Some suggestions, in our opinion basic and essential, to use Windows safely by protecting the system and stored data.
Windows is the most used operating system in the world; at the same time, it is one of the most targeted by cybercriminals. For this, it is important to take precautions for use Windows safely and protect your system, data and privacy. For the cycle back to basicslet’s go back to tackling the topic by focusing on the essential aspects that all Windows users should know and weigh.
The windows security depends on several factors, including the timely installation of security updates, the use of effective anti-malware software, the implementation of adequate security policies and the adoption of responsible user behavior.
Unfortunately, many still today believe that choosing one of the best paid anti-malware and paying the corresponding monthly or annual subscription fee is sufficient to keep away from cyber threats. Not at all like that: a antivirus it represents only a portion of the protective shield that you build around your Windows device. Sure, it’s important, but it’s not the only contributing factor secure your Windows system. Also because an antivirus is in any case unable to recognize and neutralize all the threats in circulation: to launch cyber attacks, attackers are increasingly accustomed to using special techniques to stay “under-the-radar” therefore to escape from the scan of the most modern anti-malware.
One of the key aspects for protect windows effectively consists in the application of a series of best practice that is, of “good practices” which allow the vast majority of dangers to be avoided.
Some of our readers have written to us several times claiming: “I’ve never used an antivirus” yet my system has never been infected. This is certainly true: first of all Microsoft Defender, antimalware preinstalled in Windows, already offers good protection; moreover, by scrupulously applying a series of precautions (we will talk about them later) you avoid exposing yourself to any risk. In general, however, it is good to use valid antivirus software and, when less, if you prefer not to rely on third-party solutions, do not disable Microsoft Defender.
Antimalware: Leave at least Microsoft Defender enabled
Antimalware behavior far from perfect in the past, Microsoft Defender has grown a lot in recent years to become a point of reference for any Windows user. It is not essential to turn to third-party products, provided you leave the solution integrated in Windows enabled and perhaps improve the protection of Microsoft Defender using some configuration options hidden “under the hood” (and also accessible in graphical format using the free Defender UI software).
When Microsoft Defender takes up too much CPU and severely commits system resources, know (as we explain in the article) that there is an easy way to put a cap on its requests and unlock windows operation: the important thing is not to completely disable the antimalware.
Next to Microsoft Defender you can possibly combine an application like Malwarebytes which has gained fame for years now second-opinion antivirus: coexists without problems with the Redmond company’s solution and allows you to start a full scan, for free, even when the trial period is completed.
Microsoft Defender is an integral part of the section Windows Security which can also be accessed from the operating system’s search box. With one click App and browser control in the left column then up Reputation-based security settings it is good to make sure that all the options are enabled. In this way the Windows system is protected by SmartScreen which takes care of blocking potentially harmful applications, files and sites.
SmartScreen relies on the information made available by Microsoft on the cloud and, among other things, prevents the user from installing superfluous components, often bordering on spyware, when installing software downloaded from the Internet (box Block apps).
In Windows 11 the section App and browser control has been further extended but most of the features are common with the predecessor Windows 10.
Choice of Windows user account and UAC settings
Many consider themore secure local account of the Microsoft account: in another article we have seen the differences between the local account and the Microsoft account. This assessment has its roots in the fact that with local accounts the user’s data is always stored locally: it is not backup sul cloud, by default, as is the case with Microsoft accounts. Therefore, if a Microsoft account were violated, the attacker would automatically have access to user data precisely because they are stored on remote servers and not on the victim’s local Windows PC.
An infinite number of considerations could be made here, both of a general nature and from a more purely technical point of view. For our part, we point out that you decide to use a account Microsoft it is essential that it is protected with a long and complex password and also that two-factor authentication is enabled. In this way a third party who should unfortunately come into possession of the credentials user access, will not be able to access the content of the account because they do not have the “second factor” (for example the smartphone with theapp Authenticator which generates the confirmation code).
It is also good to check if you are using an administrator account and limit yourself to its use only when you need to make important changes to the Windows configuration. For the habitual and daily use of Windows, a normal user account: when administrative privileges are needed to perform an operation, the operating system asks for the password associated with an administrator account present on the machine. However, the request should make us reflect on the opportunity to authorize the intervention.
The UAC (User Account Control) function should always be kept enabled and as soon as an application requires for example higher privileges one should ask whether or not it was appropriate to grant this possibility. Same thing when a full screen warning pops up informing you that the plan about to be started it turns out unknown (there is no one company digital therefore Windows cannot ascertain the identity of the developer).
Then take a tour of the section Account of the Windows settings and check what types of accounts you are using: there must be an administrative account on the machine but for everyday activities a normal user is enough.
Choosing the password for your account and BitLocker
A rather controversial topic is that relating to choice of password of Windows user accounts. If you use a Microsoft account, the password must necessarily be long and complex: you don’t want an attacker to access the contents of the account remotely simply by trying a date of birth, the name of the children, spouse, pet or some other information easily available, for example, on a social media?
Regardless of the type of account chosen (Microsoft or local), however, it is trivial to access the contents of a system Windows protected with password if you have the physical availability of the PC to attack. We have seen this in the case of forgot password in Windows 10 and in a similar situation when you lost your Windows 11 login password.
Windows also has a hidden administrator account that can optionally be activated to access the content of other user accounts.
It doesn’t matter password you set on Windows accounts: if the system is not protected with low-level encryption, the data can be easily recovered. Hence the importance of enabling BitLocker with a PIN at system startup: the data remains encrypted until the password is entered. key right, as part of an authentication procedure that takes place upstream of the Windows boot phase.
When to use BitLockerHowever, it is essential to be aware of how it works and above all to remember that it is active. It happens more and more often that users find themselves activated by default BitLocker even on the Home editions of Windows 10 and 11 and then promptly find themselves in difficulty when they forget the login password to the car.
It is therefore essential to carry out the recovery key backup using one of the many methods proposed by Microsoft, otherwise it becomes impossible to recover files from a drive encrypted with BitLocker.
Data sharing in local area network (SMB) and network profile selection
When you decide to share files and folders with Windows on the local network, the use of a password-protected user account is essential: otherwise the data sharing it does not work. Windows shares files in LAN through the use of the SMB protocol: Microsoft automatically disables SMBv1 or the old and insecure version. However, it is necessary to verify that it is not yet active because multiple malware have exploited it to launch attacks on other systems once a Windows machine is infected.
This is especially useful when the Windows system is connected with a other people’s networkit is good to set the network connection to Private network: this way none of the possible shared resources configured on the machine in use, other devices connected to the same local network are made visible. In another article we have seen the difference between public and private network in Windows.
The importance of Windows and other software updates, starting with the web browser
Some users even disable it Windows Update because it finds the updates that Microsoft releases every second Tuesday of the month a nuisance. Nothing more wrong.
The absence of one or more security patches it can expose you to the risk of attack by remote attackers and facilitate the action of viruses, malware and ransomware.
Again, some readers have written to us in the past claiming: “I’ve never installed a Windows update, yet I’ve never had an infection“. Maybe, and certainly it’s a true statement, but refraining from installing Windows updates can cause problems sooner or later.
Of course, more experienced users can postpone the download and installation of updates for some time: if the system is connected to a small network on which other users are not certified (or in any case only rather savvy subjects use it), if the system is downstream of a solid firewall router side and NAT (Network Address Tablecannot be considered as a security feature but in any case avoids exposing the device to the Internet…), if the user refrains from engaging in potentially dangerous behaviour.
In general, however, the patch per Windows they must be installed through Windows Update and should not be delayed for too long. What you can do, both in Windows 10 and in Windows 11, is turn off the updates…