Securing Windows Systems
Microsoft Windows is one of the most widely used Operating Systems ever. The great popularity of the feature-rich operating system has come at a price: With millions of lines of code in Windows, the Operating System has required hundreds of patches to ensure that it can be securely used on the Internet.
Unsecured computers that are directly connected to the Internet pose a threat to all users of the network. By compromising a single computer on a network, it may be possible an intruder to gain access to files, gather personal information, and disrupt the normal operations of the network. It is therefore imperative that we take precautions when connecting any computer to the campus network and Internet.
There are several steps one should take to ensure to secure a Windows computer when connecting it to the campus network:
- Activate the Windows Firewall before connecting the computer to the network. Attacks can happen very quickly once a computer is connected, often with in minutes or even seconds. You may not have time after plugging in the network cord to activate the firewall before your computer is compromised.
- Apply all current patches via Windows Update. It may be necessary to reboot the computer several times during this process. You should repeat this step as needed until there are no more critical or recommended patches that need to be applied.
- Turn on Automatic Updates so that your computer will continue to receive patches as they are released.
- Make sure all local accounts including the built-in local administrator or owner account have strong passwords. A strong password will be 6 or more characters in length, contain both numbers and letters as well as special characters, and not be found in a dictionary. Microsoft has advice on how to create strong passwords.
- Install and use virus protection software.
- Install and use spyware removal software.
Windows is the most popular operating system in the world that makes it the number one target for malware coders and hackers. Microsoft regularly adds security improvements for its operating systems. However, new features may potentially make operating systems less secure. As an example, Windows 10 comes with smooth integration of cloud-based OneDrive. This makes Windows 10 more functional, but may also open new security holes. It means that securing Windows OS is a continual task. Here are solutions you should use to make Windows more secure.
1. Update Programs to Latest Version
Nothing creates more problems than letting your Windows OS open to exploits and hacks. Microsoft is doing a good job keeping Windows OS protected against latest threats, but you also need to participate. Make sure that your Windows installation gets the latest update pack. Use Windows 10 update assistant to automatically install the latest patches for your PC. You can also setup for manual confirmation before the patches gets updated.
Windows 10 Update Assistant
Besides operating systems, third party software could also become a gateway for malware and hacker. So make sure that all installed program gets patches and updated to the latest version. Web browsers, antivirus and firewall software must get their regular updates to prevent intrusions.
2. Encrypt Your Data
Encryption is essential, if you are keeping critical information in your laptop. There could be situations you may lose your laptop. Even if a thief manages to steal your laptop, it will be theoretically impossible for him to read your data. Most of the Windows 10 users can use easy tools like BitLocker to encrypt your data.
Enable BitLocker in Windows 10
Search for “bitlocker” and go to “Manager BitLocker” in Control Panel. You can also access BitLocker under “Control Panel > System and Security > BitLocker Drive Encryption”. Enable BitLocker for the drives you want by clicking on the link “Turn on BitLocker”.
Remember, BitLocker needs Trusted Platform Module (TPM) in Windows 10.
3. Use Local Account
There are definitely advantages of using Microsoft account for login to your laptop. But when you are logged into your Microsoft account, all your settings will be automatically synced with all your Windows 10 devices. This may cause a security risk and you may need to cut ties with Microsoft in some situations. If you are in a highly secure session, it is a good idea to use local account, instead of your own Microsoft account.
Learn step by step instructions on how to setup local account in Windows 10. You can also use PIN and image password to secure Windows 10 instead of regular login password.
4. Enable System Restore
System restore option will allows you to set the system back to the previous date whenever there are problems. By default, “System Restore” is disabled in Windows 10. So, you won’t be able to undo any problem that happens to your Windows 10 system. Follow these steps to enable system restore in Windows 10:
5. Use Windows Defender Security Center
Windows 10 has a built-in protection feature to stop viruses and malware. Check the health report from Windows Defender Security Center and ensure all statuses are showing in green.
Windows Defender Status
If you suspect any infection, do quick or advanced scan to thoroughly check your system.
6. Remove Bloatware
It’s annoying to see that your brand new laptop isn’t exactly original and it has been filled with all manner of unnecessary software. Most of the programs on the new laptop might be installed on your seller and not by Microsoft. These programs may represent security risks, if they are poorly developed or not yet updated. So, remove as many bloatware as you can before connecting to the network or the Internet.
Follow these steps to find an uninstall programs:
- Go to Start> Settings> Apps.
- you will the list of all installed apps under “Apps & feature” section.
Identify and remove any bloatware, especially those labeled as trial. Make sure that you don’t remove anything that originally comes with Windows 10 with the developer name as Microsoft Corporation.
7. Use Antivirus and Enable Windows Firewall
In most cases Windows Defender will not be sufficient to protect your computer. Use only reliable antivirus program that’s released by a well known company. An antivirus program should include automatic update, real time scanning and built-in firewall. If an antivirus program doesn’t include a built-in firewall, you must enable Windows Firewall.
Turn on Windows Firewall
8. Cleanup Spyware
If your computer is infected by spyware, pop-ups will appear and your browser will be directed to malicious websites. Your computer will perform slowly and a new toolbar suddenly appears in your web browser. If you want to avoid spyware, you shouldn’t click any suspicious link or answer a pop-up question. You also need to avoid downloading free programs. Popular anti spyware programs may include Lavasoft Ad-Aware, Spybot Search and Destroy and Malwarebytes.
If you are using Chrome, you can try Chrome Cleanup Tool to scan and clean malware from your PC.
9. Disable Ad Tracking
People may track your online behavior as you browse the web. This allows marketers to create a profile based on your interest and provide you with relevant advertising messages. It’s obviously not a good thing to allow people to observe what you do online. You need to disable advertising ID by following these steps:
- Search for “privacy” and go to “Privacy settings” under “System settings”. Go to “General > Change privacy options” and turn off the first option to disable interest based advertising.
- For higher level blocking of ads, open any web browser and go to Microsoft privacy ad settings page. You can disable interest based ads on browser, Windows and Microsoft account level.
After disabling interest based ads, marketers won’t be able to track your online behavior and you will still get ads, but they are generic ones.
10. Disable Location Tracking
Windows 10 tracks your location and it is helpful for many people. It helps you to locate the nearest restaurants and get latest updates about the local weather. But if security is your top priority, it is a good idea to prevent Windows 10 from tracking your location. Go to “Location” section in privacy settings. Disable the location service option.
You can also disable the location services for specific apps. Scroll down on the privacy location page and go to “Choose apps that can use your precise location”. Select any app you want, such as News or Weather and turn off the location services. When you disable this feature, Windows 10 still keeps past location history. So, you need to find “Location History” on the same page and click on “Clear” button to remove all saved locations. It’s something that you need to clear regularly and manually.
11. Manage Cortana Search
Cortana is very helpful, but there’s a trade off of using its service all the time. Cortana needs to know more about you to do its job well. This essentially means Microsoft knows each and every keystroke on your PC. Unfortunately you can’t switch off Cortana or Windows Search option in Windows 10. At the maximum, you can disable cloud search permission and clear device history in Cortana search settings.