Recent versions of Windows 10 have security features built in that are designed to identify threats, eliminate vulnerabilities and make it harder for hackers and cyber criminals to do their dirty work. Let’s take a look at the Windows 10 Security Center, and explore all the features and settings there. Read on…
The Windows 10 Security Center
First, the good news. You don’t need to understand the workings of Data Execution Prevention, Address Space Layout Randomization, UEFI Secure Boot, or Structured Exception Handling Overwrite Protection. You don’t even have to memorize the acronyms that go along with them. All you need to know is that these “threat mitigation” features are part of Windows 10, and (if you turn them on) they’re working in the background to protect you from a variety of threats and cyber-attacks.
If you have Windows 10, you should be familiar with the Windows Security app, which is the hub for all security-related settings. Windows Defender (Microsoft’s built-in antivirus tool), Windows Firewall and a few other tools were merged into the Windows Security app in the Windows 10 Creators Update that was released in April, 2017.
As of this writing, the latest version of Windows 10 is the “May 2021 Update” which is also known as Version 21H1, Build 19043, Codename Iron. It’s just beginning to roll out via Windows Update, so if you still have the Windows 10 “October 2020 Update” (also known as Version 20H2, Version 2009, Build 19042, Codename Manganese) or the Windows 10 “May 2020 Update” (also confusingly known as Version 2004, Build 19041) – don’t worry, you’ll eventually get the latest update.
The Security Center app puts many Windows 10 security features in one place. You can fine-tune your anti-malware scanning options, tweak device settings, configure parental controls, or perform a “Fresh Start” if things get fouled up. To open the Windows Security app, just click the Defender shield icon in the notification area on the taskbar and click Open. OR, you can click on the Start menu and search for Windows Security.
Virus & threat protection is where you’ll find the Windows Defender malware scanning functions; toggles for real-time protection, cloud-based protection, controls for malware sample submission to Microsoft, the ability to exempt files or folders from Defender scans, notifications settings for Defender and Firewall, and threat definition update controls.
In the past, I’ve been critical of Microsoft Defender, the precursor of Windows Defender. I understand that the Windows 10 incarnation of this anti-malware tool is much improved. But you’re not locked into Microsoft’s security tools with Windows 10. You can still use Avast, Avira, BitDefender, PC Matic, or any other antivirus tool you like on Windows 10. If you a install a third-party antivirus or firewall product, Microsoft Defender and Firewall will be disabled automatically, and the presence of your antivirus tool will be indicated here. (After years of using Avast Antivirus, I switched to PC Matic, which uses a unique combination of protection strategies that I think are superior. You can read my review and recommendation in Review: PC Matic Gets a Zero!)
Device performance & health is where you can check for any issues with Windows Update and device drivers that may leave you vulnerable. Storage capacity and battery life issues may affect system performance/health. You’ll also see here if you’re current with your Windows updates, and if not, what might be causing the update bottleneck.
On the Device performance & health window you will also find the Fresh Start option that can re-install the latest version of Windows 10 if necessary. Microsoft recommends this option if your computer has performance issues or if you have too many unnecessary apps. Fresh Start will remove most of your apps, but will keep your personal data and Windows settings intact. Microsoft says that Fresh Start may improve your startup performance, memory usage, and battery life.
If you’ve had trouble getting the latest build via Windows Update, try Fresh Start. But first, try the Windows Update Troubleshooter. (In Settings, search for troubleshoot.)
Firewall & network protection includes Windows Firewall settings and the Network and Internet Troubleshooter.
Device Security offers Core isolation, a security feature that protects Windows from malicious software by isolating them in memory. You can try turning on the Memory integrity option here, which Microsoft recommends if your system supports it. If a check for incompatible drivers turns up any problems, you can click a link to review them and take further action.
App & browser control deals with Windows settings that can warn you of potentially dangerous Web content before it is downloaded by Edge or an app, or block sketchy content without warning, or let any old thing into your system (not recommended). The reputation-based protection will scan any file downloaded from the Internet, even if it was downloaded by a non-Microsoft browser or app. Exploit protection will help to ptotect against a range of incoming attacks. The isolated browsing option will install Microsoft Defender Application Guard, which adds additional safeguards to the Microsoft Edge and Microsoft Office products.
Family options include parental controls over the sites kids can visit, the hours and days when they can use the Internet, and the apps they can buy based upon “maturity ratings.” A Microsoft account is required to use Family options. A few years ago, I tried the parental controls built into Windows 8.1 on my son’s laptop, but he found that they were easily bypassed just by changing the date or time on the system clock. I have not tried this feature on a Windows 10 computer, so if you have experience with it, please share.
One final note — If you don’t need Internet Explorer, I suggest removing it from Windows 10 to give hackers one less program that may have exploitable vulnerabilities. IE is a favorite target because, historically, it has lots of vulnerabilities and it’s present on most Windows computers. To uninstall IE, go to Control Panel and select Uninstall a program. In the left-hand sidebar of the next screen, click on Turn Windows features on and off. Find Internet Explorer and uncheck its checkbox.
While you’re there, review all installed Windows features and uncheck any that you don’t need. The Edge browser cannot be uninstalled or disabled. I got rid of Windows Media Player, Windows Fax and Scan, the Internet Printing Client, and SMB 1.0 file sharing support. SMB1, as it’s called, enables file and printer sharing with old versions of Windows (NT, XP, and Server 2003); if you don’t need to do that, get rid of SMB1. When you have unchecked everything you want to remove, click OK. You’ll need to wait a few minutes while features are removed and your system reboots. Just be careful here… don’t remove any components if you’re not sure what they do.
A Very Special thanks to Bob Rankin for this post
Have A Great Week From All Of Us At Zoha Islands And Fruit Islands