Insights For Success

Strategy, Innovation, Leadership and Security

How to secure Windows 10

GeneralEdward Kiledjian

The first misconception I want to tackle is that Windows 10 is magically more secure than Windows 7/8.1. The reality is that it isn't, but it benefits for 15 years of continued hardening and security improvements to the Windows core itself.

Having said it isn't materially more secure doesn't mean it's not better. Windows 10 includes some tools to make computing safer for the average user. 

Windows Defender is included with every updated system and is Microsoft’s built in anti-malware tool. It is an all-in-one-security tool delivered for free to all licensed Windows 10 users and the best part is that everything is automatically taken care of in the back end for you. It is automatically updated and performs scans automatically. 

For most users, this is the only anti-malware product they will need. This means most users won’t have to buy a security suite from Symantec, McAfee, ESET, Kaspersky, etc. I do recommend installing a second anti-malware product configured to run only on demand (not real time). This second product is a way of getting a second opinion if something feels weird or as a monthly preventative maintenance strategy. I recommend using a free tool such as Malwarebytes free.

Automagically downloading and installing product updates for you. One of the most critical privacy and security improvements you can make is to ensure your computer is always patched and up to date. With Windows 10, Microsoft will push out OS (and Microsoft product) updates automatically. This means you never have to worry about your OS patches again. Just make sure the other apps on your PC are updated regularly. 

Choosing a secure browser is the second recommendation. My primary browser of choice is Google's Chrome because it is fast and includes many security features (such as auto-updating, sandboxing, etc). Once it is installed, go out and add a plug-in called UBlock Origin (exists for Chrome and Firefox). Ublock origin is a web firewall whose purpose in life is to keep you safe (plus it is an ad blocker so the web becomes faster and more responsive),

Backup your system regularly. I cannot over state how important it is to backup your critical information. Computers will crash. Hard drives will die. Make sure you have a plan B,C and D. Read my article about backups. The TL;DR version is that all data should follow the 3:2:1 rule:

  • 3 copies of your data
  • on 2 separate mediums 
  • at least 1 offsite copy

So for a home user, this could look like: Keep your data on your computer's hard disk, copy it to an external hard disk and use an external backup service like BackBlaze (use this link to get 1 free month to test out the service with no obligation.). You have 3 copies of your data (PC, hard disk and remote service), in 2 separate mediums (disk/ssd plus internet) and at least 1 offsite.

Use a regular user account. Most malware needs an elevate privilege account to run, install and or propagate. This means you should ensure the account you use for everyday work isn't a privileged account (aka not an admin account). 

Password protect your accounts. Some home users gave one generic family account that can be accessed without a password. This means that any one user can infect the system and then affect everyone else. Always create separate (non privileged) accounts for each user and make sure they each have a password to login.  

Use a trusted VPN when connecting to third party WIFI hotspots. It is easy to track and steal information from users connecting to open (or public) WIFI hotspots. The minute you connect to one, make sure you use a trusted VPN service to make sure no one on the local WIFI network can trick you, spoof a site or otherwise do nasty things to your connection. After reviewing the various VPN services available, I personally use ProXPN because of their no logging policy. I use this on my laptops, smartphones and tablets anytime I connect to a WIFI network I don't own and control.

Use good internet hygiene. Be smart to stay safe. Unless there is an absolute need and you are expecting it, don't execute attachments received via email or instant messaging. Never access a protected website (bank, trading account, etc) through an email link. Always enter the URL yourself in the browser. Don't download applications from unknown/untrusted sources (or use pirated software). These often contain malware just waiting to infect your system. Never give a third-party remote access to your computer (even if they claim to be from Microsoft, Dell, Hp, Apple, etc). 

Is Windows 10 spying on me?

This is a question I receive a lot and the answer is maybe a little bit. The reality is that Windows 10 is a connected operating system and it must send some information back to it's home-base, but Microsoft is not spying on you!

Does Windows 10 contain a Keylogger?

Blogs are abuzz with claims that Windows 10 has a built in keylogger sending everything you type back to Microsoft. Worst yet, some blogs have gone as far as claiming this was done to help the NSA.

The reality is that it does not have a keylogger but does log some keystrokes that it sends back to Microsoft. This is done to improve it's autocorrection functionality. This is similar to how most web based SAAS services work. If you use any Google services, they do the same thing.

Windows 10 has simple privacy settings

Go to Privacy Settings and you will find a dozen different privacy options you can toggle to your hearts content.

You can turn off settings like Microsoft's unique Advertising ID (think of it like a supercookie). The truth is you can turn this off, but any advertiser worth their salt will still track you using your unique browser footprint and any one of the other dozens of web tracking techniques. 

If you want to see one of these techniques in action, visit the Panopticlick website created by the Electronic Frontier Foundation.

One setting you may want to change is in the Feedback & Diagnostics tab.

Change the feedback request frequency to Never and the Send your data to Basic.

Other trick is to "not use the Edge Browser". It doesn't yet support plug-ins (no ad blockers, etc). 

You can also log into this Bing website and delete all of the information Cortana has learned about you. This will lobotomize Cortana but if you want more privacy go ahead and delete it, 

We are living in a connected world

Living in a connected world means we are leaving digital breadcrumbs everywhere. Advertisers know more about you than your mother.

How Target knows you are pregnant through data analytics

Most people don't realize that every smartphone picture they have taken (iPhone, Android, or Windows Phone) contains the exact GPS location where it was taken. 

Manufacturers are fighting (Microsoft, Apple and Google) to build the next best intelligent personal assistant. But to do this, they must analyze your data to provide context aware relevant information you need before you realize you need it. Microsoft and Google perform this analysis in the cloud, which is why they typically provide more relevant responses. Apple, the self stated privacy company,  parses your data for its Proactive Siri functions on the phone and to be honest, it is pretty worthless.

So you have a choice, use these new wonderful tools or become a digital hermit. I do believe we must take educated intelligent decisions about our privacy, but we have to give some of it up, in order to benefit from the wealth of advantages these companies are providing.