ACCOUNTS

What it is

When installing Windows 10, you'll be prompted to either log into your Microsoft account, if you have one, or you can choose to use a local account.

What's new

If you choose to use a Microsoft account, you'll be able to synchronize some of your settings between your devices (if you have multiple laptops, PCs or mobile with Windows Phone, but also for your other online accounts, such as Skype, Xbox, Hotmail, Outlook or Office 365).

If you'd rather use a local account, you'll find that you're not as limited as you would've been on Windows 8 or 8.1. This is a good option if you only have one device you use Windows 10 on or if you want enhanced privacy.

Where to find it

Click on the Windows icon in the bottom-left corner. Go to the top of the window and click on the username (this can be either the local account or your Microsoft account).

Here, you'll find 3 options:

Change account settings

Lock

And Sign out.

Click on Change account settings to adjust detailed settings such as:

Windows 10 Security Guide - Detailed Account SettingsWindows 10 Security Guide - Detailed Account Settings

Billing info, family settings, subscriptions, security settings and more for your Microsoft account (if you chose to log in with it) - this setting will take you to https://account.microsoft.com/about, where you can manage all these details;

Sign in with a local account;

Choose a picture for your account or create one using your computer's camera;

Add other accounts to access email, calendar and contacts from; you have the following options:

Windows 10 Security Guide - Add Email Account

You can also add another Microsoft account or a work or school account to your device:

From here you can also customize your sign-in options, such as:

Pick when Windows 10 should require you to sign in again;

Choose or change a password for your account;

Set up a PIN to use instead of passwords;

Set up Windows Hello to use biometric-based authentication, such as your fingerprint, instead of passwords;

Windows Hello helps address this challenge with a biometric alternative to passwords which provides enterprise-grade secure instant access to your Windows 10 devices* and Microsoft online services. Using just your finger print or even your face, Windows will greet you by name, providing a fast, secured, password-free way to log in.

Source: Security in Windows 10

Set up a picture password.

In the "Work access" section you'll be able to connect to your workplace or school account to get access to the data you have stored there.

In the "Family & other users" section, you can set up dedicated accounts for your kids or other family members, with settings of their own. Here, you can also create guest accounts with limited access, to keep your system and data safe from intrusion.

Windows 10 Security Guide - Family and Other Users Access Microsoft Account

In the "Sync your settings" section, you'll be able to... sync your settings across devices (obviously). You can see, at a glance, what options you have and decide if and what data you want to make available on other devices you own that run Windows 10.

Windows 10 Security Guide - Sync Windows 10 Settings

There's also another way to find the Account settings: Start > Settings > Accounts.

Available on

All Windows 10 versions.

How it works

If you choose to use a Microsoft account, you'll be able to sync settings such as: theme preferences, Internet Explorer settings, passwords, language preferences, Ease of Access and other Windows settings across devices.

However, if you chose to use a local account, you won't be able to sync settings and preferences across devices. Also, you won't have the possibility to install applications from the Windows Store, because it requires a Microsoft account to do so.

Key takeaway

Set up an account that doesn't have administrator privileges to limit the damages that a potential malware infection can cause. Use a local account if you want to protect your privacy and send as little information to Microsoft as possible.

Settings, tips & tricks

No matter which option you choose, we recommend setting a strong password for your Microsoft account or for your local account. Also, if your computer supports biometric authentication via Microsoft Hello, we highly recommend you start using it (today). Picture passwords are also a good way to enhance your security, so try out and see what works best for you.

For a more in-depth look at using user accounts on Windows 10, we recommend the following resources:

Should you use a local or a Microsoft account in Windows 10?

How to Set Up and Configure User Accounts on Windows 10

How to manage Microsoft and user accounts in Windows 10

UPDATES & SECURITY

This is your go-to section for security-related settings and more. Let's take a peek into what it can help you do.

WINDOWS UPDATE

What it is

You probably already got it from the name that this is the place where you get your system updates. And it's also where you can choose how to receive and install these updates.

What's new

Windows 10 has been criticized for limiting how users can manage Windows updates. The biggest change is that users can no longer selectively install updates. You get them all at once and they can actually be installed automatically or you can choose to be notified to schedule a restart.

Windows 10 Security Guide - Choose How Update Are Installed

You can choose to defer upgrades, but you'll still get security updates automatically (and that's a very good thing):

Some Windows 10 editions let you defer upgrades to your PC. When you defer upgrades, new Windows features won't be downloaded or installed for several months. Deferring upgrades doesn't affect security updates. Note that deferring upgrades will prevent you from getting the latest Windows features as soon as they're available.

Source: Defer upgrades in Windows 10

You may not be able to selectively install updates, but you can still see your full update history in the dedicated section:

Windows 10 Security Guide - Update History

And if you're an early adopter or just plain curious, you can check the "Get Insider Preview Builds" to be part of the first few who get updates and improvements for the OS.

Where to find it

Follow this path to find it: Start > Settings > Update & Security > Windows Update. Clicking on Advanced options takes you to the aforementioned options.

Available on

All Windows 10 versions.

How it works

Well, in Windows 10, updates work by themselves. All you have to do is sit back and choose when to install them or just let them follow their course and install automatically.

If you really, really want to keep updates from installing automatically, there's a workaround, but we don't recommend it. Keeping your system up to date is crucial to your data's security!

Key takeaway

Windows 10 will install operating system updates automatically, which is a great thing for your security. Keeping your OS and all your apps up to date is crucial for preventing malware infections and other cyber threats.

Settings, tips & tricks

If you want to read more about Windows Update in Windows 10, check out these useful links:

What You Need to Know About Windows Update on Windows 10

How to Manage Windows Update in Windows 10

WINDOWS DEFENDER

What it is

Windows Defender is a software that attempts to detect and remove malware from your Windows-based computer. Microsoft released Windows Defender as an antispyware program initially, but improved it and embedded it into the operating system starting with Vista.

What's new

In Windows 10, Windows Defender comes with real-time antivirus capabilities. Another benefit is that it's simple enough to use that anyone can enjoy its benefits. The software runs in the background, scanning your files and offering a basic level of protection for all Windows 10 users.

In terms of protection, you can't expect it to perform the way a paid antivirus would. Here is a snapshot of the analysis that AV-TEST performed in October 2015. On Windows 10, Windows Defender scored:

3.5/6 in terms of protection effectiveness

4.5/6 when it comes to performance

And 6/6 for usability.

Windows 10 Security Guide - Windows Defender AV Test

Where to find it

Get there by following this path: Start > Settings > Update & Security > Windows Defender. Here, you'll be able to tweak the settings to your liking.

Available on

All Windows 10 versions.

How it works

Windows Defender offers a primary level of protection for your PC by finding and stopping malware from running on your PC. You can also choose to enable Cloud-based protection and Automatic sample submission to send Microsoft data about malware samples. This helps improve your protection and enhances Windows Defender for all users as well.

Should you want it, you can select to add exclusions in Windows Defender, but this will make your PC more vulnerable, as those files won't be scanned (obviously).

When you open Windows Defender, you'll see that you can perform three types of scans: Quick, Full and Custom. If you choose to use Windows Defender as your antivirus product, we recommend doing a Full scan as often as possible.

If Windows Defender finds any malware or suspicious files, it will clean it up and quarantine the files automatically. Should this happen, you'll get a "Malware detected" notification or a "Detected threats are being cleaned" one.

In Windows 10, Defender will get automatic updates, which are delivered automatically via Windows Update.

In the History tab in Windows Defender, you'll see a list of quarantined items, allowed items and all detected items on your PC, if you're one to be curious about such details.

If you choose to use a different and more effective antivirus solution (highly recommended!), Windows 10 will automatically disable Windows Defender. That's because two antivirus solutions can't coexist on the same operating system.

All the options in Windows Defender will be grayed out and, when you try to open it, you'll get this message:

If you uninstall your antivirus of choice, Windows Defender will automatically turn back on and provide protection for your computer.

An important note is that you can also use Windows Defender offline:

If Windows Defender finds a virus it can't remove, it will prompt you to download and run Windows Defender Offline.

Once your download is complete, your PC will automatically restart into the recovery environment, where Defender will run a more complete scan of your system and remove threats.

Source: Using Windows Defender Offline

Key takeaway

Use Windows Defender as a baseline antivirus to protect your system until you can find a more reliable antivirus solution. But please keep in mind that it can't ensure sufficient protection against advanced cyber threats, such as ransomware.

Settings, tips & tricks

The following articles offer more in-depth advice on how to use Windows 10 or how to manage it to better fit your protection needs:

How to Use the Built-in Windows Defender Antivirus on Windows 10

What's the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)

Picking a Windows 10 Security Package

BACKUP

What it is

One of our favorite subjects is the constantly disregarded backup. There is no such things as too many backups, so we strongly encourage you to use this feature and some other backup systems as well.

Windows Backup provides a simple way to create a copy of your data on a connected disk drive (external storage device), so you can make sure that your data is safe if something happens to your computer. That something could be a malware infection, theft or physical damage, so don't believe it can't happen to you.

What's new

On Windows 10, the Backup option is extremely easy to use. It also provides a way to start your own backup routine to help keep your data backed-up over time. It's something you'll definitely thank yourself for!

There are two types of backups you can perform:

File History - useful if you want to back up your documents and other important files, and also the previous versions of those files. This way, you can recover older file versions if you need them

System image backup - this helps you create a full system image backup. You can perform a full system restore from this backup.

For more details on both these options, check out the recommended links at the end of this section.

Where to find it

As always, the Start menu is the place you want to begin with. The Backup option is also included in the "Update & security" section in your Settings app on Windows 10.

Available on

All Windows 10 versions.

How it works

It's super easy to get started, so you really have no excuse for not doing it. Just select an external drive or a network location and then let the app do the work. According to Microsoft:

All set. Every hour, we'll back up everything in your user folder (C:\Users\username). To change which files get backed up or how often backups happen, go to More options.

Source: Back up and restore your files

Key takeaway

Keeping at least one backup of your data is the best insurance you can get that your information will be available in case anything happens to your computer. It's recommended that you keep at least two back-ups of your data, one in the cloud and one on an external hard drive.

Settings, tips & tricks

This small collection of links is exactly what you need to get step-by-step advice on how to back-up your data on Windows 10:

How to Use All of Windows 10's Backup and Recovery Tools

How to create an image backup in Windows 10 and restore it, if need be

How to use Windows 10's File History backup feature

RECOVERY

What it is

You may find yourself in need to do a system recovery at some point. The cause could be one of the following, as presented by Microsoft:

By using your backup from a restore point, you can revert back to it to fix your potential issue.

What's new

In Windows 10 you get three different recovery options which give you different ways to do a system restore, either a full or a partial one.

Moreover, in case you upgraded to Windows 10, you'll have a month to change your mind and go back to a previous version of Windows.

This will keep your personal files, but it'll remove apps and drivers installed after the upgrade, as well as any changes you made to settings.

Source: How System Restore & Factory Reset Work in Windows 10

Where to find it

Go to Start > Settings > Update & Security > Recovery to start using any of the three options presented below.

Available on

All Windows 10 versions.

How it works

In Windows 10, you have three options:

Reset this PC - this option lets you keep your files or remove them, and then reinstalls Windows;

Go back to an earlier build - if the Windows 10 build you have installed doesn't work for you, you can choose to go back to an earlier one;

Advanced startup - you can use a USB drive or a DVD to change the Windows startup settings, or restore Windows from a system image.

Key takeaway

Backing up your data is one of the best things you can do for yourself, but knowing how to recover your data from backups is half of this process. Using the Recovery option offered by Windows 10 will help you save time and effort.

Settings, tips & tricks

If you'd like to explore in detail each of the recovery options that Windows 10 features, these helpful resources will provide all the answers:

Recovery options in Windows 10

How System Restore & Factory Reset Work in Windows 10

How to Reset Your Windows 10 PC

FIND MY DEVICE

What it is

Losing a device or having it stolen is one of the most terrible things that can happen to your digital life. We all know we shouldn't get so deeply attached to our laptops, smartphones or tablets, but we can't help it. Our stuff is on them and we need that stuff, either for work or personal purposes.

So it's a great thing that the "Find My Device" option was introduced in Windows 10. It works just like it would on a smartphone, if you're familiar with it. You can use "Find my device" to find your laptop if you misplaced it or if it was stolen (which we hope never happens).

This is a free service we recommend you enable (if you're not worried about Microsoft getting your location data).

What's new

The option is entirely new and Microsoft periodically gets your device's location so you can see where your laptop is. And, from our experience, its ability to pinpoint the exact place is quite good.

If you're worried about privacy issues, here is an excerpt from the Windows 10 Privacy Statement:

Examples of data we may collect include your name, email address, preferences and interests; location, browsing, search and file history; phone call and SMS data; device configuration and sensor data; voice, text and writing input; and application usage.

Source: Privacy Statement, Data We Collect

Where to find it

This is how to find the option on your device: Start > Settings > Update & Security > Find My Device.

Available on

All Windows 10 versions.

How it works

First, in order to set up "Find My Device" you have to be logged into your Microsoft account and log in with administrator rights.

To change settings for Find My Device

Set up Find My Device to save your location every few hours so it's easier to locate your device. To change these settings, make sure you've already turned on the master location setting on your device and signed in on your device using your Microsoft account.

Sign in to your device as an administrator.

On your device, go to Start, then select Settings > Update and Security > Find My Device.

Turn the Find My Device setting on.

To find your device

Go to account.microsoft.com/devices. If you're prompted to sign in, use the same Microsoft account you used to sign in on your device.

Choose the device you want to find, and then click Find My Device.

You'll see a map with your device's location.

Tips from Microsoft:

Not seeing the latest location? Make sure you're signed in with the same Microsoft account as the administrator on your device.

Your device only sends its location if it's connected to Wi-Fi and has enough battery power.

Source: Find a lost phone or device

Key takeaway

This feature can help you recover your lost or stolen computer, so it may be tremendously helpful when you least expect it. You'll have to trade off a bit of your privacy to do so (location data), but, in return, you can end up recovering your device when you most need it.

Settings, tips & tricks

Leverage the "Find my device" option to keep your Windows 10 gadgets safe and locate them asap. These links can help provide more details on how to connect to your account and trace your device's whereabouts:

How to turn on Windows 10's Find My Device feature

Find a lost phone or device

BITLOCKER ENCRYPTION

What it is

BitLocker is a full disk encryption feature integrated into Windows 10 that you can use to protect your data by encrypting it. Using BitLocker is easy, because it's built into the operating system, so there's no need to use additional software to encrypt and decrypt your data.

BitLocker was first introduced to Windows Vista users and had been present on every Windows version ever since.

According to Microsoft:

BitLocker ensures that data stored on a computer running Windows Vista [in our case, Windows 10] remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.

Source: Windows BitLocker Drive Encryption Step-by-Step Guide

What's new

Here's where it gets a bit technical, but bear with me. In Windows 10, BitLocker supports the XTS-AES encryption algorithm, which makes the encryption stronger. And there are also a few details that only apply to Windows 10 usage in companies, so, if you're interested, you can check out the details on the Microsoft website.

Where to find it

To find your encryption options, search for "control panel" in the search bar included in the Windows 10 taskbar.

Choose "System and Security":

And then go to BitLocker Drive Encryption:

Available on

BitLocker encryption is available on Windows 10 Pro and Windows 10 Enterprise.

How it works

As Microsoft says:

You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

Source: BitLocker Drive Encryption

There are a few details you should go over before starting to encrypt your drive though, and we've collected them below.

Key takeaway

Encryption is an important safeguard for both your security and your privacy. Keeping your data encrypted will help you protect it against prying eyes and malware attacks of all kinds. It may take a bit to set up your system, but it will be easier to maintain afterwards.

Settings, tips & tricks

Ready to encrypt your hard drive and add an important layer of protection for your data?

The guides below will help you get set up and master BitLocker encryption like a pro:

How to enable BitLocker encryption without a TPM chip in Windows

How to Set Up BitLocker Encryption on Windows

Windows BitLocker Drive Encryption Step-by-Step Guide

TRUSTED APPS

What it is

This is a new feature integrated into the Windows Store. Long story short: every application distributed through the Windows Store has to be signed by either Microsoft or by a trusted vendor. This helps reduce the number of dangerous applications that can harm your data's safety or privacy from being sold or distributed through the store.

What's new

The Windows store in its actual form is rather new (it first appeared in this form on Windows 8). So the app vetting process is also recent. You may rush to compare it to the system that Apple uses for its App Store, but Microsoft's approach is probably not as thorough as Apple's.

However, this is a security layer that's more than welcome and that hopefully Microsoft will continue to build on.

Where to find it

You can find the Windows Store by clicking on Start > Store.

Once you find the app you need, scroll to Additional information and check:

The publisher's name

Its age rating (especially for protecting your children)

The type of permissions that the app requires

If it offers additional links for supplemental information.

Should an app cause you trouble, you can go to the app's page in the Windows Store and report it to Microsoft, so they can take the appropriate measures.

Where to find it

All Windows 10 versions.

How it works

Microsoft or trusted vendors verify the app so that it meets the Microsoft Store security standards. Only after that will they allow it to show up in the store for distribution or sale.

In order to download or buy apps from Windows Store, you'll need to log in with your Microsoft account.

Key takeaway

By knowing which details to check in the Windows Store, you'll be able to avoid installing rogue apps and thus giving cyber criminals a way into your computer. Also, the filter put in place by Microsoft will help keep you protected from most malicious apps.

Settings, tips & tricks

There is not that much information out there about Trusted Apps in Windows Store, but this might help fill in some blanks:

Top Windows 10 Security Features Explained

SMARTSCREEN FILTER

What it is

According to Microsoft, SmartScreen Filter is a technology embedded into the Windows Store and in Microsoft Edge that helps protect you against phishing attempts.

What's new

SmartScreen has been around since Windows 8, so there's not much new about it. Read below for more information on how it works.

Available on

All Windows 10 versions.

Where to find it

You can turn the SmartScreen Filter on and off by going to Start > Settings > Privacy > General. There, you can "Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use."

Remember that SmartScreen Filter is also embedded into Microsoft Edge. Here's how to find the option in Microsoft's latest browser. Follow this path: Edge > Settings > Advanced Settings and turn on "Help protect me from malicious sites and downloads with SmartScreen Filter."

How it works

According to Microsoft, here's how SmartScreen kicks into action:

As you browse the web, it analyses webpages and determines if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.

SmartScreen Filter checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a warning notifying you that the site has been blocked for your safety.

SmartScreen Filter checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen Filter will warn you that the download has been blocked for your safety. SmartScreen Filter also checks the files that you download against a list of files that are well known and downloaded by many Internet Explorer users. If the file that you're downloading isn't on that list, SmartScreen Filter will warn you.

Source: SmartScreen Filter: frequently asked questions

Key takeaway

Even though you may find the SmartScreen Filter annoying at first, it's really useful to have it on. We suggest you keep it activated for potential malicious apps that might try to install themselves on your computer.

Settings, tips & tricks

If you're curious to read more on the SmartScreen Filter, here are two resources to help you achieve just that:

What is the SmartScreen Filter & How Does it Work?

SmartScreen Filter: frequently asked questions

MICROSOFT EDGE

What it is

Microsoft Edge is the default browser in Windows 10, and its role is to replace Internet Explorer on all devices in the Windows ecosystem.

Edge claims to be a rather safe browser, because of the various integrated security settings and because it limits add-ons and plugins that can have a potential harmful impact.

What's new

Bottom line: quite a lot. We won't get into the details of all the behind-the-scenes action here, but we'll mention some security aspects that you may find useful.

Microsoft Edge no longer supports the extensions VML, VB Script, Toolbars, BHOs or ActiveX. For non-techies, this means that Edge is more secure because it gave up on using some technologies that were often exploited by cyber criminals.

Edge also features increased protection against code injection, which is essential to protect against a large part of cyber attacks that target browsers (more details in this Microsoft blogpost).

The new Microsoft Edge also includes the SmartScreen Filter feature that we mentioned earlier, which is meant to protect users against phishing.

What's more, Edge constantly runs in a partial sandbox. Sandboxing is a technique used in security to run a program in a controlled and contained environment, so it can't affect other apps or data.

Java is not supported in Edge, but Adobe Flash is and let's not forget that Flash was one of the most vulnerable and exploited plugins in 2015.

Yes, Adobe Flash is supported as a built-in feature of Microsoft Edge. We continue to work closely in partnership with Adobe to provide this version of Flash, which we support and service via Windows Update.

Source: Microsoft Edge FAQ

Where to find it

Just go to the Start menu and you'll find Edge in the "Life at a glance" section, as Microsoft chose to name it.

Key takeaway

Using Microsoft Edge can actually be safer than using Firefox or Chrome, as it doesn't support vulnerable plugins. It can also be protected with an additional security product which has web filtering capabilities and a VPN for enhanced privacy.

Settings, tips & tricks

Protecting Microsoft Edge against binary injection

3 Security Features in the Microsoft Edge Browser that We Love

A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent...

Microsoft Edge Brings Bigger, Badder Security to Windows 10

CYBER THREATS TARGETING WINDOWS 10

Cyber criminals knew Windows 10 was coming and they've prepared for it. The new operating system brought some improvements in terms of security and some changes, but the most vulnerable applications continued to exist.

The most targeted applications you may be using on Windows 10:

Internet Explorer

Google Chrome

Mozilla Firefox

Oracle Java

Office Word

Office Excel

Adobe Acrobat Reader

Adobe Flash and Flash plugin

It's no wonder that cyber criminals are keeping up with the times and adapting to Windows 10's specific elements.

In November 2015, our team at Heimdal Security picked up and analyzed a new variant of the infamous banking Trojan Dyreza.

The results of the analysis show that the info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers.

Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software, in order to make its infiltration in the system faster and more effective.

The cyber criminals behind Dyreza often spread the malware via "spray & pray" spam campaigns, which are sent to random recipients.

Source: Security Alert: New Dyreza variant supports Windows 10 & Edge

Threats such as ransomware, banking Trojans and data-stealing malware won't go away just because a new OS is released. That's why it's important to know and adjust your security settings to counteract their malicious tactics.

And you're certainly interested in solutions, which we're very keen on offering.