Windows 10 security tips and is Windows Defender good enough?
This article provides important information and tips about improving the security of your Windows 10 PC.
What's the best free and paid antivirus software for Windows 10? or is Windows Defender good enough and does it offer enough protection?
What Microsoft says about Windows 10 Security
Windows 10 is the most secure Windows we've ever built. From first boot up through the supported lifetime of your device, you’re covered by enhanced security features that help protect against viruses, malware, and even phishing attacks. (1)
Windows 10 security tips
The best protection is yourself
Even the best antivirus programs can fail to detect new malware (computer viruses, ransomware, spyware, trojans, rootkits, etc.). (2)
Malware threats have grown significantly in the past decade.
Malware (computer viruses, ransomware, spyware, trojans, rootkits, etc.) threats grow so fast, that antivirus programs take too long to catch up with malware (even the best antivirus programs). (3)
Therefore, the best protection is yourself and you need to pay attention to everything you do on the internet!
So, if you decide to download and install pirated software, click on links in unsolicited emails, ignore Windows updates, or use an unsecured web browser, then there's a good chance that your computer will get infected.
There's no better virus (malware) protection than yourself.
Best antivirus for Windows 10
There are so many free antivirus programs out there that it's difficult to choose one.
The problem with most free antivirus programs is that they keep showing you ads for their paid products.
The free antivirus programs I recommend are:
If you need more functions (e.g., multi-layer ransomware protection) and settings, then you can try a paid antivirus program.
Most antivirus companies offer the option to download and try their paid antivirus programs for free for 30 days.
The paid antivirus programs I recommend are:
Another option is Windows Defender.
Is Windows Defender good enough?
Windows Defender is a real-time antivirus program that's built-in Windows 10.
It gives you basic antivirus protection and automatically runs in the background.
It automatically turns on when you don't have or uninstall an antivirus program.
Updates for Windows Defender will automatically be delivered through Windows Update and will be installed like any other Windows update.
Is Windows Defender good enough?
Windows Defender has improved significantly compared to a few years ago.
I rather use third-party antivirus software like the programs I mentioned before in this article.
You can also use other FREE tools together with your antivirus program to improve the security of your Windows 10 PC.
Use second opinion malware scanners
Like I said before, even the best antivirus software can fail to detect malware (computer virus, spyware, etc.), so that's why it's always a good idea to use second opinion malware scanners.
You can use these scanners to scan your PC periodically (e.g once a week, once a month, etc.).
Most malware scanners do not conflict with an antivirus program or another malware scanner, so it's not a problem if you use multiple scanners on your PC.
The free second opinion virus (malware) scanners I recommend are:
- Malwarebytes (note: to download the free version, you will have to scroll down to the bottom of the page and then click on DOWNLOAD 14 DAY TRIAL. You will get the Premium version for the first 14 days and after the 14 days it will turn into the free version – which is an on-demand malware scanner)
- Kaspersky Virus Removal Tool
- Kaspersky TDSSKiller
- ESET Online Scanner
Note: Always check the scanning results for false positives, so that you don't remove anything important.
Use VirusTotal.com to analyze suspicious files and URLs
VirusTotal is a free online service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
It uses multiple antivirus engines, website scanners, file and URL analysis tools and user contributions.
So if you don't trust a file, link or website, then you can check it with VirusTotal.com.
Disable and Remove Web Browser Protection and other Extensions
Most antivirus programs install browser protection extensions, but you don't need extra browser protection, because most web browsers have phishing and malware protection built-in and browser extensions can actually make you less safe, because browser extensions can create security holes. If you want better protection, then don't use browser extensions. (4)
Don't use a Windows 10 administrator account
This one change can make your PC instantly safer. (5)
If a hacker gets access to your system, then this person has the same rights of whatever account you're using.
If you're using an administrator account and a hacker takes control of your system, then the hacker can do anything he or she wants and have full control of your system.
If you're using a standard account and a hacker takes control of your system, then the hacker can only do things that don't require administrator permission, so he or she can't change important system settings or install malware, and malware can't install itself unless you enter the administrator password.
So use a standard account to improve the security of your Windows 10 PC.
You need at least one administrator account on your PC so you will need to create and use a new standard account, or create a new admin account and change your existing account to a standard account.
If you're already using your PC and set things the way you liked it, then it's better to create a new account and make the new account an administrator account, because when you create a new account you will need to set things up from the start (like personal settings, start menu, desktop shortcuts, program settings, etc.).
1. Open Settings.
2. Open Accounts.
3. Click on Family & other users (left sidebar).
4. Click on Add someone else to this PC.
5. Click on I don't have this person's sign-in information located at the bottom.
6. Click on Add a user without a Microsoft account located at the bottom.
7. Type a username, password (twice) and password hint.
Tip! If you want to use this account as an administrator account, then use a strong password.
8. Click on Next.
9. Click on the account you want to use as an administrator account and choose Change account type.
10. Select Administrator and then click on OK.
11. Now click on the account you want to use daily and choose Change account type.
12. Select Standard User and then click on OK.
That's it. Don't use the administrator account for daily use!, but use a standard (local) account. Whenever you need to install software or change system settings Windows will ask you for the administrator password. It's much safer this way.
Disable SMB1 on Windows 10
Even Microsoft recommends that you disable SMB1 for security reasons – especially for WannaCrypt, Petya (also known as Petwrap) and other ransomware because they also use this to attack the Windows operating system. (6) (7)
Follow these steps to disable SMB1 on Windows 10:
1. Open Windows Control Panel.
Two ways to open Control Panel in Windows 10 Creators Update:
- Type control panel in the Windows search bar and then click on it when it appears.
- Press the [Windows] + [pause] keys on your keyboard and then click on Control Panel located at the top left of the window.
2. Open Programs.
3. Click on Turn Windows features on or off located underneath Programs and Features.
4. Uncheck the checkbox associated with SMB 1.0/CIFS File Sharing Support.
5. Click on OK and restart your PC.
Always keep Windows and your programs up-to-date.
Updates may include important security fixes that prevent threats from infecting your Windows operating system or programs that are installed on your computer.
Always let Windows download and install updates automatically, so that you don't miss any critical security update.
Windows system image backup
It's best to always create a Windows System Image Backup after you've just installed Windows and all of your 100% trustworthy software.
A system image is a backup that contains a copy of your Windows with all of your installed programs, system settings, and files.
You can use a system image to restore Windows and software when your PC or hard disk stops working, or when your computer has a virus that is difficult to remove or when Windows is not working properly anymore.
When your PC gets infected by a virus or malware, then it's sometimes better to restore the Windows System Image Backup or to re-install Windows.
You never know if your security software detects everything. Like I said before, even the best program can fail to detect new malware.
Malware can also burrow itself deeper into your system and hide from being discovered by your security software.
Malware can also open doors for other malware.
The only way to be 100% sure, is to restore a Windows system image or re-install Windows 10. This is what I always do when I find out that my PC is infected.
More security tips
- Use a firewall (Windows firewall is enough).
- Always take security warnings from Windows or your antivirus program seriously. Never ever ignore security warnings!
- Don't download and use pirated software.
- Never click on OK, Yes or Run when a pop-up window appears and asks you to download and install unknown software.
- Never click to fast on Next, Install, OK, etc. when installing software, because you might install extra unwanted third-party software (like toolbars). If you see extra offers, then uncheck all the checkboxes.
- Always download software from the official link or from a trusted website.
- Don't click on links in emails from unknown senders.
- Don't download and open email attachments – unless you can verify the source.
- Check free software before downloading and installing it on your computer. Just Google the software first and look for reviews or forums.
- Use a secure and safe web browser like Google Chrome or Mozilla Firefox and keep it updated.
- Disable or uninstall Java if you don't need it.
- Disable or uninstall Flash Player if you don't need it. You should also disable Flash Player in your web browser.
- Don't click on links you don't trust, but first, check the link. When you move your mouse cursor on the link, then you can see at the bottom left corner of your browser window the REAL location the link is pointing to. You can also check the link using VirusTotal.com.
- Never download "codecs" or "players" to watch videos online. If you can't play the video online in your secure web browser then there's something wrong with the video or website.
- When you insert a USB flash drive or external hard drive from someone else into your PC, then scan it first with your antivirus program before opening anything.
- If you want to take risks, then at least install VirtualBox on your PC, then install an operating system like Linux (Linux Mint or Ubuntu) as a virtual machine in VirtualBox and do your risky things in there. But remember that also this is NOT 100% safe.
That's all. If you want to learn more about computer and internet security (cybersecurity), then please visit one of the following pages (after the ad).
Maybe you're also interested in:
Important computer and internet security tips
Computer virus: types, symptoms, protection, and removal
Malware: types, protection, prevention, detection, and removal
Microsoft: Windows 10
LastLineLabs: Antivirus isn't dead, it just can't keep up
GCN: Is antivirus now useless?
HowToGeek: Don't use your antivirus' browser extensions: they can actually make you less safe
TheGuardian: Is Windows 10's 'hidden administrator account' a security risk?
Microsoft: SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions
TheWindowsClub: Why and how to disable SMB1 on Windows 7, 8 and 10
Microsoft|TechNet: Limited periodic scanning in Windows 10 to provide additional malware protection
Microsoft: Scan an item with Windows Defender antivirus
Microsoft: Help protect my device with Windows Defender offline