Best tips to keep your Windows 10 PC protected against malware
In this Windows 10 guide, we'll walk you through nine tips to keep your desktop, laptop, or tablet and data protected against virtually every type of malware, including viruses, ransomware, worms, Trojans, spyware, adware, and other malicious programs.
• 1. Update Windows 10 and software
• 2. Upgrade to the latest version of Windows 10
• 3. Use antivirus
• 4. Use anti-ransomware
• 5. Use firewall
• 6. Use verified apps only
• 7. Create multiple backups
• 8. Train yourself
• 9. Dealing with a malware infection
1. Update Windows 10 and software
Perhaps the single most important step you can take to keep your device and data safe and secure is to maintain Windows 10 and programs always updated.Software companies, such as Microsoft, are continuously rolling out updates to patch potential vulnerabilities that can be exploited by hackers.Although updates download and install automatically on Windows 10, you can always make sure that your system has the latest patches installed on Settings > Update & Security > Windows Update, and clicking the Check for updates button.Also, it's important to periodically check and install updates for any software installed on your computer. On Windows 10, apps you acquire from the Microsoft Store will update automatically as soon as a new version becomes available. However, classic desktop applications will not (in most cases) because they have different update mechanisms. Always check the software company's support website to download and update your programs.
2. Upgrade to the latest version of Windows 10
Because your device is running Windows 10, it doesn't necessarily mean that it's using the latest version.
Windows 10 was originally launched in 2015, and since then, Microsoft has released multiple feature updates adding new features and changes to improve performance, productivity, and more importantly, the company has been implementing many security enhancements.If you want to keep your device protected against malware, you always want to be running the latest version.Similar to those updates you get every month, new versions of Windows 10 are available free of charge, and they usually download an install automatically. However, if you're still not running the latest version, there are multiple ways to upgrade manually, including using Windows Update, Update Assistant, and Media Creation Tool, which allows you to perform an in-place upgrade as well as perform a clean install of the latest version.
Quick Tip: To find out which version of Windows 10 your PC is running, use the Windows key + R key combo, type winver, and click OK. If it reads version 1709, then you're running the Fall Creators Update.It's worth noting that at the time of this writing the Windows 10 Fall Creators Update (version 1709) is the latest version. The Spring Creators Update (version 1803) is expected to roll out in April 2018.
3. Use antivirus
Antivirus is a must-have component on every computer to detect and remove malware before they can compromise your files, affect performance, or crash your device.However, it's not a piece of software that you install once and never think about again. You must keep it up to date to stay protected against the latest threats, including viruses, worms, ransomware, and other malicious code.
Windows Defender Antivirus
Out-of-the-box Windows 10 includes the Windows Defender Antivirus, part of the Windows Defender Security Center, and it offers excellent real-time protection from viruses, ransomware, spyware, worms, rootkits, and Trojans.
The Windows 10 built-in malware solution should be more than enough protection for most users. However, there are a lot of third-party security solutions that you can use. Some of them are free and others you have to pay a subscription feed.
If you don't know which one to get, check out our antivirus recommendation guide for Windows 10.
4. Use anti-ransomware
Although viruses remain one of the most common types of malware threats, ransomware attacks are becoming very popular. Ransomware is another kind of malware that's capable of locking you off your device by encrypting all of your files and demanding you to pay a ransom, typically in Bitcoin, to unlock everything (without any guarantee).
Controlled folder access Starting with the Fall Creators Update, Windows 10 includes an anti-ransomware feature known as "Controlled folder access." This feature not only prevents ransomware from taking over your device and taking your data hostage, but it also blocks other malicious programs from trying to make unwanted changes to your files.
If you're concern about these new types of attacks, you can follow this guide to enable and configure Controlled folder access on your Windows 10 computer.
5. Use firewall
Another way to protect your desktop, laptop, or tablet from malware is to use a firewall.
A firewall is a software- or hardware-based program that helps to block malicious attacks from hackers, worms, ransomware, viruses, and other types of malware trying to access your computer from the internet and local network to steal your information.You'll find a lot of third-party security tools that provide network security protection, but Windows 10 includes a very efficient firewall built-in.Windows Firewall is usually enabled by default, but it's important to make sure it's working correctly on Windows Defender Security Center > Firewall & network protection, and make sure that each network connection reads "Firewall is on." If it reads "Firewall is off," click the Turn on button. Or click the network connection link, and under "Windows Defender Firewall," turn on the toggle switch.
6. Use verified apps only
We can't stress this enough. At all cost, avoid downloading and installing apps from unknown sources, always try to download software from their official websites. On Windows 10, whenever possible, only download apps from the Microsoft Store, which have been verified by Microsoft to ensure that they don't include malicious code, and they work as advertised.
If you want to take malware protection one step further, you can enable a feature on Windows 10 to block users from installing classic desktop (win32) programs outside of the Microsoft Store. This option will not only prevent anyone from getting apps from untrusted sources, but it'll also block potentially harmful programs that try to install automatically without your consent.
Alternatively, you can also use a standard user account instead of an administrator account to prevent installing harmful programs or malicious code from trying to execute code using elevated privileges.
7. Create multiple backups
One of the best ways to protect your computer and files from malware attacks is to make regular backups. If you're concern about your files getting compromised, you should always consider creating a least two backups: one to keep offline and another to keep off-site, in the cloud.
Your recovery plan must include a full backup of your system and data to keep offline using an external hard drive or a local network location (for example, Network-attached Storage (NAS)). This is the kind of backup that will ensure you can recover from any malware infection, errors, hardware failure, and accidents. When it comes to protecting your data, there's no such thing as too many backups. If you can make a backup of the backup that you can store off-site, don't hesitate and just do it.
After creating a full backup, always remember to disconnect the drive and store it in a safe location, or disconnect the network location where you store the backup. This is because if the drive stays online and accessible from your device, malware can still get to it and infect those files too.If you're running Windows 10, you don't need to get a third-party backup program, as you can use the built-in System Image Backup tool to make a copy of everything on your computer, including files, apps, settings, and Windows installation.Alternatively, if you don't have a lot of files, you could just copy and paste your documents on a USB flash drive regularly. You should be making a full backup once a day, but if your files don't change very often, you should consider backing them up at least once a week. If you're dealing with business data, you should be making backups at least once or twice a day.
An online backup is perhaps one of the best ways to protect your files against malware as well as to protect yourself from data loss as a result of accidental deletion, hard drive failure, and natural disasters.
OneDrive is the simplest online backup solution a Windows 10 user can use, but this solution should only be considered to protect files against hardware failure, theft, or natural accidents. If malware infects your files, OneDrive is likely to sync the modified files rendering them unusable.
The only disadvantage with most cloud storage services is that they don't offer bare-metal recovery. If that's something you must be able to do, you could create a full backup using the System Image Backup tool, for example, and then upload the package to a paid cloud storage service, such as Amazon Drive, Google Drive, etc.
8. Train yourself
The best tool to protect your system and data is yourself. Usually, a device gets infected with malware and data gets compromised as a result of someone clicking a link on a specially crafted email or a website pop-up, or someone installing an application from an untrusted source.
When checking emails, only open those emails from senders you know, or from senders you're able to identify, and then delete anything that looks suspicious. Typically, you can quickly detect spam emails because they have a lot of grammar errors and typos.Malware can hide on pop-ups that appear on websites you visit. If the pop-up doesn't look legit, do not click the image or link, just close the window. Sometimes specially crafted pop-ups will be impossible to close, if this is the case, go ahead and just restart your device.
Only use your typical modern web browsers, such as Microsoft Edge, Google Chrome, and Mozilla Firefox. These applications are always getting updated, and they feature excellent built-in security, and most of them can warn you of a potential security problem and keep you away from unsafe websites. If you get a warning, don't try to find a way around it, as there's probably a good reason that it's not letting you load the page.
9. Dealing with a malware infection
If a virus, worm, ransomware, or another type of malware sneaks in, the first thing you want to do is to disconnect your computer from the network. You can do this by unplugging the Ethernet cable, disabling the Wi-Fi adapter, or turning off the router to prevent spreading the malware to other devices.
Then open Windows Defender Antivirus and use the offline scan feature. Alternatively, if you don't have control of your computer, on a different device, use these instructions to create a bootable media with Windows Defender to perform an offline scan to remove the threat.
Many antivirus software supports the ability to perform an offline scan. If you're using a third-party security software, check your vendor support website for the instructions on how to perform an offline scan.
If none of the steps have worked to remove the malware, then you should restore your system using the latest backup available. In the case, you only have a backup of your files, use these steps to do a clean install of Windows 10. After the installation, you'll need to reinstall your applications, re-apply settings, and restore files using the most up-to-date backup.