Windows PCs come with several security protections by default. But that’s not enough to protect your device against the round-the-clock onslaught of new malware, Ransomware, adware, and all types of cyberattacks. Fortunately, Microsoft bundles a range of additional Windows security settings into Windows 10 and Windows 11 that you can activate to strengthen your computer’s defenses.
Microsoft offers many ways to enable your PC to proactively scan for threats and lets you control how much personal data you want to share. Most of these options are disabled by default for an uninterrupted experience. Your Windows PC, for example, can warn you if you’re about to install a disreputable application and even prevent your computer’s most vulnerable components from being hacked. Here’s how to enable these features and improve the security of your Windows PC.
Automatically block shady apps and websites
The most malicious websites and applications are those that are not out of the ordinary. But once you start browsing or installing them, they can cripple your PC. For example, monopolizing its resources to secretly mine crypto, running a flurry of unexpected pop-up ads, or worse, deploying harmful software like ransomware.
Microsoft calls these applications potentially unwanted applications (PUAs) and Windows may warn you about them before they harm your PC. Windows “reputation-based” protection monitors known hostile files, apps, or websites and issues a warning whenever you encounter one.
To enable reputation-based protection, go to Settings > Privacy & Security > Windows Security > Application & browser control, then click the “Enable” button under the heading of the “Reputation-based protection” section. “.
You can further customize how it works by tapping on “reputation-based protection settings” and choosing whether you want the tool to monitor all your content, such as web downloads and apps, or just some. We recommend leaving all toggles enabled as it doesn’t negatively affect your experience other than a few alerts every now and then.
Isolate the most sensitive parts of your computer
Attackers target your PC’s most vulnerable modules to hijack it. A common and effective way to achieve this is to inject a piece of malicious code into core drivers, such as webcams. Once a website tricks you into running these programs, it can easily take control of your device and its data.
Windows 11 and Windows 10 can defend against these attempts by isolating your computer’s core blocks like memory. When this option is in place, drivers will have to verify themselves to access high-level processes and as soon as the software fails to do so, the operating system blocks it.
Go to Settings > Privacy & Security > Windows Security > Device Security > Kernel Isolation Details and enable the “Memory Integrity” toggle.
Make Windows Antivirus more effective
Microsoft’s antivirus tool, Defender, actively runs in the background on your Windows PC to scan and eliminate detected threats. However, there are times when Defender finds a suspicious file but cannot come to a conclusive verdict on it and leaves it up to the user to decide.
Windows 10 and Windows 11 have a better and more accurate alternative to this setup: they can send these inconclusive samples to Microsoft for further analysis. While Defender blocks the sample from working, Microsoft processes it to check if it’s malicious and automatically removes or releases it.
You can choose to submit a sample from Settings > Privacy & Security > Windows Security > Virus & threat protection and click “Manage settings” under “Virus & threat protection settings”. Activate the “Automatic sample submission” option.
The reason this is optional is that it requires your PC to send your data to Microsoft. However, the company claims that it does not misuse it and informs you if a particular case involves your personal information.
Prevent advertisers from following you
Windows allows applications to show you advertisements relevant to your interests with a unique identification code. Each time you interact with an advertisement or when an application determines what you like, an advertiser uses this code to create a file on you and follow you on the Internet and other programs. Worse still, although this code is limited to your Windows PC, advertisers are infamous for identifying your activities across multiple devices like your smartphone and linking all your different ad codes to keep tabs on no matter what you’re using.
Luckily, Windows makes it easy for you to remove this advertising identifier. When you do this, your ads will become generic and no longer personalized.
Go to Settings > Privacy & Security > General and turn off “Let apps show me personalized ads using my advertising ID”. While you’re at it, you should also consider disabling “Let websites show me locally relevant content by accessing my language list,” which lets companies know what languages you know and potentially where you are.
Review app permissions
When you set up a new app, you usually give it a few permissions to, for example, use your device’s webcam for video calls or track your location to send you weather alerts. However, many apps continue to abuse their background access to secretly collect your data and track your activities. So unless you’re actively using an app, it’s best to revoke their permissions and only grant them when you need them.
You can visit Settings > Privacy & Security and scroll down to the “App Permissions” section. Choose a permission like location and inside, turn off the toggle next to an app to prevent them from accessing it. You can also toggle the main switch to disallow all apps from reading your location, contacts, or any other type of data.