Microsoft’s Windows 10 is rapidly replacing older operating systems in both personal and professional environments. As with any OS, however, there are several key things you need to know upfront. The addition of unique advertising IDs that inject Microsoft ads into your browser, recommended express privacy settings and cloud syncing of personal information can inadvertently overshare your sensitive data if you don’t take precautions.

Nine Tips to Stay Secure

Here are my top nine tips to help you maintain the appropriate level of privacy and security with your own Windows 10 installation.

1. Turn Off Ad Tracking

By associating a unique advertising ID with each account, Microsoft collects information to create personalized ad experiences across platforms. While that sounds good in theory, it is borderline creepy in practice. These ads will follow Windows 10 users from one device to another.

To disable the feature, go to the Privacy Settings menu and turn off General > “Let apps use my advertising ID for experiences across apps.” If you want to get rid of ads following you around on your browsers, head to Microsoft’s advertising opt-out page. You will also have to adjust your Bing account settings on the web to clear your Cortana history. If you’d like to disable built-in ads for Microsoft’s cloud service, navigate to View > Options in File Explorer. Scroll down and turn off the option for “Show sync provider notifications.”

2. General Annoyances

You should always use the custom setup install. The latest Windows has some really lousy default express settings for privacy, such as automatic hotspot connection, bad personalization and browser protection choices, error reporting and location awareness assumptions. You can always change these later, but why start out aggravated? Also, if you can choose the Pro version rather than Home, you can make changes to your individual policy settings using the GPEDIT.MSC tool, which is installed on the former but not the latter.

One more thing: You’ll find the Active Hours in the Settings menu, under Update & Security > Windows Update > Change Active hours. You can only designate up to 12 hours as active. Windows will not restart your device to install updates during these hours.

3. Avoid Edge Browsing

Microsoft’s Edge browser has gotten some big improvements, such as plug-in support and ad blockers, in the latest build. However, unless you are an absolute Microsoft fanboy, you should stick with another browser. “Microsoft is getting closer to providing a browser on Windows that could convince many to switch from Chrome,” according to The Verge. However, reports show that Edge is still not very secure.

4. Do You Really Need Cortana?

Speaking of which, with Anniversary Edition, you can’t turn Cortana completely off, because it now encompasses both desktop search and the personal digital assistant. But there are some things you can do to protect your privacy, depending on how much you want to use voice commands on your PC. If you navigate to Settings > Privacy > Speech, inking and typing menus, you can click on the “Get to know you” box to turn this off. Of course, this means the system won’t learn your voice commands.

5. Lock Screen Security

A set of features added to Windows for convenience might be a security issue,. For this, you want to visit the settings that affect the lock screen that you see when you first boot up your PC. To make it more secure, open the Settings menu and go to System > Notifications & actions and turn off “Show notifications on the lock screen.”

You’ll also want to go to the Settings screen > “Use Cortana even when my device is locked” and turn that off, and turn off the setting that lets Cortana access your calendar, email, messages and Power BI when your device is locked.

6. Turn Off Location Services

When you first set up Windows, it asks if you want to turn location services on globally. If you go into the Settings > Privacy section, you will see a set of choices for more granular control over location services. You can enable it for your login account and particular apps, and also clear location history on your PC.

7. Make Sure Defender Is Running

If you use Defender, make sure it is still running. Defender will turn itself off if it detects a third-party antivirus tool. You can check its status under the Update and Security settings. It sometimes forgets to turn itself back on — or takes a few days to remember — if you remove the other tool.

8. Enable Smart Screen

The one express setting that you probably want to leave turned on is Smart Screen, which is Windows’ method of protecting you from potential harm inflicted by unrecognized apps. It actually has three choices that you can revisit when you bring up System and Security > Security and Maintenance controls. To force admin approval before running these apps, just bring up a warning dialog box, or turn it off completely. You’ll probably want to leave it on the most restrictive setting.

9. Additional Steps

There are a number of other settings to consider adjusting. For example, you can limit which particular apps can access your camera and microphone. Similarly, you can limit the amount of diagnostic and usage data that Microsoft collects from your computer, although you can’t completely shut this feature down.

You can also revoke apps’ access to your Microsoft account info and control which apps you wish to run in the background. Some apps may be leaking information about your activities without your knowledge, so if you are ultra paranoid, this is for you.

Protect Your Digital Privacy in Windows 10

Windows 10 has introduced several new features that could pose a threat to digital privacy. While these tips are a good starting point, remember that future updates may add or change features, so always pay attention to the Windows Update notes to make sure you’re not giving away more than you should.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read