Last Updated: 11/1/2017
Windows 10 is the latest and greatest operating system from Microsoft. It still need help to become more secure.
Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update. It works well and should be used by all Windows 10 users.
Securing the Boot up Process
Windows 10 Secure Boot prevents rootkit attacks, where malicious code attempts to tamper with Windows before it boots, before antivirus and other system defenses load. Microsoft introduced features to protect the Windows kernel and privileged drivers in previous versions, but Secure Boot enhances those measures to prevent system tampering.
If your PC is a recent one, you will have what is known as UEFI Firmware that support Secure Boot. This allows the PC to check the signature of each piece of boot software to ensure they are not compromised. Make sure you enable this.
Secure boot is supported by Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2
Set Windows Defender Built in Antivirus blocking to High
Windows Defender Antivirus ships with all versions of the Windows 10 operating system. Versions included with the Windows 10 Creator Update version 1703 or newer in 2017 allow you to set the blocking level to high. Be sure to do this.
Windows 10 Wi-Fi Sense
Windows 10 will by default, share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype, and with your approval, your Facebook friends. This is intended to solve the give your friends access to your home Wi-Fi problem. The problem is, it can lead to compromising your Wi-Fi password.
After the Windows 10 upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
- Open Start Menu
- Select Settings
- Select Network & Internet
- Select Wi-Fi
- Scroll down
- Select Manage Wi-Fi Settings
To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it. IE (SSID: wifibox_nomap_optout) This prevents Windows 10 for sharing it and Google from indexing it.
Windows 10 Enterprise
Window’s 10 has an excellent featured called Device Guard that introduces whitelisting of programs to the operating system. Programs aren’t allowed to run unless they are specifically determined to be safe, by checking the file’s cryptographic signature. Device Guard relies on Microsoft’s Hyper-V virtualization technology to store its whitelists in a shielded virtual machine. It is only available for systems capable of hardware CPU virtualization and I/O virtualization. Device Guard also relies on the on-board TPM chip and UEFI Secure Boot.
Windows 10 privacy
Windows 10 in some ways, has rolled back privacy. Microsoft has built into the operating system more ways to know what you are doing. There are a boatload of 3rd party program that help you regain privacy. Some even cause unwated programs to be installed. Check out this Review
Do you have any Windows 10 security tips?