Essential Settings for Securing Windows 10 Computers

Essential Settings for Securing Windows 10 Computers. While Windows 10 is touted as the most secure operating system released by Microsoft to date, in the realm of cybersecurity, there’s no single comprehensive solution for security. Hence, here are best practices that I guide to help make your Windows 10 computer safer and reduce the risk of potential attacks.

Essential Settings for Securing Windows 10 Computers

Removing Flash from Windows 10

Due to numerous security issues, most modern browsers have stopped supporting Flash content long ago. Therefore, Microsoft discontinued support for Adobe Flash Player as of January 2021.
If your computer still has Flash installed and hasn’t been removed, it’s advisable to do so promptly. Apart from freeing up memory space on your computer, uninstalling Adobe Flash Player helps prevent potential security threats due to new vulnerabilities.

Uninstalling Flash via Windows Update (KB4577586)

Windows Update KB4577586: This update will automatically remove Adobe Flash Player from your computer. Microsoft has released this fix as part of a cumulative Windows update. If you haven’t installed this update, you can manually download it from the Windows Update catalog.

Running the update and following the on-screen instructions will remove Flash Player from your computer.

Using the Flash Player Uninstaller Tool

Adobe provides an easy way to uninstall Flash Player from Windows via a dedicated removal tool. To use it, first download the tool here.

Before running the installer, ensure all programs, including browsers using Flash, are closed. Then run the installer and click “Yes” when prompted by UAC (User Account Control).

Finally, click “Uninstall” and then “Restart” to complete the removal of Flash Player.

After rebooting, press Windows + E to open File Explorer. In File Explorer, copy and paste the path below into the Quick Access bar to navigate to the directories.

C:\Windows\system32\Macromed\Flash
Delete all files in this folder. Next, repeat these steps by accessing the following locations.

C:\Windows\SysWOW64\Macromed\Flash
%appdata%\Adobe\Flash Player
%appdata%\Macromedia\Flash Player
After removing Flash from your computer, it’s necessary to remove it from your web browser. While modern browsers don’t support Flash content, your browser might still have the Flash plugin enabled. Here’s how to remove Flash from web browsers.

Disabling Flash plugin in Web Browsers

Google Chrome
Step 1: Open Chrome and access Menu > Settings from the options.

Step 2: Then, select the “Privacy and Security” tab from the left pane and click on “Site Settings” in the right pane.

Step 3: Find “Content” below and disable the Flash option.

Mozilla Firefox
Step 1: Launch Firefox, type About:addons into the address bar, and press Enter.

Step 2: The Plugin tab will open; on the left pane, find the Flash add-on, then click the dropdown and choose “Never Activate.”

For the Chromium-based Microsoft Edge browser, users need not disable Flash as it’s already turned off by default. The Flash option might not be available in the latest Chrome and Firefox versions; in such cases, manual disabling might not be necessary.

Creating Restore Points

Consider Restore Points as a system snapshot allowing you to restore Windows to a previous functioning state by undoing system changes. Although this feature is available across all Windows versions, it needs to be enabled from the System Properties dialog box.
When enabled, Windows will automatically create Restore Points when you install new software or Windows updates. However, before making significant system changes like editing the Registry or hardware changes, manually creating Restore Points is advisable.

Activating BitLocker Encryption

Windows 10 Pro and Enterprise editions come with a drive encryption tool called BitLocker. This data protection feature integrated into Windows safeguards data from theft or unauthorized access by encrypting the storage drive.
BitLocker utilizes TPM (Trusted Platform Module) technology to enhance data security, providing optimal security when the system is offline. On systems without TPM, you’ll need to use a PIN or a USB startup key to boot the encrypted computer.

For Windows 10 Home users, installing alternative encryption tools like VeraCrypt, DiskCryptor, etc., is necessary. Regardless of the encryption tool used, encrypting the entire disk is mandatory to secure endpoints.

Installing Apps from Secure Sources

Installing apps from third-party sources or outside the Microsoft Store might pose risks for users. To minimize risks, you can configure Windows 10 to warn when installing an app not from the Microsoft Store. Here’s how:
Step 1: Access Start menu > Settings > Apps.

Step 2: Click on the dropdown under “Choose where to get apps” in the right pane and choose “Anywhere, but warn me before installing an app that’s not from Microsoft Store.”

Avoid Copyright Violations

Copyright-violating content such as pirated movies and software are common sources of malware. When downloading any software, media content, or documents, ensure you download from trusted sources. Trusted sources include the Microsoft Store and the official stores of software developers and distributors.

Update Windows 10 and Other Apps

Microsoft has activated automatic updates for Windows 10. However, due to various reasons, some users choose to delay Windows updates, which increases the system’s security risk.

Therefore, installing security patches to protect your system from threats on Windows 10 is essential. Even if your computer runs anti-malware software, new security flaws are discovered daily.

Besides Windows updates, ensure all installed applications on your computer are updated. Older applications are more susceptible to cyberattacks, and installing updates ensures you have the latest security patches and performance improvements.

Uninstall Unnecessary and Unused Apps

There might be apps that you haven’t used for an extended period. Apart from consuming storage space, unused programs could pose a security risk if new issues are discovered.
To uninstall unused apps in Windows 10, access the Start menu, type “Control Panel” in the Search box, then click on the corresponding result.

In the displayed Control Panel window, access “Programs and Features” to view the list of installed software and apps on your computer. Browse through the list, select programs or apps not used for a long time, and click “Uninstall” to remove them from your computer.

Enable Controlled Folder Access

Controlled Folder Access is part of Microsoft Defender Antivirus. This tool provides protection against ransomware attacks by preventing malicious software from encrypting data and making unwanted changes.
When activated, Controlled Folder Access can monitor any application attempting to modify files in the protected folder without permission. It will block the attempt and alert you to suspicious activities. Here’s how to enable this feature:

Step 1: Access Start menu > Settings > Updates & Security > Windows Security.

Step 2: Click “Virus & threat protection” under Windows Security in the right pane.

Step 3: In the displayed Windows Security window, scroll down to “Ransomware protection,” then click on “Manage ransomware protection.”

Step 4: Activate the “Control Folder Access” feature and click “Yes” if prompted for confirmation.

Once you’ve added the folders that need protection, the ransomware protection feature will monitor new locations for suspicious activity. Click on “Block history” under “Controlled Folder Access” to view all blocked actions.

Segregate Personal and Work Computers

Using a single computer for both personal and work purposes might seem convenient. However, if you’re using a laptop controlled by your company with administrative access, privacy concerns will always be a significant issue. Moreover, a compromised work computer might jeopardize both work and personal data, or vice versa. Therefore, it’s best to store personal and work-related data on separate devices.

Thus, ensuring computer safety isn’t overly complex, as Windows 10 comes with numerous built-in security features that can help you avoid potential risks of having personal information stolen.

Essential Settings for Securing Windows 10 Computers. Beyond the solutions mentioned above, there are still other methods you might consider when securing your computer, such as enabling the firewall, installing third-party security and antivirus solutions, using VPNs, and implementing two-factor authentication.