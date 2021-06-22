Compared to the older versions, Windows 10 is much more secure. But with a few tips from the BSI, attacks can be avoided even better.

“Hardening” Windows 10 – that is the declared aim of the new usage guidelines of the Federal Office for Information Security (BSI). Although the system is already considerably better protected against attacks than its predecessors, they are intended to further increase the security of Windows in public authorities and companies. But there are also some useful tips for private users.

They shouldn’t be put off by the fact that most of the measures are clearly aimed at administrators of large computer networks. The auditors had pre-buttoned the Windows version, which is intended for authorities and is provided with updates for longer and is not even available to private customers. In addition, many of the guidelines can be implemented primarily by users with a high level of technical knowledge. But: The most basic recommendations can also be used by everyone in everyday life.

These are the most basic security recommendations for Windows 10

Not working as an admin: Probably the most important setting is completely normal in companies, but still the complete exception for private users. It is a matter of separating the user and administrator accounts. Because as an admin you can do a lot of mischief – and viruses also use this possibility to some extent. If you separate this authorization in a separate account, the security increases massively. You can also create a new account with administrator rights and then revoke these rights from the previous account. So you don’t have to set everything up again. The option can be found in the system settings under User accounts.

Rely on secure software: Even if Windows now comes with a whole range of applications – very few can manage without additional software. However, special caution is required here, warns the BSI. It is best to obtain software from specialist retailers, one advises in the best official German. Since this also means online offers, the recommendation is in plain language: Programs should only be installed from trustworthy sources. As a further hurdle for attacks, the BSI also recommends loading them only via encrypted connections. The aim is to prevent malicious code from being injected into the download. However, private users have less to worry about.

Only the most necessary: In general, it is advisable to keep the number of installed programs small, according to the BSI. “Each additional software component offers an additional attack surface,” is how the experts summarize the danger posed by programs and plug-ins. This is also the case if you follow the advice on the safe origin of the software. Finally, every additional program can also lead to further security gaps.

Always keep fresh: In order to reduce the risk of infections, it is important to always install all updates – and not just for the operating system. All third-party programs and plugins should also always be up to date, according to the experts. “Like the operating system itself, installed applications can have open security holes that can completely compromise the entire system.”

Passwords – but correct: The BSI has also recognized the incorrect use of passwords as a security problem for Windows. Because: Anyone who has access to the administrator password can take over complete power over the PC. If passwords are used multiple times or if they are too light, they can appear in databases that are used by the malware to guess the passwords. You can find out what a good, secure password looks like here.

But the experts also have a clear recommendation when saving passwords on the computer: Saving them as plain text, for example in digital notes or in some browsers, should definitely be avoided. In order to keep track of the chaos, you should use a password manager. You can find an overview of Stiftung Warentest here.

No more data collection: The BSI experts also want to protect users from Windows manufacturer Microsoft. With Windows 10, the group began to collect extensive data on its users. This can be prevented: In the settings under the item data protection, the so-called telemetry data collection can be switched off for the most part.

More tricks for professionals

Many of the other safety recommendations are aimed at users who are very familiar with the subject matter. For example, the BSI recommends using virtualization solutions wherever possible. A virtual PC is simulated in its own operating system with special software, on which the programs are then executed. The advantage: If the virtual computer is infected, the malware cannot break out and has no access to critical data outside of the virtualization.

It can also make sense to use the tightened installation control via WDAC. It allows only programs to be run that have been previously signed as approved.

However, since these solutions require a certain amount of expertise, they are likely to be too expensive for most everyday users – measured in terms of added value.