Windows 10 Hardening: 10+ Step Checklist

It's 2015 and malware today are socially engineered. Just installing antivirus software on PC doesn't suffice security needs. It is just one of the way but there are other level of defenses which you probably don't know.

It's 2020, and malware today is socially engineered. Just installing antivirus software on the PC is not sufficient. Hence, you have to take additional steps to ensure the complete Windows 10 hardening. Having security software is only one of the ways, but there are other levels of hardening that you probably don't know.

So, here is a complete Windows 10 hardening checklist to protect your PC.

Windows 10 Hardening Checklist

Windows 10 Hardening: What should you do?

Are you still using Windows XP or Windows 7? In that case, it will be a good idea to upgrade to Windows 10. I understand that it may appear to be a bit difficult to operate at the beginning. However, once you get used to the interface, it will be a part of your life as any other operating system. So moving forward, this guide will focus on Windows 10.

Operating System: Regular Updates

Update Windows 10 Regularly

Microsoft has officially stopped support for Windows XP on April 8th, 2014. Also, Windows 7 met with the same fate on January 14th, 2020. Hence, you will not receive any updates from Microsoft on these two operating systems. Due to the lack of regular updates and security patches, these operating systems are at higher risk with the view of recent attacks.

Considering the security point of view, Windows 10 should be your choice.

Motherboard: Secure Boot

Bootkit Protection motherboard

Bootkit type of malware can infect the master boot record of the system. Also, it executes automatically when the computer starts up. As it runs outside the file system, an operating system level protection isn't enough. Hence, if you are assembling a PC, go for a Motherboard that supports Secure Boot and set the boot menu to UEFI only. All modern laptops already have motherboards with Secure boot support.

Here is a list of Intel Motherboards which support SecureBoot. For other brands, check the description or their release notes.

How to confirm if I am running Secure Boot?

Verify Secure Boot status on Windows 10

You can quickly check if Secure Boot is enabled or not.

  • Open the "Run console," press Windows key + R
  • On the Run Console type msinfo32 and hit enter
  • Under System Summary search for Secure Boot State.

System Protection: Create a Restore Point

Create custom restore point in Windows 10

It's always a good practice to have a restore point. When system protection is on, Windows automatically keeps and updates a restore point to which you can revert if you face any issues.

You can also create a manual restore point. Doing so gives you control over the state of Windows where you want to return. I usually create a restore point manually after a fresh installation with a basic set of applications. However, you can also do so as per your choice. A restore point is not helping you directly in Windows 10 hardening, but it provides a flag point where you can always return.

Account Settings: Prefer Non-Admin User

NON Admin Windows 10 account

By default, we get the access and privileges of administrators on the first account creation of Windows. You should create another user with standard privileges and use it for daily work. It lowers the risk of infection as a standard user account doesn't have all access to the system. For escalated privileges (if necessary), you can use the Admin account.

Encrypt Drives with BitLocker

Bitlocker Protection Windows 10

Drive encryption protects your data from unauthorized access. Since Windows 10 includes BitLocker by default, you do not have to spend anything. Also, you can use it to encrypt local and removable storage devices. Learn more about BitLocker and implement the same.

Review Windows 10 Privacy Settings

Windows 10 Privacy Check

In this section, you can tweak how Windows 10 collects your data or apps accesses system resources. In Privacy settings, visit all the sections and disable the options accordingly. I recommend you to disable all the data settings you do not want Microsoft to use. In case you wish to be a part of the Windows Insider Program, you need to enable Full Diagnostics & Feedback.

App permissions are very useful in case you only want to allow certain apps to use your File system. Hence, it will protect you from ransomware attacks. To ensure Windows 10 hardening, you should review and limit the apps that can access your Camera and Microphone. There are many more settings that you can tweak in this section.

Note: If you have an antivirus with ransomware protection, you will not have access to change File System as your antivirus actively manages it.

Cleanup: Uninstall Unnecessary Software

Windows 10 app cleanup

The less you have, is better. Avoid the risk by uninstalling software products you don't use. Intruders exploit many popular programs to gain access to your system and infect it. Some prominently exploited software programs are Adobe Flash and Java, so get rid of them unless extremely necessary.

CCleaner, Revo Uninstaller, and Uninstaller Pro are reliable solutions to uninstall unnecessary applications and clean up garbage. Also, apps like CCleaner can optimize PC Speed automatically. It is an essential step in Windows 10 Hardening. Hence, do not miss it.

Scan Non-Microsoft Products for vulnerability

In Windows 10, Microsoft automatically updates the apps that you get from Microsoft Store. Also, you need to update 3rd party software regularly. While updating the software, you also reduce the chances of existing software vulnerabilities. In case you have a lot of applications on your system and find it difficult to update them manually, check the IObit Software Updater. It helps you by automatically updating any software to the latest version.

Windows 10 Hardening: Never disable User Account Control

Windows 10 UAC Settings

Yes, UAC prompts are annoying, but by disabling it, you lose more than just a pop-up. Disabling UAC also disables file-system & Registry virtualization and Protected Mode. When an application wants to make a system change like modifications that affect other users, modifications of system files and folders, and installation of new software, a UAC prompt shows up, asking for permission.

User Account Control makes sure that these changes are made only with approval from the administrator. Read more about UAC.

Strong Passwords: Tough to Guess

Keep strong password Windows 10 Hardening

It is a grave mistake, but it isn't your fault. Hard-to-guess passwords are difficult to remember. Why not use a sophisticated tool to manage and remember all your passwords in a safe Vault? I have been using LastPass for a long time for this purpose. It generates secure passwords as well as stores them in encrypted form. You can get passwords on demand and auto-fill whenever required.

Active Protection: Use Antivirus

Windows 10 Hardening with Antivirus

It is indeed necessary even after following everything stated above. No matter how many manual actions you take, there should be a program that continuously monitors every activity. It is possible only if you have an Antivirus program. Windows 10 includes Windows Defender, and it can protect you from primary threats. Also, the latest additions include ransomware protection by default. However, you should solely depend on it only if you are fully aware of your internet browsing habits.

I recommend more than just a plain antivirus like an Internet Security program that has an inbuilt firewall and spam protection. Bitdefender Total Security is a perfect choice with advanced antivirus protection, two-way Firewall protection, and Cloud-Antispam.

Update Windows Device Drivers

Windows 10 Driver Update

Updating device drivers is essential. Not only it keeps your devices at optimal performance level but also prevents any exploits that may exist in older versions. Windows 10 automatically updates the device drivers for you. However, if you feel that you are not receiving proper driver updates, you can check a 3rd party driver updater like Driver Booster Pro.

Frequently Asked Questions(FAQ)

Windows 10 hardening FAQs

Do I still need an Anti-Malware?

If you have followed everything till now, you probably won't need one. Also, if you are using a primary antivirus, it is not recommended to use another real-time protection. However, if you want to have an additional layer of security, you can use an anti-malware with real-time protection off. Hence, you have to perform another scan manually. The good idea is to perform a full system scan weekly manually. If you wish, you can give a try to Zemana or Malwarebytes.

How do I protect myself from risky Websites?

Avoid risky websites

If you use Bitdefender Total Security, it comes with a real-time URL checker which notifies you about malicious website. You can avoid visiting them or go ahead by adding them as an exception. In any case, you will not accidentally land on malicious websites. Apps like Advanced SystemCare Pro also implements features like Host file and browser Homepage protection.

Does Windows 10 Hardening protect my Online Privacy?

Hide Online Identity

Unfortunately, the answer is NO. The tweaks in this guide only allow you to protect the Windows 10 environment. However, if your concern is with online privacy, then you should use a VPN. With the increase of ISP monitoring, a VPN is a must-use service. A misconception among many people is that a VPN is only needed to access geo-restricted content. Well, it is not precisely correct.

Apart from letting you access streaming content and services, a VPN also encrypts all your connections using various Tunneling protocols. Also, many new VPN services like Surfshark provide advanced features like ads, Malware, and tracker blocker. Hence, you should use a VPN regularly and especially when you are using public Wi-Fi.

Conclusion

So this concludes the Windows 10 Hardening checklist. This article includes all the tricks that will make your Windows 10 safer. However, always remember that you have to be careful with every Windows update and check for the changes in the new version. If there is any change in the privacy sections, you will have to change the particulars accordingly.

Comment below and let me know if you have any more questions.

3 thoughts on “Windows 10 Hardening: 10+ Step Checklist”

  1. Excellent checklist to make sure the windows is secure from viruses and malwares. Between i prefer windows 7 to do better tweaks and take control of the security area of the PC. Windows 8 has all the features but they are not easily accessible and less ways to tweak them.

    Good article you have here to protect our data from internet attacks (Y). Cheers.

    Robin.

    Reply
  2. Hi Rohit,
    Many believe that after installing antivirus, the computer is totally secured, Hell No! there are still some security measure to apply to secure the computer, installing antivirus is just among the list

    Reply
    • if u have some virus/mailware, and doesnt noticed this, what problem u have at this time really ?
      i have no UAC
      i haver bitdefender total sec,
      i have the UP- DOWN load rate show at task. to see it nonstop, because i can down with 200Mbit and up with 12mbit…

      soooo, if i have any virus/mailware onboard, and ingame my ping doesnt goes over 20, dont notice some CPU RAM or NET load, there i dont have make at myselfe, wtf does some “viruses/mailware” ? i doesnt scarred, and all people get spend monney 4 this scarry thing who are at the end doesnt make u pain, u dont noticed u only scarred 4 this ? if i get paranoid, i can shut down the pc, and choose some backup thats me doesnt let get paranoid freaky.

      sometimes i think, all people are think ” OMMMMGGG have MAILWARE, one day longer, and the police comes, brake my dore and fuc*s me in the ass 24/7 365 ,….

      are u scarry ?

      Reply

Leave a Comment