Edit: Folks, please focus SPECIFICALLY on Windows 10 security issues as per thread title. So, YOU are on Windows 10, and I have the following questions for you: Any experiences with bare bones Windows 10 security? What is your security setup with Windows 10? Thanks!
I see a lot of friends talking about how Windows 10 updates can break things, so if stability is important to you I'd recommend waiting a little bit more. But if you had no problems so far, why not? Windows 10 isn't too different from 8, I think Microsoft learned the lesson and will probably never create a new OS from scratch again, at least for a long time. 7 is pretty much Vista with little improvements. 8 is pretty much 7 with different UI and little improvements. And 10 is pretty much 8 with different UI and little improvements. What they did wrong with 8 was the Metro interface by default, because the system itself isn't too bad for Microsoft standards.
I don't hesitate to say that Win 10 is the best Microsoft's OS I have ever used. Stable, fast, no updates issues. As far as security is concerned I'm using Norton Security and Adguard. Both work flawlessly. I don't see a reason why to stay on 8.1, imho.
Check your hardware for incompatibility, not Microsft self-check, but hardware forums. On my notebook, for instance, I have to keep an old driver installed to use my AMD 265M graphics driver. If I update to the latest version all games will stutter and I get crashes.
The security improvements in windows 10 are long overdue by Microsoft, but imho the privacy holes they punched in for data collection and the security challenges that come with this push for a web services design erode any major advantages you might have hoped for. I think windows 8 was their alpha and windows 10 is the beta. To be fair, a lot of proprietary software that we use has just recently become compatible following the November updates. Still other software, such as sandboxie still do not function properly on Windows 10 despite the compatibility claim on the web site and this includes running a recent beta version. The event viewer should also be investigated for any software you install. Panda Cloud AV installed fine on windows 10 back around July and appeared functional, but the event viewer told a different story then. I think overtime more and more software will become compatible, but if all you need your computer for at this time is word processing, checking e-mail, browsing, etc. then Windows 10 works. But I'd urge caution if you go beyond standard use given the uncertain compatibility of some software despite claims by vendors. What is working on my 64-Bit Laptop: Comodo FW v8 Shadow Defender + Chrome Browser MBAE
My basic security setup for Windows 10 is not that different from any other versions. I use a LUA and set ACLS and Applocker so scripts and executible files can only execute in the Windows and Program Files directories. I have Windows defender enabled and Emet installed. I have Smartscreen enabled as well. I disable a lot of services both for performance and security. Any remote access and remote desktop services are disabled as well as remote registry. I edit group policy to disable autoruns on all devices and to not allow execution of programs on removable drives. There are other group policy tweaks as well but these are the most important ones. In earlier versions of Windows I used SRP instead of Applocker but Applocker is the stronger of the two and overides SRP. I've found the 1511 upgrade to be somewhat problematic and more intrusive than the original July 29th release. It uninstalled software in my system without informing me and completely broke Virtualbox. I only have a test install of it on a spare drive at this point and have no intention of using it. In systems that originally ran Windows 7, I found no advantage to upgrading to Windows 10 at all. No noticeable speed increases, boot times about the same, uglier GUI. Less stable overall with lots of software incompatibilities that start showing up with use. I currently have two test systems that mulitiboot Windows 7, Windows 10 and Linux and I can compare them quite easily and run the same software on both versions of Windows for speed and compatibility testing.
What security improvements has Microsoft actually made in Windows 10? Edit: FWIW, this is what Microsoft itself says, up for discussion: https://technet.microsoft.com/en-us/library/mt637125(v=vs.85).aspx
At the moment, most of the security improvement are under-the-hood and brought over from changes made in windows 8. For those of us making the jump from 7 to 10, these immediate improvements such as the expansion of the smartscreen filter beyond the browser are good news. I've been following the discussion about newer features including: credential guard, device guard, guarded fabric and vTPM. But for me, the real change comes from obvious enhancements such as built-in virtual desktops and Viridian Hypervisor Kernel. Obvious who will benefit from these future features will depend on what version of windows you decide to run and it still won't mean much if they compromise security for the sake of convenience (i.e., biometric login and sans password authentication) and other gimmicks like universal apps which don't had anything except a common/shared attack surface that will affect multiple devices. We could argue apples and oranges about what is considered an improvement, but I think Microsoft at the very least deserves some credit. The Windows 10 update isn't simply Windows 7 with a fancy new Window's 8 GUI overhaul. Having said that, I've decided to limit my usage of windows 10 personally for business and school usage. Once I'm free of these obligations, I fully intend to dump windows entirely.
My list of tweaks through Group Policy (on my Desktop with Windows 10 Pro) and through regedit (on my Asus Book with Windows 10 Home). Turn Windows Features OFF Disable IE11 (use Chrome instead) Disable WMP (use Windows 10 Apps which are running in AppContainer) Use Edge as PDF-reader Disable Edge rules in Windows Firewall Disable Flash in Edge settings>view advanced settings>Use Adobe Flash (OFF) Disable Javascript in Edge [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings\Zones\3] "1400"=dword:00000001 Disable access to shell and scripts Disable 16-bits (32 bits) [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat] "VDMDisallowed"=dword:00000000 Disable command prompt and scipts [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System] "DisableCMD"=dword:00000001 Disable windows script host [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings] "Enabled"=dword:00000000 Disable powershell script execution [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell] "ExecutionPolicy"="Restricted" [HKEY_LOCAL_MACHINE \Software\Policies\Microsoft\Windows\PowerShell] "EnableScripts"=dword:00000000 Disable remote Block remote access to plug and play [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings] "AllowRemoteRPC"=dword:00000000 Block remote assistance [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "fAllowUnsolicited"=dword:00000000 "fAllowToGetHelp"=dword:00000000 "fDenyTSConnections"=dword:00000001 Disable USB (auto) run Disable autoplay for non volume devices [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer] "NoAutoplayfornonVolume"=dword:00000001 Deny USB Execute Access [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}] "Deny_Execute"=dword:00000001 Risk Mitigation Protect system DLL's [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "ProtectionMode"=dword:00000001 "SafeProcessSearchMode"=dword:00000001 Block untrusted fonts [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions] "MitigationOptions_FontBocking"="1000000000000" Disable file encryption [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS] "EfsConfiguration"=dword:000001 Block unsigned process elevation [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ValidateAdminCodeSignatures"=dword:00000001
Window Defender + Windows Firewall + UAC Mac = good for generally light usage. Install EMET from Microsoft and u got urself a complete Microsoft Security package. As long as you're not happy clickers + use ur brain when opening/ downloading things, barebones security should provide a basic yet essential protection.
+LUA WD with activated adware scan is really powerful. and it do not need admin rights at any time to work.
Okay I have a basic question. If I do a clean Win 7 x64 pro install, and add no security software, just leave win 7 as installed, and then run a piece of current ransomware, I know what will happen. Data lost. So now I do the same thing on the "more secure OS" Win 10 x64 Pro, nothing above standard 10 install, and run the same Ransomware. Will I be protected?
If I had to guess I would say it all depends on Windows Defender and SmartScreen. If any of those won't stop it nothing else in default setup won't help you.
You know the answer, to that question NO But when you use some of the features of the PRO version (see my security setup): YES
Disagree Peter, being right (factual correct) on some points does not mean your conclusion is correct. The moon is yellow, the moon is round and has craters resembling holes, so it must be made of cheese. Windows 10 is definitely a lot more secure than than Windows 7 even for Home versions: 1. Windows Defender on Windows 7 was just an improved XP derative of Giant Anti Spy-ware, while Windows Defender on Windows 8 and above is an Anti-Virus (or Anti-Malware) application (comparable with MSE) 2. MSE on older Windows OS-ses scored poorly in comparative tests (often just over 60% coverage), while Windows Defender on Windows 10, reaches 95% protection levels, because of the new (Windows 10) OS-aware feature. 3. Windows 10 media Apps all run in AppContainer, while Windows Media Player ran as Medium Level Integrity Process, definitely an improvement 4. Windows 10 has some anti-exploit enhancements over Windows 7 (stronger Sandbox and better memory protection Control Flow Integrity Guard) 5. EUFI and early and early anti-malware check at boot (only allowing safe and signed drivers to boot) provide better protection against rootkits
If you don't install an AV then Windows Firewall and Windows Defender ( a full AV) will be actively protecting that system which is not the case with Win7 (where WD is a crap anti-spyware program only).
Okay, guys I hear you. So let me rephrase the question. If I install win 10 clean and leave all it's security turned on how well am I protected from the current stuff circulating. Lets assume I do some bad clicking.
@Peter2150 While ignoring Smartscreen warnings, my guess is 95% (based on latest tests published) When refraining from executing programs with poor reputation, my guess would be on par with top tier AV's (so at least 99%) Regards Kees
Compared to Windows 8.1, how much more secure is Windows 10? Edit: I meant bare bones Windows 8.1 vs bare bones Windows 10