How to Boost Your Windows 10 Security as Defaults aren't Enough

Barely a week goes by without Windows 10 appearing in the headlines for one reason or another. Last month, there was a security vulnerability with its Thunderbolt ports. In April, a Windows 10 update “accidentally broke Google Chrome’s security”. 

Windows 10 has certainly had more than its fair share of security issues but it nevertheless remains the most popular non-smartphone operating system in the world, with 57.8% of the “global OS share”.

But how secure is Windows? Experts say “Windows 10 is almost certainly the most secure version of the OS to date” and the latest update has brought with it some impressive new security features.

Despite that, there are still various ways that you can improve your Windows security. If you know which settings to tweak, you can create an operating system that at least attempts to live up to the security standards set by rivals like Linux.

How Secure Is Windows Really?

When Windows 10 was launched in 2015, it received a warm response thanks to the inclusion of “more built-in security protections” than ever before. These included biometric and multifactor authentication courtesy of Windows Hello, increased browser security in Microsoft Edge, and the “robust anti-malware solution” proved by Windows Defender.

Over the past five years, there have been numerous changes to Windows 10, some of which have enhanced its security and others that have compromised it. In 2015, for instance, Windows Defender was considered the lowest of the low in terms of antivirus protection. In 2020, however, it’s giving some of the paid alternatives a run for their money with its “sandboxing and cloud-based malware protection”.

Historically, Windows security hasn’t been anywhere near good enough to compete with Linux, which experts have traditionally held as “the most secure operating system”.

This is largely due to its widespread popularity which gives malware authors and hackings “a massive playing field”. Troy Wilkinson of Axiom Cyber Solutions believes the “large number of Windows-based personal computers on the market” has led to hackers targeting Windows the most.

While Windows’ popularity shows no sign of declining in 2020, Windows security shows welcoming signs of improvement, especially with the latest updates released last month.

Why Windows Security Defaults aren’t Enough

The latest update has boosted Windows security with the introduction of new features and the development of existing capabilities, including improvements to its Sandbox component, support for the latest and most secure Wi-Fi protocols, the expansion of its Windows Hello capabilities, and the introduction of its Secured-core technology.

Microsoft’s director of OS security, Dave Weston, describes Secured-core technology as a way to combat firmware attacks by removing it “as a trusted component of the boot process”. Instead, the latest Windows security updates have created a “hardware-based root of trust… to ensure the device boots securely and malware hasn’t penetrated the firmware”.

Other changes include updates to improve security when:

• using Internet Explorer and Microsoft Edge
• using input devices such as a mouse or keyboard
• using Microsoft Xbox
• Windows performs basic operations

For the most part, the latest swathe of updates appears to be running smoothly, although not all Windows users have been able to access them. Unfortunately for some, in-built Windows security settings “are interfering with the installation”.

A compatibility issue has meant that some users are being told that they can’t install the May 2020 update unless they “turn off memory integration protection”. The only problem is that you’ll have to compromise your Windows Security to do it.

Memory integration protection is a security feature that Microsoft says “can help prevent malicious code from accessing high-security processes in the event of an attack”. If it’s switched off, then your device security is impaired.

Overall, however, experts seem to agree that, when it comes to “How secure is Windows?”, the answer is, “Just a few steps away from impregnable”. The latest security improvements have made all the difference but users don’t have to stop there.

Tweak a setting or two, keep your login local, and avoid the admin account and you’ll be well on your way to creating a virtual fortress and maximizing your Windows security.

How to Secure Microsoft Windows

Although Windows 10 may be more secure than its predecessors, it can still be improved. New devices benefit from having the right security configurations in place from the beginning, while older machines need ridding of lax security habits.

The following are the top five ways you can improve Windows security:

1. Enable disk encryption

Most versions of Windows include the disk encryption tool, BitLocker, while Windows 10 Home users can activate device encryption which will do much the same job. Although there are numerous free encryption tools available, BitLocker is both effective and fully integrated into Windows’ security features, making it an ideal choice.

2. Use a Local Login

Windows 10, by default, wants you to use your Windows account to access the device. Experts warn against this practice, however, which could make users more vulnerable to “multidevice compromise”.

Ciaran Byrne of the cyber vulnerability management firm, Edgescan says, “the problem is that if, say, your Hotmail credentials were compromised, then your machine would also be compromised”. 

3. Say Hello to Windows Hello

Windows Hello is a Windows security feature that uses biometrics technology to increase security and make login processes more convenient and streamlined. Introduced in 2015, it “lets a user authenticate a Microsoft account or a non-Microsoft service that supports Fast Identity Online (FIDO) by having the user set up a gesture” such as a facial scan, iris scan or fingerprint to log into a device.

The feature has now been expanded to include Windows Hello login options in computers booted in Safe Mode. “Windows Hello passwordless authentication methods can also be used as an alternative to passwords when users are logging into their Microsoft accounts”.

4. Avoid the Admin Account

Rather than using your administrator account for your day-to-day needs, cybersecurity expert Ken Underhill says, “set up separate user accounts” and reserve the admin one for “installing new software or updates”.

When you’re logged in as an Admin, you could inadvertently give an unauthorized user the ability to “install or remove programs, and enable and disable services (such as antivirus).” 

Using a standard account daily, on the other hand, provides an “extra level of protection that keeps your system secure from easy attacks like drive-by downloads or apps that try to hop onto your system [and] install automatically with Admin privileges”.

5. Create a Back-Up

The 3-2-1 approach to creating backups guards your precious data with a three-pronged defense. The original is on your device’s hard drive, a bootable copy of your entire OS on an external hard drive, and all your images, videos, and data backed up to a reliable cloud backup service.

As Richard Henderson, the head of global threat intelligence at Lastline, says, “Having a ‘cold’ (offline) backup ‘ensures that you’re triple-protected against a ransomware attack, a hardware failure, or the theft of your device”.

Conclusion

Windows security has improved in leaps and bounds over the past few months, but it’s still riddled with threats and remains the main focus for most cybercriminals. Updates have brought welcome security advancements that will deter hackers and malware creators for a time, but it’s only when the user gets involved that Windows becomes truly watertight.

How secure is Windows? According to an analysis of the National Institute of Standards and Technology’s National Vulnerability Database, Linux “has suffered most vulnerabilities since around the turn of the millennium”, not Windows.

Similarly, macOS has generally been seen as more secure than Windows due to it being a closed source platform. These days, however, experts say, “neither operating system is highly susceptible to viruses, but they’re both susceptible to vulnerabilities and malware”.

Regardless of which operating system you’re using, in the current climate of cybercrime, no one can afford to be complacent about security.

When it comes to the question of how to secure Microsoft Windows, there are various steps you can take, including Windows-based actions like turning on Windows Defender and enabling Controlled Folder Access.

Introducing additional apps and software can also boost security. The best antivirus protection, for example, can help guard against both phishing attacks and ransomware, while a no-logging VPN can prevent Man-in-the-Middle attacks and keep trackers at bay.

How secure is Windows? More secure than it’s ever been but it still needs its users to do more than just “keep passing the open windows” if they want to capitalize on those improvements.