If you recently purchased a Windows 10 machine or upgraded your PC to Windows 10, you may be wondering how secure this operating system is. Fortunately, by default, Windows 10 is more secure than Windows 7 and Windows 8.1. It has lots of new security features that help block viruses and malware infections. This is especially true if you are using newer hardware.
Even though Windows 10 is more secure, there’s still plenty of room for additional security. In this post, I will just talk about the different settings in Windows that you can configure to make Windows more secure. I will not mention any third-party programs like anti-virus, anti-spyware etc. For more security tips you should check out my post on how to protect yourself from hackers and spyware.
Table of Contents
Windows 10 privacy settings
The first thing I do whenever I set up a new Windows 10 machine is turn off all the tracking features that Microsoft includes in Windows 10. Unfortunately, this is an area that’s no better than Windows versions. older.
Windows 10 has some features that connect back to Microsoft, and while they won’t leave you vulnerable to attacks or viruses, they still make you a little nervous. Do I really want Microsoft to know what I’m typing on my computer, or everywhere in the room because of Cortana? Not really.
This is much easier to do when you first install Windows because you can click Custom and disable everything at once. Obviously, if you can’t reset or reinstall Windows, you can change the settings manually.
To do this, visit Setting and then click Privacy. You’ll find a bunch of items on the left along with their On/Off options on the right. I actually have everything to Disable and only enable something if I run into an app that requires a certain permission.
Turn on automatic updates
If you’re running Windows 10, you should definitely turn on automatic updates. It should be enabled by default, but you should double check. Click Beginknock on Windows Update and then click Install Windows Update.
This will take you to Setting on Windows Update. Click Advance setting and make sure the dropdown box says Automatic (recommended).
Also, make sure to check Give me updates for other Microsoft products when I update Windows. This is especially important if you already have Office installed as it will also install all Office-related security and feature updates.
Turn on Windows Defender
Again, this should be on, but to check, click Beginafterward Setting and Update & Security. Click Windows Defender and make sure that the following three settings are enabled: Real-time protection, Cloud-based protectionand Automated sample submission.
I’ve only been using Windows Defender on my Windows 10 machine for months and haven’t had to install any third-party anti-virus or anti-malware software. Windows Defender does a great job protecting your computer, and it’s built right into Windows, which is great.
Enable Windows Firewall
The built-in firewall in Windows is a very powerful feature, if you really want to control how your computer communicates with other devices on the network. However, the default settings should work fine for most people. By default, all outbound communications are allowed to bypass the firewall.
Incoming connections are controlled by a list where you can check or uncheck what programs are allowed through the firewall. First, click Start, type firewall and then click Windows Firewall.
If your screen shows a green shield with a check mark, it means the firewall is On. If not, click Turn Windows Firewall on or off to enable it. Next you should click Allow an app or feature through the Windows Firewall to select the programs that need free access through the firewall.
You’ll notice there are two columns with a checkmark: Private and Public. Check out my post on the Network and Sharing Center in Windows 10 to learn the difference between public and private networks. The more you can deselect other items from Public the better your security. Items such as File and printer sharing or Netlogon service never checked in the Public column. You’ll have to Google to find out which items you can deselect.
You should also uncheck anything that has “Distant“With names like Remote Assistance, Remote Desktop, etc. Unless you are connecting to your computer remotely, you can uncheck both of them.” Private and Public for all these programs/services.
Advanced sharing settings
While in the Network and Sharing Center, you should also configure Advanced sharing settings. Scroll down Advanced sharing settings section of the article. For a quick review, here’s what you should choose for the settings for maximum security. Adjust them accordingly if you need to.
Private
- Turn off network discovery (Only if you never access other devices on your network with This PC)
- Turn off file and printer sharing
- Let Windows manage HomeGroup connections
Guest or Public
- Turn off network discovery
- Turn off file and printer sharing
All networks
- Turn off public folder sharing
- Turn off media streaming (only enable when you need to transfer content from PC to device)
- Use 128-bit encryption for file sharing connections
- Enable password protected sharing
User Account Control (UAC)
UAC has appeared in Windows for a long time. You will always read articles on the Internet explaining how you can turn off UAC if you don’t like those annoying prompts. I don’t get them very often, and it’s not worth making your computer any less secure just for the sake of a small convenience.
Click Start, type in UAC and then click Changing User Account Control Settings. By default, the slider should be at Notify me only when apps try to make changes to my computerbut you should try Always informed if you can bear it.
This is definitely a good option if you visit sites of a sketchy nature. Keeping UAC at the highest setting will prevent some changes from being made on your computer without your consent.
Use a local account
Since Windows 8, Microsoft has been pushing users to sign in with their Microsoft account. This has some benefits like two-factor and can sync your desktop with any computer, but it also has a downside. Firstly, again, I don’t want Microsoft to know when I’m logging into my computer or anything else about my computer.
Second, what if my Microsoft account is hacked or something else? Do I have to worry about someone being able to remotely login to my computer etc.? Instead of worrying about all that, just use a local account like if you were using Windows 7 or earlier. To do that, click Start, type account and then click Manage your account.
Click Sign in with a local account instead of a link and follow the steps. You’ll get some warnings from Microsoft about why you shouldn’t do this, but ignore them. Nothing bad will happen to your computer.
Use lock screen
If you want to keep your computer secure, you should make sure that the screen is locked automatically in your absence. To do this, click Start, type lock screen and choose Lock screen settings.
Click Set screen timeout and choose an appropriate value that works for you. Also, be careful what apps you allow on the lock screen because others will be able to access that information without entering a password.
Secure Boot & UEFI
If you have a newer computer, you should make sure you enable secure boot and UEFI instead of the old BIOS. These options are changed in the BIOS, so you will have to Google around to get into the BIOS first and then enable these settings.
It should be noted that you may or may not have a secure boot option on your computer. Also, if you switch from LEGACY + UEFI to UEFI only and your computer won’t boot, just go back to BIOS and change it back.
Turn off Flash and Java
Two of the biggest threats to all computers are Flash and Java. Literally every week a new security hole is found on one of these platforms. Most websites have moved beyond Flash because HTML 5 is now supported in all major browsers.
My suggestion is to turn off Flash and Java and just use your computer normally. Like me, you may find that you never really need to install in the first place.
See my previous post on how to disable Flash in Microsoft Edge. If you are still using Internet Explorer, just click the gear icon, then Internet Optionsafterward Programsafterward Manage add-ons.
Below Showsoption All add-ons and then right click Shockwave flash object and choose Disable. If you are using Google Chrome, type chrome://plugins in the address bar and then click Disable Below Adobe Flash Player.
For Java just go to Control Panel, Program and features and uninstall any Java versions currently installed on your computer. You can also read my post on how to uninstall or disable Java in Windows and Mac.
Hard drive encryption
Finally, you should encrypt your entire hard drive if you want maximum security for your PC. Encryption is more of a defense against someone stealing your computer or gaining access to your machine physically than online threats, but it’s still important.
I wrote a detailed post on how to encrypt a hard drive with BitLocker in Windows. If you have a computer with a fast CPU, encryption shouldn’t make a noticeable difference in speed. If you have an older computer, I would probably avoid using encryption unless you upgrade the hardware.
Overall, you should be in pretty good shape if you follow all the steps above. However, keep in mind that accessing the wrong websites will harm you no matter what security you have on your computer. A good choice is to use Chrome as it tries to warn you before you visit a malicious website or download something harmful. Interesting!
