How to make a Windows PC secure and private
THESE ARE THE KEY STEPS YOU NEED TO TAKE TO ENSURE YOU WINDOWS DEVICE DOESN’T GET
COMPROMISED — AND ISN’T JUST HANDING OUT YOUR PRIVATE INFORMATION WILLY-NILLY.
[ NATHAN TAYLOR ]
FOR GETTING WORK done, most of us still use a Windows PC, and although Microsoft has gotten a lot better at security over the years, it’s still far from flawless. Indeed, one thing we generally do on new PCs is protect them from Microsoft’s spying, which has reached a whole new level. So here’s our quick guide on optimizing Windows for maximum privacy and security.
COMBAT MALWARE WITH A PROPER ANTIVIRUS SUITE
In the Windows 7 era, Microsoft offered a free antivirus solution for Windows users in the form of Security Essentials. In Windows 10, that’s now integrated into the Windows Defender system and is part of the base operating system, which is a positive move.
Unfortunately, when it comes to actual virus detection Security Essentials/Windows Defender still lags behind most of the competition. In the latest AV-Test.org antivirus benchmarks, for example, only ThreatTrack’s Viper had worse results.
It’s still a good idea, then, to install third-party anti-malware. You can get a suite, but there are also plenty of free stand-alone anti-malware apps available. We currently recommend BitDefender AntiVirus Free Edition (www.bitdefender.com.au/solutions/ free.html), a scanner that also includes filters against malicious websites.
DISABLE MICROSOFT’S PRYING
Microsoft would very much like to know all about your online activity. Screw ‘em. Time to turn as much of that off as you can.
Head to ‘Settings > Privacy’ and click on the General tab. Turn everything to off except perhaps for SmartScreen Filter, which is potentially useful.
Still in ‘Settings > Privacy’, click on ‘Feedback & Diagnostics’ down at the bottom left. Change the Feedback frequency to ‘Never’ and the Diagnostic Data to ‘Basic’.
If you sign in with a Microsoft account, sign in with a local account instead. Head to ‘Settings > Accounts’. In the ‘Your info’ tab, click on ‘Sign in with a local account instead’, then follow the steps to create a password.
USE PROPER PASSWORDS
Secure your Windows PC with a lock screen and a good password. Not a dictionary word or your first born’s birthday. Passwords don’t have to be super long, they just need to be something that a beats a dictionary attack, where the attacker tries to beat your password
using a library of dictionary words. Head to ‘Settings > Accounts > Sign-in options’.
Require a sign in on sleep, change your password and switch the Privacy option to off.
Use a non-administrator account for day-to-day usage (and for other people).
Most of the time, you don’t need admin access on your PC. It’s typically only when you install new apps or make system changes, and for most people that doesn’t happen that often.
You also don’t want your kids or other family members mussing around in your system settings. So you can create separate user accounts for day-to-day operations and for other people. These non-admin accounts don’t have access to core system features — and neither do any applications they run, which limits the capabilities of any viruses they might encounter.
Head to ‘Settings > Accounts > Family & other people’. Under either ‘Your family’ or ‘Other people’ click on the ‘Add’ button (you can do this even if that ‘other person’ is you).
Microsoft then gives you the option to add them using their Microsoft sign-in; instead just click on the ‘I don’t have this person’s sign-in information’ link.
It will offer to sign up for a Microsoft account for them. Ignore that. Click on the ‘Add a user without a Microsoft account’ button. Give them a username, a password and a password hint. Then you should be all done — a new user option will appear on the login screen. That user is, by default, a Standard User — someone who has limited control over new apps and system settings. (As an admin, you can change the user to an Administrator if you want by clicking on ‘Change account type’ under the user name.) If you really don’t want to create a separate Standard User account for yourself, there is another option: it’s called User Account Control. Go to the search bar in Windows and type UAC and press enter. Whenever you or an app (including a virus) tries to do something risky, UAC will notify you. How often it notifies you is controlled by this bar.
Crank it up to max for maximum security.
BACK UP YOUR DATA
Given the prevalence of ransomware, regular, scheduled backups are absolutely essential.
We actually strongly recommend a cloud backup solution like Code42 CrashPlan (www.code42.com/crashplan/) or
since those plans put any sensitive data out of the reach of ransomware encryption.
But if paying an annual fee isn’t an option, you can also use a backup app to make protected copies of your data on a USB drive or network attached storage. Windows has a built-in backup system but, frankly, we’re not huge fans of it — it has actually gone backwards since Window 7 in our opinion.
A better option is a third-party backup tool. Our current favourite is the CrashPlan app, which is free and supports local as well as cloud backups (you only pay for cloud storage, not the app itself). Its biggest advantage is that you can set other PCs as the backup target.
As long as both PCs are running CrashPlan, they can create backups on each other, which gives you cloud-like protection for free.
KEEP YOUR APPS AND SYSTEM UP TO DATE
Automatic Windows Updates can be annoying as hell, but turn them on anyway. Many malware infections come from new ‘zero-day’ exploits, and having automatic updates on allows Microsoft to patch your system as quickly as possible.
If you’ve turned off automatic updates (it’s on by default), head to ‘Settings > Update & security’ and turn it back on.
But that just covers Windows itself. What about your apps? For app update checking, we like FileHippo App Manager (filehippo.com/download_app_manager), a lightweight tool that scans your system for apps and checks if they’re up to date. If not, the latest versions will be downloaded from FileHippo’s own software library.
KEEP YOUR HEAD
The rest is just common sense. Don’t trust email attachments. Don’t download apps from dodgy sources (including and especially BitTorrent). Be careful about what websites you visit. Don’t believe anyone who contacts you out of the blue asking for or offering money. Really, it’s not hard to stay secure if you know how the threats might get on your system.