If you’ve recently bought a Windows 10 PC or upgraded your PC to Windows 10, you might be wondering how secure the operating system is. Fortunately, by default, Windows 10 is more secure than Windows 7 and Windows 8.1. It has many new security features to help block viruses and malware infections. This is especially true if you are using new hardware.
While Windows 10 is more secure, there are even more options for additional security. In this post, I will only cover the various Windows settings that you can tweak to make Windows more secure. I will not mention any third party programs like antivirus, anti-spyware, etc. For more security tips, you should read my post on How to Protect Yourself from Hackers and Spyware.
Privacy settings in Windows 10
The first thing I do whenever I set up a new Windows 10 PC is turn off all the tracking features that Microsoft included in Windows 10. Unfortunately, this is one area that is no better than older versions of Windows.
Windows 10 has several features that plug into Microsoft, and while they won’t cause a hack or virus infection, they are still a bit unsettling. Do I really want Microsoft to always know what I’m typing on my computer, or to listen to everyone in the room all the time because of Cortana? Not really.
It’s much easier to do this the first time you install Windows because you can click Configure and disable everything at once. Obviously, if you can’t reset or reinstall Windows, you can manually change the settings.
To do this, go to “Settings” and click “Privacy”. On the left, you will find a lot of items, and on the right, their on / off options. I literally have everything turned off and I only turn something on if I come across an application that requires a certain permission.
Enable automatic updates
If you are using Windows 10, you should definitely turn on automatic updates. It should be enabled by default, but it’s still a good idea to check. Click Start, type Windows Update and then click Windows Update Settings.
This will take you to the settings dialog in Windows Update. Click Advanced Options and make sure the dropdown list is Automatic (Recommended).
Also, be sure to check the Provide me updates for other Microsoft products when I update Windows box. This is especially important if you have Office installed as it will also install all security and feature updates related to Office.
Enable Windows Defender
Again, this should be enabled, but to test it, click Start, then Settings and Update & Security. Click Windows Defender and make sure the following three options are enabled: real-time protection, cloud-based protection, and automatic sample submission.
I’ve only been using Windows Defender on my Windows 10 PC for many months and have never had to install any third-party antivirus or antivirus software. Windows Defender is great for protecting your PC, and it’s built right into Windows, which is great.
Enable Windows Firewall
The built-in Windows Firewall is a very powerful feature if you really want to control how your computer interacts with another device on the network. However, the default settings are fine for most people. By default, all outgoing messages go through the firewall.
Incoming connections are controlled by a list in which you can check or uncheck which programs are allowed through the firewall. First click Start, type firewall and then click Windows Firewall.
If you see green screens with check marks on your screen, it means that the firewall is on. If not, click Turn Windows Firewall on or off to turn it on. Then you have to click on “Allow an application or feature through Windows Firewall” to select the programs that you want to freely access through the firewall.
You will notice that there are two checkbox columns: private and public. Read my post on the Windows 10 Network and Sharing Center to learn the difference between public and private networks. The more items you can uncheck in the Public column, the higher your security. Items such as “File and Printer Sharing” or “Network Logon” should never be checked in the “General” column. You will need to figure out which items can be removed.
It’s also a good idea to uncheck any checkboxes that have â€œRemoteâ€ in their name, such as â€œRemote Assistance,â€ â€œRemote Desktop,â€ etc. If you don’t connect to your computer remotely, you can uncheck the boxes in the â€œPrivateâ€ and â€œPublicâ€ columns. Â»For all these programs / services.
Advanced sharing settings
While in the Network and Sharing Center, you should also configure advanced sharing options. Scroll down to the “Advanced Sharing” section of the article. For a quick overview, here’s what you should choose for maximum security settings. Change them accordingly if necessary.
- Disable network discovery (only if you never access other devices on your network using this PC)
- Disable sharing to files and printers
- Let Windows manage homegroup connections
Guest or Public
- Disable network discovery
- Turn off file and print sharing
- Turn off shared folder sharing
- Turn off media streaming ( enable only when necessary to transfer content from PC to device)
- Use 128-bit encryption for file sharing connections.
- Enable password protected sharing.
User Account Control (UAC)
UAC has been around for a long time in Windows. You will always read articles on the Internet explaining how to disable UAC if you don’t like those annoying prompts all the time. In my opinion, I don’t get them that often, and you shouldn’t make your computer less secure just for a little convenience.
Click Start, type UAC, and then click Change User Account Control Settings. By default, the slider should be in the “Notify me only when applications try to make changes to my computer” position, but you should try “Always notify” if you can transfer this.
This is definitely a good option if you are visiting sites that are sketchy. Keeping the UAC at its maximum will prevent certain changes from being made to your computer without your consent.
Use a local account
Starting with Windows 8, Microsoft has been pushing users to sign in using their Microsoft account. It has some advantages like two-factor and the ability to sync your desktop to any computer, but it also has disadvantages. First, again, I don’t want Microsoft to know when I log into my computer, or anything else about my computer.
Second, what if my Microsoft account gets hacked or something? Should I be worried about someone being able to remotely log into my computer, etc.? Instead of worrying about all this, just use a local account like in Windows 7 and earlier. To do this, click “Start”, enter an account and click “Manage Account”.
Click the “Log in with a local account” link and follow the instructions. You will receive several warnings from Microsoft about why you shouldn’t, just ignore them. Nothing bad will happen to your computer.
Use a screen lock
If you want to keep your computer secure, make sure the screen automatically locks when you’re not around. To do this, click “Start”, type “Lock Screen” and select “Lock Screen Settings.”
Click Screen Timeout Settings and select an appropriate value. Also, be careful which apps you allow on the lock screen, as others will be able to access this information without entering a password.
Safe Boot and UEFI
If you have a new computer, make sure you enable Secure Boot and UEFI instead of the legacy BIOS. These settings are changed in the BIOS, so you will have to go to BIOS first and then enable these settings.
It’s worth noting that you may or may not have a secure boot option on your computer. Also, if you switch from LEGACY + UEFI to UEFI and the computer won’t boot, just go back to BIOS and put it back in.
Disable flash and java
The two biggest threats to all computers are Flash and Java. Literally every week, a new security vulnerability is discovered on one of these platforms. Most websites have moved beyond Flash because HTML 5 is now supported in all major browsers.
I suggest turning off Flash and Java and just use your computer normally. Like me, you may find that you didn’t need to install any of them at all.
Check out my previous post on how to disable Flash in Microsoft Edge If you are still using Internet Explorer, just click on the gear icon, then select Internet Options, then Programs, and then Manage Add-ons.
Under Show, select All Add-ons, then right-click the Shockwave Flash object and select Disable. If you are using Google Chrome, enter chrome: // plugins in the address bar and click Disable in Adobe Flash Player.
For Java, simply go to Control Panel, Programs and Features and uninstall any version of Java installed on your computer. You can also read my post on how to uninstall or disable Java on Windows and Mac.
Hard drive encryption
Finally, you should encrypt your entire hard drive if you want to keep your computer as secure as possible. Encryption provides better protection against theft or physical access to your computer than it does against online threats, but it is still important.
I wrote a detailed article on how to encrypt a hard drive using BitLocker on Windows. If you have a computer with a fast processor, encryption will not have a noticeable effect on speed. If you have an older computer, I probably wouldn’t use encryption unless you upgrade your hardware.
Overall, you should be in pretty good shape if you follow all the steps above. However, remember that visiting the wrong websites can harm you, no matter what protection is installed on your computer. A good option is to use Chrome as it tries to warn you before you visit a malicious website or download anything malicious. Enjoy!