Answer the question
In order to leave comments, you need to log in
How to improve the security of Windows 10 Home?
There is a powerful computer with a licensed boxed version of Windows 10 Home (v1703) without antivirus (the built-in Defender is included). The goal is to improve security. The person who will use this computer is quite literate, but, as practice shows, sometimes anything can happen. Flash drives, CD / DVD, cards, etc. are not used, so there are no problems from this side - only the Internet remains, which is behind NAT and a router with a dynamic IP.
What can be done to improve security against Internet threats?
What is done:
Answer the question
In order to leave comments, you need to log in
So, you have clarified the question, so I will write specifically.
1. Set up the Windows firewall in paranoid mode, cutting off everything that should not have access to the Internet and from the Internet.
2. If the router has a firewall, set it up in the same way.
3. Regularly install updates manually (or centrally, as a last resort) or enable auto-updates.
4. If the computer is in a domain, disable using group policies and AppLocker to start applications from non-system and Program Files folders. Restrict the circle of users who have access to this computer. Ideally, the domain administrator and user account should have access.
5. Disable the default Administrator, create an account with the same username and complex password. Of course, you need to create another administrator with an even more complex password.
It seems to be everything, but if paranoia has already broken out, then you can still buy IDS: D
Additionally - specify Yandex servers or similar services
as DNS .
Put an adblock on the browser.
Enable standard system file protection and set up a system backup so that you can recover at any time.
Backup must be done under a different account.
Administrator and user should not have access to the backup folder.
What can be done to improve security against Internet threats?
Install an ad blocker in your browser. And let him learn not to click anywhere.
I will add Artem to the answer , in addition to setting up a system backup, teach the user how to backup user data, perhaps add some kind of automation to him in this regard. In the clouds, on removable media - to taste. If this is a home computer, then the system will not be reinstalled for long, and working documents or favorite pictures will be lost - there will be trouble.
The built-in antivirus is good. It does its job silently and decisively )))
However, there are users who run ransomware themselves and answer the question "Do you want to destroy all your files?" always answer YES!
From my practice, NOD32 performed well in silent paranoia mode. It is quite inexpensive. According to the logs, I see how it blocks attempts to download / run another surprise. In general, I am 90% satisfied. Sometimes it starts blocking the necessary sites due to security certificates. It is solved by updating, kicking the admin of that site or adding the desired site to the white list.
And yet, no protection will help protect the user from the desire to shoot himself in the foot. Reserve leg only. As it was correctly written here, access to the backup should be denied to all users except for the special backup operator.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question