Windows 10 Security with MS Products and limited 3rd Party Software

Discussion in 'other anti-malware software' started by Prototype0, May 18, 2016.

  1. Prototype0

    Prototype0 Registered Member

    Dec 21, 2006
    Hi Wilders,

    I'd like to know if it is possible to run a secure system using mostly the Microsoft security products baked into Windows 10 supplemented with very few third party programs. The setup would look something like this:

    Windows 10 Professional
    I'm aware of the privacy implications of Windows 10. What's the best way to mitigate those concerns? Something like O&O Shutup10 (is there a better option)? Are the concerns overblown?

    Standard User Account
    What's the best way to allow for admin elevation?

    Windows Defender
    Realizing that Windows Defender has poor detection rates, might possibly consider an on demand scanner such as MBAM or Emsisoft Emergency Kit.

    Windows Firewall
    Possibly consider a third party program to assist with outbound control. What would be the best option?


    How should EMET be configured to ensure it's doing what it's supposed to do?

    Internet Explorer / Edge
    w/ Smartscreen Filter
    Possible addons to consider: Adblock Plus, WOT

    Windows Media Player / Groove Music / Movies & TV
    I have limited experience with these programs. Are there any attack vectors / privacy issues with using them as opposed to something like VLC?

    Windows Mail
    Another program I have limited experience with. Any concerns using it?

    Office 365

    Is there anything else that should be considered here to ensure a secure system?


  2. umbrapolaris

    umbrapolaris Registered Member

    Feb 10, 2011
    in your mind ^^
    they just collect usage datas not your personal files...

    what you mean exactly?

    not so poor since Win10; MBAM, EEK , HMP scan once a week should be enough.

    Windows Firewall Control , an advanced GUI for WF.

    depend your need, you have plenty of guides on the net; mostly protect all your internet facing apps.

    Forget IE , i uninstalled it. Edge run in Appcontainer so basically safer than any other browsers except Chrome (which can be tweaked to use Appcontainer too)

    all Win10 Apps run in Appcontainer (aka sandbox) so safer than using classic media players like VLC and co (unless you use them in a sandbox program like Sandboxie)

    same as above

    Use EMET if you can't afford a stronger anti-exploit like HMPA or MBAE.

    you can make win10 Pro safer by playing with some registry and Group Policies tweaks.
  3. Grumlo

    Grumlo Registered Member

    Nov 14, 2015
    Umbra, can You write which prefer registry and Group Policies tweaks ?
    how can I use appcontainer in chrome ?
    when I use sandboxie and chrome can I turn on appcontainer too ?
  4. umbrapolaris

    umbrapolaris Registered Member

    Feb 10, 2011
    in your mind ^^
    way too many and each depend of your system and needs

    by the hidden setting: type Chrome://flags in adress bar

    You can but sandboxed Chrome will not be under Appcontainer; Sandboxie run in "Untrusted" Integrity level which is less than Appcontainer; however Sandboxie will sandbox ALL chrome processes.
  5. Martin_C

    Martin_C Registered Member

    Dec 4, 2014
    Hi @Prototype0,

    You will be absolutely fine and well protected when using Windows 10 with all the security natively built into the OS.

    I have been running Windows with strictly Microsoft security for years now. At work we strictly use Microsoft security. All the PCs I set up are strictly with Microsoft security.
    When adding all those machines up, we're talking about a lot of PCs.
    None are having any trouble. None are getting infected. Everything is running smooth. Year in and year out.
    You have nothing to worry about.

    Looking at the items you list - everything are looking good.

    Windows 10 Pro - the privacy concerns are, as you say yourself, overblown.
    Windows 10 sends back telemetry about possible failures or trouble that the OS faces during use. This is essential in order to fix bugs. Every user will have tiny differences in use patterns, and some will face bugs that are unknown to the majority. Getting telemetry on those rare cases, means that the not so frequent bugs are also brought to the developers attention and will also get fixed.
    Apart from that Windows 10 just gathers information to Cortana. Like all the other digital assistants, she of course needs to know your daily planning in order to assist you. Some users love getting this help, others prefer pen and paper. It's a personal choice that no one can guide you on. You either turn her on or off.

    Standard User Account - in my experience it's rare that I need anything elevated. I'm strict with staying in SUA.

    Windows Defender - will protect you absolutely fine. In Windows 10 you have the entire OS monitoring suspicious behavior. Windows Defender uses all that to both stop instant threats and those threats that takes time before showing their true nature.
    No need to add second opinion scanners.

    (And I might add that additionally you also have SmartScreen systemwide as well as in browsers).

    Windows Firewall will block everything inbound that needs to be blocked automatically.
    Outbound are set manually.
    And that is all you need.
    Outbound blocking on perimeter and outbound monitoring on individual PCs have value in enterprise. Zero in home user segment.

    EMET - of the items you mention, only IE needs it and that's included when installing EMET.

    Edge runs well with Adblock Plus. Just add filters according to your country.

    All the native media players you mention and Windows Mail in Windows 10, they are all UWP apps. Locked down and running sandboxed in appcontainer. No worries there either.

    And with Office 365, you are constantly on latest edition also. No worries either.

    So basically no concerns. You have everything covered already.

    And best of all - you can enjoy a trouble-free setup day in and day out. Nothing beats stability.
  6. Grumlo

    Grumlo Registered Member

    Nov 14, 2015
    Thanks :)