% of threats). Microsoft has also been pushing security with Windows 11, even going so far as to confusingly lock out people with older computers that don’t have certain hardware. But when it comes to good old-fashioned software security, Windows 11 is relatively simple.
To open it, you can simply type “Windows Security” into the Start menu search. You can also get to it by going to “Settings” > “Privacy & Security” > “Windows Security,” which will give you a quick overview of your system’s status. You can then click the “Open Windows Security” button to get access to the full app.
After you’ve got it open, here’s some of what you can do:
By default, Windows’ built-in security will run in the background and attempt to immediately block any malicious files that make their way to your computer. However, if you want to do periodic spot checks, you can manually run a scan.
To do this, go to “Windows Security” > “Virus & threat protection,” and click the “Quick scan” button. If you want to do a more thorough scan, which will take longer but will check all your files and running programs, you can instead click the “Scan options” button, and choose “Full scan.”
If Windows finds malware during the scan, you can click the “Start actions” button to begin the process of removing the virus(es) from your computer.
If the scan doesn’t turn up anything, you’ll just see a report about how long the scan took, how many files were scanned, and when the scan took place.
If you want to make sure Windows is always scanning for viruses in the background, you can go to “Windows Security” > “Virus & threat protection” > “Virus and threat protection settings.” Click on “Manage settings” and make sure the “Real-time protection” option is toggled on.
To make sure your computer is using the latest antivirus definitions, you can go to “Windows Security” > “Virus & threat protection” > “Virus & threat protection settings.” Click on “Manage settings” and make sure “Cloud-delivered protection” is toggled on.
Windows 11 generally does its best to keep itself updated, but to manually check, you can go to “Settings” > “Windows update,” which can be found both at the bottom left and top right. From there, you can click the “Check for updates” button. You can also type “check for updates” in the Start menu search bar to be taken directly to the “Windows Update” screen.
If you’ve installed a lot of apps from the Microsoft Store, you can update those as well by opening the Microsoft Store, going to “Library” (on the bottom left of the window), then clicking the “Get Updates” button.
If you’re running the latest version of Windows 10, the process for running a virus scan will be largely the same as on Windows 11. On some older versions of Windows 10, you’ll use the Windows Defender Security Center application instead, but the process will be much the same after you open the app.
Malware comes in many shapes and forms, but there are some common things it may do to your computer. If you notice that your search engine, browser homepage, or even desktop wallpaper have changed without you doing anything, it may be time to run a scan as described above. Other symptoms could be your computer running hotter or slower than usual or seeing popups or notifications that you haven’t seen before.
Google has a great video describing some of the common symptoms of malware.
If you get a notification from the Microsoft Security app saying that it’s detected a threat, it’s likely that the problem has already been dealt with. However, it is worth double-checking the notification — some malware (especially malicious web ads) will pretend to be an antivirus notification to get you to click on them.
Windows Security notifications will look like the image shown below and will appear on the top right corner of your screen. After they disappear, they’ll be shown on the notification screen, which you can view by clicking on the clock in your taskbar.
While anti-malware software tries its best to only flag the bad files and leave the good ones, sometimes it will get it wrong. If you’re very sure that Windows has made a mistake and deleted a file that it shouldn’t have, you can retrieve it.
Before you do so, it’s worth noting that just because you trust the person who sent you a file does not mean that the file is safe. There is some malware that is able to hijack people’s emails and send copies to everyone in their contacts. If you receive a suspicious file from someone you trust, it’s a good idea to ask them about it before trying to open it.
To view and restore an incorrectly flagged file, go to “Windows Security” > “Virus and threat protection” > “Protection history.” There you’ll find any threats that Windows Security found, along with their severity level. To restore a file (which, again, you should be very careful before doing), click on the entry, then click the “Actions” button to get access to the “Allow” button.
What happens after you allow the file depends on how it was dealt with. If its status is “Quarantined,” allowing it will put it back on your computer. If its status is “Removed,” you’ll have to download it again, but Microsoft Security won’t stop you.
You can view a list of the detected files you’ve allowed by going to “Windows Security” > “Virus & threat protection” > “Allowed threats.” If you’ve decided they are indeed a threat, you can re-delete them by clicking on them, then clicking the “Don’t allow” button.
Sometimes there are viruses or pieces of malware that fight back when you try to remove them. To help deal with this, Windows has a sort of extra-strength version of its antivirus scan. To run it, go to “Windows Security” > “Virus & threat protection” > “Scan options,” and select “Microsoft Defender Offline scan.” After clicking the “Scan now” button, your computer will restart into a special mode to do a scan. Once it’s done, your computer will restart again, bringing you back to Windows.
If your computer still shows signs of being infected, some of us here at The Verge recommend the free version of Malwarebytes, which has saved our (and our relatives’) machines more than a few times. (It’s a good idea to have Malwarebytes already on your computer since some malware can block you from installing any additional security apps.)
If your PC is still locked up, or you’re suddenly getting notifications that you need to send somebody money to unlock it, it may be time to contact an IT professional.
While Windows Security should do a good job at protecting your computer from viruses, malware, and other nasty files, there are still things it can’t do — for instance, even with Windows 11, the built-in tools won’t protect you from email phishing scams or from scam ads in your web browser.
If you’re looking to step up your game from the basic Windows Security, you might want to check out anti-malware suites, such as McAfee, Norton 360, Kaspersky or Bitdefender. Searching out a few reviews will give you a good idea of what you need (and what you don’t — looking at you, programs that come with crypto miners).
If you’ve heard about the dangers of running multiple anti-malware systems, don’t worry; Microsoft says its built-in solution will automatically turn off if it detects that there’s another antivirus installed and activated. If you uninstall the other anti-malware app, Microsoft’s should turn back on automatically.
Subscribe to get the best Verge-approved tech deals of the week.
Please confirm your subscription to Verge Deals via the verification email we just sent you.
Oops. Something went wrong. Please enter a valid email and try again.
Biden to create cybersecurity standards for nation’s ports as concerns grow over vulnerabilities
WASHINGTON (AP) — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.
Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.
The new standards, which will be subject to a public comment period, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them. They require port operators to notify authorities when they have been victimized by a cyberattack. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.
Why Was Sam Altman Fired? Possible Ties to China D2 (Double Dragon) Data from Hackers
Theories are going around the internet why Sam Altman was fired. On an insider tech forum (Blind) – one person claims to know by third-hand account and how this news will trickle into the media over the next couple of weeks.
It’s said OpenAI had been using data from D2 to train its AI models, which includes GPT-4. This data was obtained through a hidden business contract with a D2 shell company called Whitefly, which was based in Singapore. This D2 group has the largest and biggest crawling/indexing/scanning capacity in the world 10x more than Alphabet Inc (Google), hence the deal so Open AI could get their hands on vast quantities of data for training after exhausting their other options.
The Chinese government became aware of this arrangement and raised concerns with the Biden administration. As a result, the NSA launched an investigation, which confirmed that OpenAI had been using data from D2. Satya Nadella, the CEO of Microsoft, which is a major investor in OpenAI, was informed of the findings and ordered Altman’s removal.
There was also suggestion that Altman refused to disclose this information to the OpenAI board. This lack of candor ultimately led to his dismissal and is what the board publicly alluded to when they said “not consistently candid in his communications with the board.”
To summarize what happened with Sam Altman’s firing:
1. Sam Altman was removed from OpenAI due to his ties to a Chinese cyber army group.
2.OpenAI had been using data from D2 to train its AI models.
3. The Chinese government raised concerns about this arrangement with the Biden administration.
4. The NSA launched an investigation, which confirmed OpenAI’s use of D2 data.
5. Satya Nadella ordered Altman’s removal after being informed of the findings.
6. Altman refused to disclose this information to the OpenAI board.
We’ll see in the next couple of weeks if this story holds up or not.
AMAZON says cloud operating normally after outage left publishers unable to operate websites…
SEATTLE (AP) — Amazon’s cloud computing unit Amazon Web Services experienced an outage on Tuesday, affecting publishers that suddenly found themselves unable to operate their sites.
The company said on its website that the root cause of the issue was tied to a service called AWS Lambda, which lets customers run code for different types of applications.
Roughly two hours after customers began experiencing errors, the company posted on its AWS status page that many of the affected AWS services were “fully recovered” and it was continuing to recover the rest. Soon after 6:30 pm E.T., the company announced all AWS services were operating normally.
Amazon said it had experienced multiple error rates for AWS services in the Northern Virginia region where it clusters data centers. The company said customers may be dealing with authentication or sign-in errors when using some AWS services, and experiencing challenges when attempting to connect with AWS Support. The issue with Lambda also indirectly affected other AWS services.
Patrick Neighorn, a company spokesperson, declined to provide additional details about the outage.
AWS is the market leader in the cloud arena, and its customers include some of the world’s biggest businesses and organizations, such as Netflix, Coca-Cola and government agencies.
Tuesday’s outage was first confirmed shortly after 3 p.m. ET. and it was unclear how widespread the problem extended. But many companies, including news organizations such as The Verge and Penn Live, said they were experiencing issues. The Associated Press was also hampered by the outage, unable to operate their sites amid breaking news that former President Donald Trump was appearing in court in Miami.
Morgan Durrant, a spokesperson for Delta Air Lines, said the company experienced “some slowing of inbound calls for some minutes” on Tuesday afternoon. But he said the outage did not impact bookings, flights or other airport operations.
The episode on Tuesday is reminiscent of a much longer AWS outage in December 2021, which affected a host of U.S. companies for more than five hours.
The outage comes as Amazon is holding a two-day security conference in Anaheim, California to tout its cloud offerings to its clients or other companies that might be interested in storing their data on its vast network of servers around the world. Companies have been cutting back their spending on the unit, causing growth to slow during the most recent quarter.