Security and Privacy
Except for people in the "InfoSec" world, computer security is boring to most people. Except, that is, when our data is stolen, or our PC gets hacked. Fortunately, Windows 10 is the most secure version of Windows (at least until Windows 11 came along). It ships with security features included in earlier versions and comes a Security app that houses everything on one screen:
Security and Privacy Tutorials
- Change your user account type to "standard user".
- Change your security questions (needed to log in without a password).
Existing Windows security measures
Microsoft hardens Windows with each release. Here's an overview of the security features that came before Windows 10 and were carried over:
- A firewall was introduced in Windows XP: it monitors network traffic in and out of your PC and (ideally) blocks suspicious packets of data.
- User Account Control ("
UAC") was introduced in Windows Vista. It's the prompt that opens when Windows needs your permission to do something. (It's essential to log into Windows as a standard user. If you get infected, the virus only gets your permission levels. If you run as an administrator, guess what.)
- BitLocker can optionally encrypt (scramble) the content of your hard drive so that, even if your laptop is lost or stolen, its content can't be read.
- Windows Defender, and then Microsoft Security Essentials, and then Windows Defender again. It's the anti-spyware and now antivirus that's built into Windows 10. It had different roles in different versions of Windows, but now it's a full security suite. This is why you may have heard that you can run Windows 10 without antivirus. (I'm of two minds on this, and I don't yet feel well informed enough to give good advice: I've heard valid pros and cons.)
- UEFI, Secure Boot, and Measured Boot, introduced in Windows 8, prevent suspicious software from loading with Windows or from running software that was tampered with. This feature makes it harder for "
rootkits" and "
bootkits" to infect PCs. It's all baked-in; you don't have to do anything.
Security features introduced in Windows 10
Over the past five years, Windows 10 has beefed up its defenses:
- Microsoft Defender SmartScreen, or just "
SmartScreen" for short, automatically blocks websites and malicious downloads. This works partly based on previously reported issues (using the same operating system as over a billion other people has its perks) and "
heuristics" (suspicious patterns).
- Windows 10 "S" Mode is a locked-down version of Windows 10. It's safer because, unless you (irreversibly) switch out of "S" mode, only pre-approved software from the Microsoft Store can be installed. It's a good way to push their store while also being more secure. (This is Apple's approach on iOS.)
- OneDrive, Microsoft's file-sync service bundled in Windows 10, includes a "Personal Vault". It's a special folder where you can store important files or back-up sensitive data (like the KeePass password manager's encrypted database file).
- Etc., etc.
It's important to note that Microsoft regularly updates all of these features - not just when a new version of Windows comes out. That's part of the reason we have Windows Updates.