Microsoft
has gone to great lengths to improve the security of Windows 10 PCs and make
the built-in security software trustworthy against cyber-attacks that use
sophisticated methods to infiltrate victims' devices, and you can even count on
Windows Defender to protect your device without spending huge amounts of paid
third-party security software. However, most of the security features that
Microsoft offers in Windows 10 are disabled by default. Thus, if you are
concerned about the security of your device and at the same time do not want to
invest in third-party protection programs, you should not leave the default
protection settings in place, let me tell you the features that are necessary
to act now to reach the highest levels of protection on Windows 10.
1- Reputation-Based Protection
If
you download and install a lot of software on your computer, or do it
occasionally even from trusted sites, it is important to know that there is a
category of software that may cause your device to run slow, display random ads
everywhere, or in the worst case Installing unwanted additional programs in
malicious ways on the system to be a source of inconvenience and harm. This
class is called PUA for Potentially Unwanted Applications and in addition to
being harmful from a security point of view, it also takes up a lot of space on
the hard drive unnecessarily.
Fortunately,
since the May 2020 Update, Windows 10 includes a great feature called
Reputation-Based Protection that aims to help users protect their devices from
PUA software and block this unwanted software before it sneaks into their
devices. Additionally, Windows 10 will warn you before starting the
installation process or even before downloading. Indeed, after activating the
feature, while we were trying to download uTorrent, the program was immediately
blocked before we could install it because it contained a PUA.
But
note that Windows 10 only blocks the program and does not delete it
permanently, so if you insist on installing it regardless of the warnings, you
can unblock the program through the Windows Security application, and then you
can re-download the program and then install it. To learn more about the
feature and how to activate it as it is disabled by default, we recommend
reviewing the author Karim Ali’s topic entitled How to block malware
automatically after the new Windows 10 update.
2- Controlled Folder Access feature
As
you probably know, ransomware is one of the deadliest malware in the history of
computer viruses which is based on the “give and take” philosophy. Once you hit
your device in various ways, all the contents of the hard drive are encrypted
until the victim transfers an exorbitant amount to the hacker in exchange for
decryption. And what complicates matters is that the payment here is in
cryptocurrencies, the most famous of which is Bitcoin, which makes it
impossible to recover your files again in the event of this type of
cyber-attack. For our part, as a computer world blog, we have published a
number of articles that explain ransomware encryption viruses, protection
against them, and what you should do if you have to pay the ransom when
infected with ransomware viruses - God forbid.
But
Microsoft's response to this type of virus was represented in the innovation of
Controlled Folder Access, a wonderful feature included in Windows 10 that
allows the user to impose a layer of protection on the folders he selects so
that no program can modify the contents of these folders and block any
unauthorized changes. Thus, even when your device is infected with a ransomware
virus, it will not be able to encrypt the files inside those folders or make
modifications in any way, as they are generally immune to any external
interference beyond the user's will.
Because
it's a very important feature for anyone who has important files on their
computer that they don't want to lose, we've prepared a simple step-by-step
tutorial on Controlled Folder Access including how to enable it in a very easy
set of steps. So, if you are using Windows 10 and you have not used this feature
before, we recommend that you do it now before it is too late.
3- Memory Integrity feature
In
addition to ransomware, there are viruses called Rootkits that are no less
ferocious than their predecessors. This malware focuses on infecting the
Windows kernel - where the most sensitive system files and processes are
located - through many scenarios, most notably fake definitions.
So
that you understand what I mean, drivers are simply programs that act as a link
between the operating system and hardware components in order for the
computer's functions to function properly. Starting with the processor, through
the RAM and the hard disk, and not ending with the graphics card, sound,
network, mouse, and keyboard. Every part of the computer needs definitions to
send and receive data to/from the operating system. Thus, every company that
manufactures these parts also has to develop the software that runs after
connecting to the computer.
Because
drivers play an important role in the way a device works, Microsoft needs to
rigorously test all drivers provided by manufacturers before they are approved
and available for installation on Windows, in order to limit the presence of
drivers that contain malware that can access the Windows kernel. Tampering with
sensitive system files leads to system crashes and computer failures. This
means that any drivers that are installed on the device are checked by Windows
first in a process called "Code integrity" to ensure that they are
approved before completing the installation stages.
However,
some viruses such as Rootkits, when they infect the computer, tamper with the
unit responsible for verifying identification approval by Microsoft and thus
enable themselves to install a fake definition to get to the root of the system
or "Windows kernel" to harm the comfort because the task of removing
these viruses It is often a 'mission impossible.
This
is where the Memory Integrity feature in Windows 10 comes in. Its purpose is to
make the Code integrity process take place in a secure, isolated environment on
the device, thus making it impossible for Rootkits or others to gain access to
the Windows kernel by tampering with the driver's approval status check.
Therefore, it is necessary to activate it by opening the "Windows
Security" application, then clicking on Device Security, then Core
Isolation Details, and then pressing the Activate Memory Integrity key and you
will be prompted to restart the computer.
4- Windows Sandbox Feature
Windows
Sandbox is one of my favorite features and I think anyone who uses Windows 10
and downloads a lot of files and programs should use it. In short, this feature
creates an exact copy of the copy Windows currently installed on the computer,
but the copy that is created is "virtual" so that you can simply
install programs or open suspicious files in a secure environment isolated from
the master copy, and once you are done From working on this phantom copy
everything is deleted. In other words, if you download a program or file of any
type and you are sure that it is infected with viruses and malware, you can
install and run it through the Windows Sandbox and the viruses will not affect
the computer at all.
This
is also useful if you've enabled Reputation-Based Protection (which we talked
about earlier) and have been warned that there is an unwanted program on the
device, so if you're determined to run it no matter what Windows tells you, you
can do so inside the virtual safe environment that the feature provides you
Windows Sandbox Everything that happens there will have no effect outside of
the virtual environment. Therefore, it is considered one of the most important security
features that Microsoft provides in Windows 10.
Users
can activate the Windows Sandbox feature very easily by placing a check mark (✔) next to it
in the Windows Feature window and turning it on does not require a lot of
computer resources, but keep in mind that the virtual environment is completely
isolated, you cannot transfer files or programs from the current system (host)
to the virtual system, and vice versa.
5- Tamper Protection feature
In
a previous topic, we talked at length about what the Tamper Protection feature
is, including how to activate it because it is simply one of the important new
security additions to the Windows Security application in Windows 10. In short,
the importance of this feature lies in its ability to deter any attempt to
tamper with Windows security settings Whether through a program, a CMD command,
or changes in the registry.
To
get you started, let me tell you that malware like TrickBot, GootKit, and
Nodersok Trojans make a concerted effort to bypass Windows protection
represented by Windows Defender in order to stay on the infected PC as long as
possible or bypass its protections. To infiltrate the victim's device, the
first thing you do is circumvent the security control and disable the
protection settings. So, Tamper Protection's job is to prevent such malware
from changing or simply resetting your Windows Defender or Windows Security
settings. It is therefore necessary to ensure that this feature is active on
your device.
After all, Windows 10 is a huge operating system, so most of its features may be hidden or unpopular, including security-related features. But by activating the above-mentioned features, you can easily achieve maximum levels of protection on your device.