Windows 10 version 1703 and above have come with multiple security features that is very hard to find and exploit vulnerabilities, the features are designed and developed to banish any class of vulnerabilities, break any exploitation method, protect from heavy damages and restrict any exposure to exploitations.
10 built in Windows 10 Security Feature
Windows Defender Smart Screen :
When a software is downloaded from internet, Windows Defender SmartScreen checks the reputations or Character of the application by crossing with Microsoft library and responds that software is malicious software or genuine. Even if the file is copied from another PC, software are scanned and cross checked with Microsoft Library.
Credential Guard:
It Guards against attackers, who try to gain access to systems through PASS-THE-HASH or PASS-THE-TICKET attacks.
Enterprise Certificate Pinning:
Prevents from meddle man attacks that uses PKI. Enables to protect internal domain name from binding to unwanted Certificates.
Device Guard:
keeps devices protected from running malware, suspicious software and untrusted applications.
Microsoft Defender AntiVirus :
Defend again virus and Malwares.
Blocking of untrusted fonts:
Blocks untrusted Fonts that being downloaded and releasing into the network, where these files may contain malicious and gets elevated access to attack the network.
Memory Protection:
prevents malware trying to gain control over memory which cause Memory manipulation.
UEFI Secure Boot :
Protects from Bootkits and Rootkits.It helps to protect the boot process and firmware against tampering.
Early Launch AntiMalware (ELAM):
it enables antimalware solution to start before any non Microsoft drivers and applications, if any changes in drivers, ELAM will stop those drivers loading into OS, thus protect from drivers based rootkits
Device Health Attestation:
Check the devices that are connecting to Corporate network are in good health and have not compromised to malware, rootkits and Bootkits.
10 built in Windows 10 Security feature list are enabled based on your needs, If Windows 10 is personal use computer, recommend to enable Windows Defender Smart Screen, Credential Guard, Microsoft Defender Virus and UEFI Secure Boot
How to setup and Enable Windows Defender Smart Screen?
Microsoft Windows Defender Smart Screen is available with Windows 10 Version 1703 onwards. Before looking for this feature, check your Windows version installed on PC. In search bar Type in “Settings” select setting, then Type in search “About your PC” then look for Windows specifications.
In Search bar type in “Windows Security” open the app then Select App & Browser Control then Reputation Base protection settings.
- Check apps and files section
Turn ON: Downloading of apps and files from internet will be potentially dangerous- A Warning message pops up – Should Allow to download or block it |
- Microsoft Defender SmartScreen for Microsoft Edge
Turn ON : While using Microsoft Edge browser, attempt to download files and apps will see an gerous- A Warning message pops up – Should Allow to download or block it |
- Potentially unwanted app blocking area:
Turn ON : Blocks download of apps and other downloads in Microsoft edge browser ( Based on Chromium) |
- Microsoft Defender SmartScreen from Microsoft Store apps
Turn ON : Warns users if apps are potentially dangerous hosted in Microsoft store apps, but allows to continues to download |
Microsoft Defender SmartScreen can be configured to warn users visiting potential sites which has malware and dangerous. user can report about sites if they are unsafe, by clicking on send feedback and then to report unsafe site
How to setup and enable Microsoft Defender Antivirus?
In Windows 10 and Windows 11 Microsoft Defender Antivirus is installed along with operating system. The Antivirus services are enabled as OS boots up. one good feature of this Antivirus, if you have installed any third party antivirus, if subscription is expired or intent to uninstall antivirus, Microsoft defender antivirus is turned on and starts to protect your computer.
Please note that Windows Defender Antivirus renamed to Microsoft Defender Antivirus in Windows 10 version 2004.
Microsoft Defender Antivirus protect against Virus’s, spyware, malware, software’s, web injectors and scans USB flash drives when connected to PC.
Turning off Microsoft Defender Antivirus is temporary time period of boot up pc, once the computer reboots the service will turn on.
Microsoft Defender Antivirus scans a PC, if found any virus and malwares it will compare the data with its cloud server and returns a results of threat level of infection from those dangerous files. it will soon take action to quarantine or delete those infected files before spreading across pc and network. it maintenance database of these infected file type list to match and mark the severity of infection. Microsoft Defender Antivirus has a round robin action 1) Behavior-based, heuristic, and real-time antivirus protection. 2) Cloud-delivered protection 3) Dedicated protection and product updates.
All three are interlinked and keeps updating the database and protect PC against any new kinds of threats.
How UEFI Secure boot protect against threats?
Unified Extensible Firmware Interface (UEFI) is interface between operating sytem and firmware, bios.
Secure boot feature of UEFI enabled, it detects tampering with bootloaders,OS files,drivers and ROMS.
Secure boot: UEFI firmware and Trusted platform Module can be configured to load trusted operating system boot loaders.
Trust Boot : Windows 10 checks integrity of every module during startup process.
ELAM : tests all drivers before loading and prevent unapproved drivers.
If you need more in depth information about these security features, refer to Microsoft docs
Does Windows 10 require antivirus?
I don’t think Windows 10 require antivirus, the build in Windows firewall is good to protect against any kind of attacks.
Is Windows Defender enough to protect my PC?
Yes Windows Defender protect your PC
Is Windows Defender free with Windows 10?
Every Windows 10 has Defender and come free, as this is in built and during operating system installation Defender is installed by default.