Windows 10 security tips and is Windows Defender good enough?

This article provides important information and tips about improving the security of your Windows 10 PC.


What's the best free and paid antivirus software for Windows 10? or is Windows Defender good enough and does it offer enough protection?

But first:

What Microsoft says about Windows 10 Security

Windows 10 is the most secure Windows we've ever built. From first boot up through the supported lifetime of your device, you’re covered by enhanced security features that help protect against viruses, malware, and even phishing attacks. (1)

And now:

Windows 10 security tips

The best protection is yourself


Even the best antivirus programs can fail to detect new malware (computer viruses, ransomware, spyware, trojans, rootkits, etc.). (2)


Malware threats have grown significantly in the past decade.

Malware (computer viruses, ransomware, spyware, trojans, rootkits, etc.) threats grow so fast, that antivirus programs take too long to catch up with malware (even the best antivirus programs). (3)

Therefore, the best protection is yourself and you need to pay attention to everything you do on the internet!

So, if you decide to download and install pirated software, click on links in unsolicited emails, ignore Windows updates, or use an unsecured web browser, then there's a good chance that your computer will get infected.

There's no better virus (malware) protection than yourself.

Best antivirus for Windows 10

There are so many free antivirus programs out there that it's difficult to choose one.


The problem with most free antivirus programs is that they keep showing you ads for their paid products.

The free antivirus programs I recommend are:

If you need more functions (e.g., multi-layer ransomware protection) and settings, then you can try a paid antivirus program.

Most antivirus companies offer the option to download and try their paid antivirus programs for free for 30 days.

The paid antivirus programs I recommend are:

Another option is Windows Defender.


Is Windows Defender good enough?

Windows Defender is a real-time antivirus program that's built-in Windows 10.

It gives you basic antivirus protection and automatically runs in the background.

It automatically turns on when you don't have or uninstall an antivirus program.

Updates for Windows Defender will automatically be delivered through Windows Update and will be installed like any other Windows update.

Is Windows Defender good enough?

Windows Defender has improved significantly compared to a few years ago.


I rather use third-party antivirus software like the programs I mentioned before in this article.

You can also use other FREE tools together with your antivirus program to improve the security of your Windows 10 PC.

Use second opinion malware scanners

Like I said before, even the best antivirus software can fail to detect malware (computer virus, spyware, etc.), so that's why it's always a good idea to use second opinion malware scanners.

You can use these scanners to scan your PC periodically (e.g once a week, once a month, etc.).

Most malware scanners do not conflict with an antivirus program or another malware scanner, so it's not a problem if you use multiple scanners on your PC.

The free second opinion virus (malware) scanners I recommend are:

Note: Always check the scanning results for false positives, so that you don't remove anything important.

Use to analyze suspicious files and URLs

VirusTotal is a free online service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

It uses multiple antivirus engines, website scanners, file and URL analysis tools and user contributions.

So if you don't trust a file, link or website, then you can check it with

Disable and Remove Web Browser Protection and other Extensions

Most antivirus programs install browser protection extensions, but you don't need extra browser protection, because most web browsers have phishing and malware protection built-in and browser extensions can actually make you less safe, because browser extensions can create security holes. If you want better protection, then don't use browser extensions. (4)

Don't use a Windows 10 administrator account

This one change can make your PC instantly safer. (5)

If a hacker gets access to your system, then this person has the same rights of whatever account you're using.

If you're using an administrator account and a hacker takes control of your system, then the hacker can do anything he or she wants and have full control of your system.


If you're using a standard account and a hacker takes control of your system, then the hacker can only do things that don't require administrator permission, so he or she can't change important system settings or install malware, and malware can't install itself unless you enter the administrator password.

So use a standard account to improve the security of your Windows 10 PC.

You need at least one administrator account on your PC so you will need to create and use a new standard account, or create a new admin account and change your existing account to a standard account.

If you're already using your PC and set things the way you liked it, then it's better to create a new account and make the new account an administrator account, because when you create a new account you will need to set things up from the start (like personal settings, start menu, desktop shortcuts, program settings, etc.).

1. Open Settings.

2. Open Accounts.

3. Click on Family & other users (left sidebar).

4. Click on Add someone else to this PC.

5. Click on I don't have this person's sign-in information located at the bottom.

6. Click on Add a user without a Microsoft account located at the bottom.

7. Type a username, password (twice) and password hint.

Tip! If you want to use this account as an administrator account, then use a strong password.

8. Click on Next.

9. Click on the account you want to use as an administrator account and choose Change account type.

10. Select Administrator and then click on OK.

11. Now click on the account you want to use daily and choose Change account type.

12. Select Standard User and then click on OK.

That's it. Don't use the administrator account for daily use!, but use a standard (local) account. Whenever you need to install software or change system settings Windows will ask you for the administrator password. It's much safer this way.

Disable SMB1 on Windows 10

Even Microsoft recommends that you disable SMB1 for security reasons – especially for WannaCrypt, Petya (also known as Petwrap) and other ransomware because they also use this to attack the Windows operating system. (6) (7)

Follow these steps to disable SMB1 on Windows 10:

1. Open Windows Control Panel.

Two ways to open Control Panel in Windows 10 Creators Update:

2. Open Programs.

3. Click on Turn Windows features on or off located underneath Programs and Features.

4. Uncheck the checkbox associated with SMB 1.0/CIFS File Sharing Support.

5. Click on OK and restart your PC.

Stay up-to-date

Always keep Windows and your programs up-to-date.

Updates may include important security fixes that prevent threats from infecting your Windows operating system or programs that are installed on your computer.

Always let Windows download and install updates automatically, so that you don't miss any critical security update.

Windows system image backup

It's best to always create a Windows System Image Backup after you've just installed Windows and all of your 100% trustworthy software.

A system image is a backup that contains a copy of your Windows with all of your installed programs, system settings, and files.

You can use a system image to restore Windows and software when your PC or hard disk stops working, or when your computer has a virus that is difficult to remove or when Windows is not working properly anymore.

When your PC gets infected by a virus or malware, then it's sometimes better to restore the Windows System Image Backup or to re-install Windows.

You never know if your security software detects everything. Like I said before, even the best program can fail to detect new malware.

Malware can also burrow itself deeper into your system and hide from being discovered by your security software.


Malware can also open doors for other malware.

The only way to be 100% sure, is to restore a Windows system image or re-install Windows 10. This is what I always do when I find out that my PC is infected.

More security tips

That's all. If you want to learn more about computer and internet security (cybersecurity), then please visit one of the following pages (after the ad).

Maybe you're also interested in:

Important computer and internet security tips

Computer virus: types, symptoms, protection, and removal

Malware: types, protection, prevention, detection, and removal



Microsoft: Windows 10

LastLineLabs: Antivirus isn't dead, it just can't keep up

GCN: Is antivirus now useless?

HowToGeek: Don't use your antivirus' browser extensions: they can actually make you less safe

TheGuardian: Is Windows ​10's 'hidden administrator account' a security risk?

Microsoft: SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

TheWindowsClub: Why and how to disable SMB1 on Windows 7, 8 and 10

Microsoft|TechNet: Limited periodic scanning in Windows 10 to provide additional malware protection

Microsoft: Scan an item with Windows Defender antivirus

Microsoft: Help protect my device with Windows Defender offline