Windows PCs come equipped with several security protections by default. But those are not nearly enough to keep your device secure from the round-the-clock onslaught of new malware, ransomware, adware, and all types of cyberattacks. Fortunately, Microsoft bundles a range of additional Windows security settings in Windows 10 and Windows 11 that you can activate to ramp up your computer’s defenses.
Microsoft offers plenty of ways to enable your PC to proactively look out for threats and let you control how much personal data you want to share. Most of these options are disabled out of the box for an uninterrupted experience. Your Windows PC, for example, can warn you if you’re about to install a low-reputation app and even isolate your computer’s most vulnerable components from getting breached. Here’s how to switch on these features and improve your Windows PC’s security.
Automatically block fishy apps and websites
The most malicious websites and apps are the ones that don’t look out of the ordinary. But once you begin to browse or install them, they can cripple your PC by. For example, hogging its resources for secretly mining crypto, launching a flurry of unexpected pop-up ads, or worse, deploying harmful software like ransomware.
Microsoft calls such apps Potentially Unwanted Applications (PUA) and Windows can warn you about them before they damage your PC. Windows’ “reputation-based” protection keeps a lookout for known hostile files, apps, or websites and throws a warning every time you come across one.
To turn on reputation-based protection, go to Settings > Privacy & security > Windows Security > App & browser control and click the “Turn on” button under the “Reputation-based protection” section heading.
You can further customize how it works by hitting the “reputation-based protection settings” and choosing whether you’d like the tool to monitor all your content, such as web downloads and apps, or just a select few. We recommend leaving all the toggles on since it doesn’t adversely affect your experience other than a couple of alerts every now and then.
Isolate your computer’s most sensitive parts
Attackers target your PC’s most vulnerable modules to hijack it. A common and effective method to accomplish this is by injecting a piece of malicious code into basic drivers, such as webcams. Once a website misleads you into executing these programs, it can easily take control of your device and its data.
Windows 11 and Windows 10 can defend you against these attempts by isolating your computer’s core blocks like the memory. When this option is in place, drivers will have to verify themselves to access high-level processes and as soon as the software fails to do so, the operating system blocks it.
Go to Settings > Privacy & security > Windows Security > Device security > Core isolation details and switch on the “Memory integrity” toggle.
Make Windows’ anti-virus more effective
Microsoft’s anti-virus tool, Defender, is actively running in the background on your Windows PC to scan and terminate detected threats. However, there are times when Defender finds a file suspicious but cannot conclusively reach a verdict on it and leaves it on the user to make a decision.
Windows 10 and Windows 11 have a better, more accurate alternative to this setup: they can dispatch such inconclusive samples over to Microsoft for further analysis. While Defender holds the sample from operating, Microsoft processes it to inspect whether it’s malicious and automatically deletes or releases it.
You can opt into sample submission from Settings > Privacy & security > Windows Security > Virus & Threat Protection and click “Manage settings” from under “Virus & threat protection settings.” Turn on the “Automatic sample submission” option.
The reason this is optional is that it requires your PC to send your data to Microsoft. However, the company claims it doesn’t misuse it and informs you if a particular case involves your personal information.
Prevent advertisers from tracking you
Windows allows apps to show you ads relevant to your interests with a unique identification code. Every time you interact with an ad or when an app determines what you like, an advertiser uses that code to build a dossier on you and follow you across the internet as well as other programs. What’s worse, though this code is limited to your Windows PC, advertisers are infamous for identifying your activities across multiple devices like your smartphone and linking all your various advertising codes to keep tabs no matter what you use.
Thankfully, Windows lets you easily take away this advertising ID altogether. When you do this, your ads will become generic and no longer be personalized.
Navigate to Settings > Privacy & security > General and deactivate “Let apps show me personalized ads by using my advertising ID.” While you’re at it, you should also consider toggling off “Let websites show me locally relevant content by accessing my language list,” which enables companies to know which languages you know and potentially where you are located.
Review app permissions
When you set up a new app, you typically grant it a few permissions to, say, use your device’s webcam for video calls or track your location for sending you weather alerts. However, many apps continue to misuse their access in the background to covertly collect your data and track your activities. So, unless you are actively using an app, it’s best to revoke their permissions, and only grant them back once you have a need for them.
You can visit Settings > Privacy & security and scroll down to the “app permissions” section. Pick a permission like location and inside, turn off the toggle next to an app to prevent them from accessing it. You can also toggle the master switch to ban all apps from reading your location, contacts, or any other sort of data.