How To Secure A PC (Windows 10)

Windows based computers have a bad track record throughout history when it comes to security with a a lot of bugs and vulnerabilities. The fact that Windows has the biggest number of users, both private and corporations, of course has a lot to do with the fact that it is hugely targeted.

Throughout time this fact has changes though and security have become much better. The addition of Windows 10 was a little bit of a downfall when it comes to privacy in my opinion, but luckily there are ways to improve both privacy and security.

Lets begin with,

Privacy Settings

Go to:
⊞Win -> Settings -> Privacy -> General
-> Disable all options 

Click on Manage my Microsoft advertising and other personalisation info
-> Browser opens…
-> Disable all options

Go to Location,
-> Set Location to Off

Go to Camera
-> Set to Off and enable whenever you need to use the camera.

Go to Microphone
-> Set to Off and enable whenever you need to use the microphone.

Go to Speech, inking & typing
-> Click Stop getting to know me -> Turn off

Go to Account info
-> Set Let apps access my name, picture and other account info to Off.

Go to Contacts
-> Set all options to Off

Go to Calendar
-> Set Let apps access my calendar to Off

Go to Messaging
-> Set Let apps read or send messages to Off

Go to Radios
-> Set Let apps control radios to Off

Go to Other devices
-> Set Sync with devices to Off

Go to Feedback & diagnostics
-> Set Windows should ask for my feedback to Never
-> Set Send your device data to Microsoft to Basic

Go to Background apps
-> Set all options to Off

Updating Software

Software updates are one of the most important things you can do to prevent attacks because weaknesses and vulnerabilities in software is one of the biggest ways a hacker can target you. This applies to all software. Windows 10 will download and install updates automatically whenever you connect to a wi-fi. To monitor this:

Go to:
⊞Win -> Settings -> Update & Security -> Windows Update
-> Click Check for updates

Wi-Fi Sense

This option will enable your computer to automatically detect and connect to wireless hotspots and share information which can be a huge security risk and we need to disable this.

Go to:
⊞Win -> Settings -> Network & Internet -> Manage Wi-Fi settings
-> Set all options to Off

Disable Cortana

Cortana collects, stores and communicates extreme amounts of information about you and is a total disaster when it comes to privacy. 

Go to:
⊞Win -> Settings -> Cortana -> Talk to Cortana
-> Disable all options

Go to Permissions & History
-> Set Safe Search to Off
-> Set Cloud Search to Off
-> Set History to Off and click Clear my device history

Go to Notifications
-> Set Send notifications between devices to Off

Windows Defender Virus & Threat Protection

Windows Defender is the security section of Windows and it’s where you control firewall settings, virus & threat setting, network security and other security features.

Go to:
⊞Win -> Settings -> Update & Security -> Windows Defender -> Open Windows Defender Security Center

Go to Virus & threat protection
– Click on Advanced scan and make a Full scan and make sure to do this every now and then.

Go to Virus and threat protection settings
– Set Real-time protection to On
– Set Cloud delivered protection to Off
– Set Automatic sample submission to Off

Windows Defender Firewall

It is time to enable the Windows firewall. The built in firewall will monitor all inbound and outbound traffic and decide whether to allow or deny specific traffic based on a set of rules that you can specify.

Go to:
⊞Win -> Settings -> Update & Security -> Windows Defender -> Open Windows Defender Security Center -> Firewall & network protection
-> Set Domain, Private & Public network to On

Anti-Ransomware With Controlled Folder Access

This features allows users to control which processes can access certain folders to help protect data from malicious programs, such as ransomware.

Go to:
⊞Win -> Settings -> Update & Security -> Windows Defender -> Open Windows Defender Security Center
-> Set Controlled Folder Access to On
-> Click Protected folders to add folders

You might encounter a problem where apps or games are not able to save or access files in folders where CFA is activated. To solve this problem
-> Click Allow an app through Controlled Folder Access.

Disable Remote Access Via Remote Desktop

Go to:
⊞Win -> Settings -> Update & Security -> For developers
-> Uncheck Change settings to allow remote connections to this computer

also go to,
⊞Win -> Settings -> System -> Remote desktop
-> Make sure Enable Remote Desktop is set to Off

Disable Remote Assistant

This is a feature that allows Windows support to connect to your computer to and capture your screen when helping you with support errands. This connection could possibly be breached and is therefor a security risk.

Go to:
⊞Win -> Settings -> Update & Security -> For developers
-> Under Remote desktop click Show Settings and uncheck Allow remote assistance connections to this computer

User Account Control

This will help preventing that harmful programs to install and make changes to your computer.

Go to:
Control panel -> System & security -> Security & maintenance
-> Click Change user account control settings and set to Always notify

BitLocker Encryption

Microsoft’s BitLocker allows for full-disk encryption, which means data stored on the drive will be protected using the newest, strongest encryption standards to prevent unauthorised access. To find it:

Go to
Control panel -> System & Security -> BitLocker Drive Encryption
or search for Manage BitLocker in the Cortana search field

To activate it just click Turn on BitLocker

Anti Virus

Windows features its own virus & threat protection but i strongly recommend that you install a third party anti virus as well. Third party anti virus developers with the sole purpose of supplying security can offer a whole other level of up to date protection that windows simply can’t.

Anti-virus software provide a lot of good protection on various types of threats and they are no longer just protection against traditional viruses. They offer protection against malware, malicious code, phishing attempts, ransomware, intrusions but also include online banking security and anti-theft protection. Anti virus provide a good first line of defence against threats that are already established.

Remember to always update the anti-virus software and use automatic updates if available.

Check my resources page for recommendations.

Advanced Options

The following options offer higher security and privacy than previously mentioned and are specifically designed for security. As always, security comes at a cost which is ease of use. If you’re not very concerned about security and privacy some of these options may not be applicable on everyday usage because they are time consuming and slower.

Live Operating System

I strongly recommend that you try using a live operating system such as Tails. Tails is a live-operating system that can be put on a USB drive and be booted from there. It’s specifically designed to provide privacy and anonymity and it is much more secure than macOS and Windows. It uses Tor as its default browser and forces all internet traffic to go through the Tor network. 

Tails is configured to not use the computers hard disk and only uses the RAM memory for storage which is automatically emptied every time the computer shuts down, this ensures no traces are left on the computer that is used.

It also includes a lot of great tools such as HTTPS everywhere which forces secure encrypted browser communication, encrypted e-mail, encrypted messaging, secure file deletion, OnionShare for secure file sharing and much more. Always boot tails when engaging in activities that require anonymity.

By using Tails you will greatly reduce your online fingerprint and thereby increasing security and anonymity.

Tor

The TOR browser is a hardened version of the Mozilla Firefox browser and is compatible with Windows, Mac OSX, Linux and Android. 

The Tor browser will send your data packets through three rounds of encryption before it even leaves your devices. Then it will be sent through a total of three randomly chosen relay servers around the world. No one of the relays will have access to the same information and to intercept your data you would need to have three encryption keys and access to three relays for monitoring of data.

The Tor browser therefor:
Prevents your ISP from knowing what sites you visit.
Prevents a site you visited from knowing who and where you are.
Prevents corporate tracking.
Helps circumventing censorship
Anonymises your traffic and online fingerprint

VPN

In a basic VPN network there’s a VPN client and a VPN server. The client is a software or app that you install locally on your computer and the server is placed somewhere in the world by the VPN service provider. The VPN client then establishes a secure and encrypted connection between the itself and the remote VPN server. All traffic between the client and the server is securely encrypted and then routed on to the internet.

This ensure two main things. Your true IP is hidden and your data is secured due to encryption.

A VPN client can be installed on your operating system, in your router or on a virtual machine.

Why Are VPN’s Useful?

Anonymised traffic

A VPN will provide a degree of anonymity. Your internet service provider can only see that you are connecting to the VPN server but wherever your traffic goes after that is made invisible to their eyes. Anyone else looking at your traffic such as hackers or trackers cannot intercept your traffic inside the VPN tunnel which protects you from many types of attacks.

Geographical restriction bypassing

Since your traffic is passing through the VPN tunnel before it is connected to the internet, your IP address seen by the internet will be given to you by the VPN server. By doing this, your real IP address is anonymised. This means that if you are physically located in China, but is connected via an U.S VPN server, the internet will see that you are connected from the U.S and therefor bypassing Chinese restrictions.

Secure Wi-Fi hotspot usage

When you connect to a public wi-fi you can never be sure of what is going on with that connection. It is a common practise by hackers to create fake wi-fi’s that can seem to be safe, when in fact it is not. By connecting to it you are making it very easy for them to intercept your traffic and stealing your data. Using a VPN will prevent this from being possible and even if you happen to connect to a rouge wi-fi – you are safe.

Canary Tokens

This is a nifty and powerful little software that allows you to place traps on your computer that automatically will alert you. You can, for example, create a text file that you name ”passwords” and fill with fake information, run that file through Canary Tokens which will trig it. Now, whenever anyone is trying to access that file, you will be alerted. Use your imagination and give the files intriguing names. Spread the files on your hard drive and don’t be afraid to place them where your most sensitive files are. The point is to find out if someone unauthorised have access to them so that to can take the actions needed from there.

Who’s On My Wi-Fi?

Download and install free software ”Who’s on my wi-fi”. This software will detect all devices connected to a network and alert you whenever a new connection is made. You can set your own devices as ”known” so that you’re not alerted every time your own devices connect.

To Sum Up

These steps will improve your computer security severely which means that a potential hacker most probably wont target you since there are millions of other users that haven’t thought of these steps that are easier to target. Good for you!

Leave a Reply

Your email address will not be published. Required fields are marked *