Good security keeps Microsoft Windows running well. By default, many configurations are already set correctly in Windows, but it is always best to double-check and enhance some points.
Follow these steps to keep Windows and installed applications secure:
- Configure Automatic Updates in Windows - this keeps Windows and Microsoft programs up-to-date and secure. If Windows Update fails, see the Reinstall Windows Update guide.
Always install latest Windows Service Packs - instructions for Windows XP, Vista and 7. Windows 8 has no Service Packs yet, but as Windows 8.1 is free for current users, it can be considered as one.
To keep all other applications updated, use free Secunia PSI.
- Turn off unneeded services and set network location to minimize attack surface. Also, if you do not have a home (local) network, disable File and Printer sharing straight on network adapters.
- Disable AutoPlay or configure it properly to keep away malware that misuses this feature.
Also, do not forget to:
- Install one free and effective anti-virus program - this will kick out most malware. Windows 8 and 8.1 already have the improved Windows Defender that is much like the free Microsoft Security Essentials, so additional virus protection is not always necessary there.
- Install one or more effective and free anti-malware programs - to remove some really nasty malware that anti-virus software fails to detect or remove.
- Use other free security software - WOT Safe Surfing Tool to block malicious web pages and downloads, Secunia PSI to update non-Microsoft programs automatically, Trusteer Rapport to avoid losing your money and sensitive information through banking malware or phishing, and Microsoft EMET to protect from malware that misuses zero-day bugs.
- Configure your web browsers and applications properly - this will avoid information leakage and malware installations.
And then there's the little thing that everyone just keeps forgetting - set up automatic backups to be on safe side in case something goes wrong.Data Security section has some additional security tutorials that help in making Microsoft Windows even more secure:
- NTFS permissions in Windows - how to set file and folder access rights to keep sensitive information safe.
- Encrypting File System in Windows - how to encrypt and decrypt files and folders in Professional/Business and Ultimate/Enterprise editions of Windows.
- TrueCrypt - how to use free top-notch encryption software to encrypt full system drives or create encrypted containers for files and folders. This one works in all Windows XP, Vista, 7 and 8 editions.
While you can secure programs and file systems, you should never forget to enhance physical security of your Windows computer.
For devices that contain sensitive data, using a startup (BIOS or UEFI) password is strongly recommended. The Computer boot order article shows how to get into BIOS/UEFI; find password settings there and define a new password. To prevent unauthorized access, this passphrase will then be asked each time you turn on or restart your computer.
If your computer has several users or you use it in an environment where other people have physical access to it, you should always lock screen before leaving your PC. The easiest way to accomplish this is to use keyboard shortcut Windows Key+L. Other users can still log on with their own accounts thanks to User Account Switching, but they will have no access to your account and files.
In Windows 8 and 8.1, you can choose which apps display notifications and status updates on Lock screen.
To make your account and personal data even more secure, I strongly recommend enabling automatic screen locking in Windows - this will minimize the chance of unauthorized access even when you forget to lock your screen.
To turn on automatic screen lock, right-click on an empty area of Desktop.
In Windows XP, click Properties.
In Windows Vista, 7, 8 and 8.1, click Personalize.
In Windows XP, open Screen Saver tab of Display Properties window.
In Windows Vista and later, click Screen Saver in Personalize appearance and sounds or Change the visuals and sounds on your computer window. This will open Screen Saver Settings window.
Select your favorite screen saver. In Windows Vista and later, you do not really have to choose one, but in Windows XP you must make a selection in order to enable screen locking. Use Blank to minimize CPU usage while screen saver is active.
Next, specify screen saver timeout (5-10 minutes recommended) in the Wait field and enable the On resume, display Welcome screen (Windows XP only) or On resume, display logon screen option.
Click OK to close configuration windows, automatic screen lock is now active.
Windows 8 and 8.1 allow Modern UI (aka Metro) apps to access and store location information. This can be helpful while using the new Maps or Weather applications, but not so good for social networking (People and Messaging apps). You should not reveal your location to everyone, for this can be misused by cybercrooks or ill-intended people (stalking, identity theft, even robberies).
First, you can turn off location tracking in each application - just use keyboard shortcut Windows Key+I to open current app settings and click Permissions. Then click Location slider in Privacy section to prevent its access to location data.
Touch-screen users should first swipe in from the right edge of screen and tap Settings.
Second, you can disable location tracking completely for all apps and programs. Again, use keyboard shortcut Windows Key+I to open Settings Charm. Click Change PC settings in the bottom of the bar.
In Windows 8, open Privacy tab from the left and set the Let apps use my location slider to Off.
Also, make sure that the Let apps use my name and account picture slider is set to Off to prevent possible personal information leaks.
In Windows 8.1, Privacy tab has several subtabs. In General tab, make sure that the Let apps access my name, picture and other account info is set to Off to keep away possible PII (personally identifiable information) leaks.
Also, disable the Let apps use my advertising ID for experiences across apps option to minimize tracking possibilities.
Open Location tab. To disable geolocation/location tracking completely, turn the Let Windows and apps use my location slider to Off position. You can also disable the feature for individual Modern UI apps here, so you do not have to open and configure each app separately in Windows 8.1 anymore.
Webcam and Microphone tabs provide the same options. Because webcams and microphones can be misused for spying on people (including in sexual manner for young attractive women and men, mostly through malware), it is strongly recommended to disable access to these devices if you do not use them.
Better yet, cover your built-in webcams with a Post-It note or sticky non-transparent tape. Modern malware is well capable of turning off recording indicator lights while uploading live feed to servers set up by cybercrooks.
Now Windows 8 and 8.1 apps state that location tracking is globally disabled - see the "Apps cannot currently use your location. Go to PC settings to turn location on" message.