Windows 10 is all about security. Microsoft recently instructed its partners that in sales, Windows 10’s security features should be the primary focus. How does Windows 10 live up to this promise?
We show you the 7 key Windows 10 security features and how you can take advantage of them.
1. Windows Update
At its core, the purpose of Windows Update is to keep your system secure and functional. Through this gateway, you regularly receive fixes that resolve issues and patch holes. Microsoft provides security patches throughout the support lifecycle of the operating system.
In the past, this meant that Windows versions would eventually stop receiving updates. With Windows 10, Windows Update is also used to deliver version upgrades to the operating system, such as the recent upgrade from Windows 10 version 1511 to version 1607, also known as Anniversary Update. In other words, Windows 10 support will never expire, as long as you keep upgrading to the latest version. This is a major step forward in terms of the longterm security of Windows systems.
Unfortunately, Windows Update has a bad reputation. Updates have been known to introduce new issues or controversial features, such as the Get Windows 10 app. And so many users disabled Windows Update entirely. In Windows 10, turning off Windows Update has become a lot harder.
In an attempt to ease the blow, Microsoft has introduced a feature that will resolve at least one major frustration with Windows Update: random restarts. Windows 10 now lets you to set active hours, during which Windows Update will leave you alone.
To change the default settings, head to Settings (Windows key + I) > Update & security > Windows Update > Change active hours.
2. Windows Defender
First released as a standalone software for Windows XP, Windows Defender has been Microsoft’s default malware protection suite since Windows 8. It offers anti-spyware and anti-virus protection with many standard features, including real-time protection, exclusions, a quarantine for suspicious files, and offline scanning. When you install your own anti-malware suite, Windows Defender is disabled automatically.
Since Windows 10 version 1607 (Anniversary Update), Windows Defender features Limited Periodic Scanning. This feature is a safety add-on for those who use a third party security suite. With this feature enabled, Windows Defender remains generally disabled, but will periodically scan for malware. This way, users can benefit from Microsoft’s crowd-sourced malware database and receive an additional layer of security.
You can toggle Limited Periodic Scanning under Settings (Windows key + I) > Update & security > Windows Defender. Joel’s recent look at Windows Defender gives you plenty of reasons to consider it as your main security tool in Windows 10 in Windows 10.
3. Windows Hello
In Windows 10, you can sign in with a password, a PIN or a picture password. But that’s not all. With Windows Hello, your face, your iris, or your finger becomes your password.
Windows Hello’s biometric authentication requires Windows 10 ready hardware. The facial recognition based sign-in, for example, uses infrared technology, meaning your camera needs to have this capability. Only fingerprint readers are generally compatible.
To manage your secure login, go to Start > Settings > Accounts > Sign-in options. Here you can set up Windows Hello, change your account password, create a PIN, or add a picture password.
4. Secure Boot
Secure Boot is a feature of the UEFI BIOS. When Secure Boot is enabled, only operating systems, kernels, and kernel modules that are signed with a recognized key can be executed at boot. This arrests BIOS malware, but also operating systems that don’t support Secure Boot.
Secure Boot will be mandatory on future Windows 10 hardware, which might negatively affect unsigned Linux distros, like Linux Mint.
Microsoft built a backdoor for Secure Boot and unfortunately it recently leaked the “Golden Keys” that provide access.
5. Find My Device
Windows Phone may have ultimately failed, but Windows 10 has incorporated many of its better features, including this one. Find My Device uses the Windows location service to track the whereabouts of your device. Should you ever misplace, lose, or have your computer stolen, you can look up its location under your Microsoft account.
To set up this features, head to Settings > Update & security > Find My Device, and follow the instructions. You might have to enable the location service on Windows 10 (Settings > Privacy > Location) and sign in with your Microsoft account.
6. Windows Store & Apps
At first sight, the Windows Store looks like a sales platform, which it is. But it’s also a potentially more secure resource for applications because all apps have to meet quality criteria. Microsoft has full control over what remains in the store and which apps are purged.
Moreover, Windows Store apps are sand-boxed, meaning they don’t automatically have access to your entire system. While you cannot selectively grant or deny permissions, you can choose not to install an app that requires inappropriate permissions.
The downside is that Microsoft isn’t actively monitoring apps on the Windows Store and thus the responsibility to install only trustworthy apps remains with the user. To help you out, we have compiled some guidelines on how to identify apps you can trust in the Windows Store.
7. BitLocker Encryption
BitLocker is an encryption tool available for Windows 10 Pro and Enterprise editions. BitLocker can secure files in an encrypted container or encrypt entire system or data drives, both internal and external.
Like Windows Defender, BitLocker has been around for a while and thus it still lives in the Windows Control Panel. To manage drive encryption, press Windows key + Q, search for BitLocker, and select Manage BitLocker from the results. You will see a list of your drives and whether BitLocker is turned on or off. You can manually save a copy of your BitLocker Recovery Keys or backed up to your Microsoft account online.
When you enable BitLocker, you can set a password or choose to use a smart card to unlock the drive.
To create encrypted containers, search for encryption and select Manage file encryption certificates from the results. Here you can use the Encrypting File System (EFS) to create a file encryption certificate and associated files and folders you would like to encrypt with it.
Neither BitLocker (Windows Vista) nor EFS (Windows XP) are new to Windows 10, but until now, Microsoft hasn’t (needed to) come up with modern encryption alternatives.
Enterprise Security Features
Windows 10 Enterprise comes with additional security features.
- Windows Hello for Business includes two-factor authentication (formerly known as Microsoft Passport), which is tied to a device and a biometric PIN.
- Windows Defender Advanced Threat Protection can detect and protect systems from sophisticated attacks.
- Device Guard allows administrators to lock down devices and allow only trusted applications to be installed, which will automatically block all unsigned apps, including malware.
- Credential Guard can isolate “secrets” using virtualization-based security and restrict access to privileged system software.
- Virtual Secure Mode, a Hyper-V container that protects domain credentials saved on Windows.
In addition, Microsoft is building partnerships with OEMs like HP, allowing them to build their own security applications for the Windows platform. Likewise, Bromium, a virtualization startup, has developed a method called micro-virtualization, which uses hardware-based micro virtual machines to isolate unknown processes from the underlying operating system.
Stay Safe with Windows 10
Windows 10 is Microsoft’s most secure operating system to date. A constant release of security patches, feature updates, and version upgrades will keep it that way. Nevertheless, for a near-complete protection we recommend that you use use third party security software and common sense.
Over to you! Which security features are you missing in Windows 10 and how could existing ones be improved? We’re looking forward to hearing your thoughts.