如果您最近购买了Windows 10机器或将您的 PC 升级到Windows 10，您可能想知道操作系统^{(operating system)}的安全性如何。幸运的是，默认情况下，Windows 10比 Windows 7 和Windows 8.1更安全。它具有许多有助于阻止^{(help block)}病毒和恶意软件感染的新安全功能。如果您使用较新的硬件，则尤其如此。

尽管Windows 10更安全，但仍有更多空间来提高安全性。在这篇文章中，我将只讨论Windows中的各种设置，您可以配置这些设置以使Windows更安全。我不会提及任何第三方程序，如防病毒、反间谍软件等。有关其他安全提示，您应该查看我的帖子，了解如何保护自己免受黑客和间谍软件的侵害。

Windows 10 隐私设置

每当我设置新的Windows 10机器时，我做的第一件事就是关闭Microsoft包含在Windows 10中的所有跟踪功能。不幸的是，这是一个不比旧版本Windows更好的领域。

Windows 10 有几个功能可以连接回Microsoft，即使它们不会导致您被黑客入侵或感染病毒，它们仍然有点令人不安。由于Cortana^(Cortana) ，我真的希望Microsoft一直知道我在计算机上输入的内容或一直在听房间里的所有内容吗？并不真地。

当您第一次安装Windows^(Windows)时，这样做要容易得多，因为您可以单击自定义^(Customize)并一次性禁用所有内容。显然，如果您无法重置或重新安装 Windows^{(reset or reinstall Windows)}，您可以手动更改设置。

为此，请转到设置^(Settings)，然后单击隐私^(Privacy)。您会在左侧找到一大堆项目以及右侧的开/关^(Off)选项。我真的把所有东西都关了^(Off)，只有在遇到需要特定权限的应用程序时才打开。

启用自动更新

如果您运行的是Windows 10，则绝对应该启用自动更新。它应该默认启用，但无论如何检查都是个好主意。单击^(Click)开始，键入Windows Update，然后单击Windows ^(Start)Update 设置^{(Windows Update settings)}。

这将带您进入Windows Update上的^{(Windows Update)}“设置”^(Settings)对话框。单击^(Click)Advanced Options并确保下拉框显示Automatic (recommended)^{(Automatic (recommended))}。

此外，请务必在我更新 Windows 时检查为其他 Microsoft 产品提供更新^{(Give me updates for other Microsoft products when I update Windows)}。如果您安装了Office ，这一点尤其重要，因为它也会安装所有与Office相关的安全和功能更新^{(security and feature updates)}。

启用 Windows Defender

同样，这应该启用，但要检查，请单击Start，然后单击Settings和Update & Security。单击^(Click)Windows Defender并确保启用了以下三个设置：实时保护^{(Real-time protection)}、基于云的保护^{( Cloud-based protection)}和自动样本提交。 ^{( Automatic sample submission. )}

几个月来，我一直只在我的Windows 10 机器上使用^(Windows)Windows Defender，并且无需安装任何第三方防病毒或反恶意软件。Windows Defender在保护您的计算机方面做得很好，它内置在Windows中，这很棒。

启用 Windows 防火墙

如果您真的想控制您的计算机与网络上其他设备的通信方式，内置的Windows 防火墙是一项非常强大的功能。^{(Windows firewall)}但是，默认设置对大多数人来说都可以正常工作。默认情况下，允许所有出站通信通过防火墙。

入站连接由一个列表控制，您可以在其中选中或取消选中允许通过防火墙的程序。首先^(First)，单击开始^(Start)，键入防火墙^(firewall)，然后单击Windows 防火墙^{( Windows Firewall)}。

如果您的屏幕显示带有复选标记的绿色盾牌，则表示防火墙已打开。如果没有，请单击打开或关闭 Windows 防火墙^{(Turn Windows Firewall on or off)} 以启用它。接下来，您应该单击允许应用程序或功能通过 Windows 防火墙^{(Allow an app or feature through Windows Firewall)}来选择应该可以通过防火墙免费访问的程序。

您会注意到有两列带有复选标记：Private和Public。查看我在Windows 10网络和共享中心^{(Network and Sharing Center)}上的帖子，了解公共网络和专用网络之间的区别。您可以从“公共”^(Public)列中取消选中的项目越多，您的安全性就越高。文件和打印机共享^{(File and Printer Sharing)}或Netlogon 服务^{(Netlogon Service)}等项目永远不应在Public 列^{(Public column)}中进行检查。您必须使用Google找出可以取消选中的项目。

取消选中名称中包含“ Remote^(Remote) ”的任何内容也是一个好主意，例如Remote Assistance、Remote Desktop等。除非您远程连接到您的计算机，否则您可以取消选中所有这些程序/服务的Private和Public列。

高级共享设置

当您在网络和共享中心^{(Network and Sharing Center)}时，您还应该配置高级共享设置^{(Advanced Sharing Settings)}。向下滚动到文章的高级共享设置^{(Advanced Sharing Settings)}部分。为了快速查看，您应该选择以下设置以实现最大安全性。如果需要，请相应地调整它们。^(Adjust)

私人的

• 关闭^(Turn)网络发现^{(network discovery)}（仅当您从未使用此 PC 访问网络上的其他设备时）
• 关闭文件和打印机共享
• 允许 Windows^{(Allow Windows)}管理家庭组^(HomeGroup)连接

客人或公众

• 关闭网络发现
• 关闭文件和打印机共享

所有网络

• 关闭公用文件夹共享
• 关闭^(Turn)媒体流（仅当您需要将内容从 PC 流式传输到设备时才启用）
• ^(Use)对文件共享^{(file sharing)}连接使用128 位加密
• 打开受密码保护的共享

用户帐户控制 (UAC)

UAC在Windows中已经存在很长时间了。如果您一直不喜欢那些讨厌的提示，您将始终在Internet上阅读有关如何禁用UAC的文章。^(UAC)在我看来，我不会经常得到它们，而且为了一点点方便而降低计算机的安全性是不值得的。

单击开始，输入UAC，然后单击更改用户帐户控制设置^{( Change User Account Control Settings)}。默认情况下，滑块应位于仅当应用程序尝试对我的计算机进行更改时通知我^{(Notify me only when apps try to make changes to my computer)}，但如果您能忍受，您应该尝试始终通知。^{(Always notify)}

如果您访问性质粗略的网站，这绝对是一个不错的选择。将UAC^(UAC)保持在最高设置将防止在未经您同意的情况下对您的计算机进行某些更改。

使用本地帐户

自Windows 8以来，微软^(Microsoft)一直在推动用户使用他们的微软帐户^{(Microsoft account)}登录。这有一些好处，比如两个因素，并且能够将您的桌面同步到任何计算机，但它也有缺点。首先，我不想让Microsoft知道我何时登录我的计算机或其他任何^{(computer or anything)}关于我计算机的信息。

其次，如果我的Microsoft 帐户^{(Microsoft account)}被黑或其他原因怎么办？我是否必须担心有人能够远程登录我的计算机等？无需担心所有这些，只需像使用Windows 7及更早版本一样使用本地帐户即可。为此，请单击开始^(Start)，键入帐户^(account)，然后单击管理您的帐户^{( Manage your account)}。

单击使用本地帐户登录链接^{(Sign in with a local account instead link)}并按照步骤操作。你会从微软^(Microsoft)那里得到一些关于你为什么不应该这样做的警告，但忽略它们。您的计算机不会发生任何不好的事情。

使用锁定屏幕

如果您想保护您的计算机安全^{(computer secure)}，您应该确保在您不在时自动锁定屏幕。为此，请单击Start，键入lock screen并选择Lock screen settings。

单击屏幕超时设置^{(Screen timeout settings)}并选择适合您的适当值。此外，请注意您在锁定屏幕上^{(lock screen)}允许哪些应用程序，因为其他人无需输入密码即可访问该信息。

安全启动和 UEFI

如果您有一台较新的计算机，则应确保启用安全启动和 UEFI^{(boot and UEFI)}而不是旧版BIOS。这些选项在BIOS中已更改，因此您必须先谷歌搜索才能进入BIOS，然后启用这些设置。

值得注意的是，您可能有也可能没有计算机上的安全启动^{(secure boot)}选项。此外，如果您从LEGACY+UEFI切换到仅UEFI并且您的计算机无法^{(computer doesn)}启动，则只需返回BIOS并将其更改回来。

禁用 Flash 和 Java

所有计算机面临的两个最大威胁是Flash 和 Java^{(Flash and Java)}。从字面上看，每周都会在其中一个平台中发现一个新的安全漏洞。^{(security vulnerability)}大多数网站已经超越了Flash，因为现在所有主要浏览器都支持HTML 5 。

我的建议是禁用Flash 和 Java^{(Flash and Java)}，然后正常使用您的计算机。像我一样，您可能会发现您从一开始就不需要安装任何一个。

查看我之前关于如何在Microsoft Edge中禁用^{(Microsoft Edge)}Flash的帖子。如果您仍在使用Internet Explorer，只需单击齿轮图标，然后单击Internet Options、Programs，然后单击 Manage Add-ons^{(Manage Add-ons)}。

在Show下，选择All add-ons，然后右键单击Shockwave Flash Object并选择Disable。如果您使用的是Google Chrome，请在地址栏中输入^{(address bar)}chrome://plugins，然后单击Adob​​e Flash Player下的禁用^(Disable)。

对于Java，只需转到控制面板^{(Control Panel)}、程序和功能^{(Programs and Features)}并卸载当前安装在您计算机上的任何Java 版本。^{(Java version)}您还可以阅读我关于如何在Windows 和 Mac中卸载或禁用^{(Windows and Mac)}Java的帖子。

加密硬盘

最后，如果您想要 PC 的最大安全性，您应该加密整个硬盘驱动器。加密比在线威胁更能防止有人窃取您的计算机或物理访问您的计算机，但它仍然很重要。

我写了一篇关于如何在Windows中使用^(Windows)BitLocker加密硬盘的详细文章。如果您有一台CPU速度很快的计算机，则加密不会对速度产生明显影响。如果您有一台较旧的计算机，除非您升级硬件，否则我可能会避免使用加密。

总体而言，如果您遵循上述所有步骤，您的身体应该会非常好。但是请记住^(Remember)，无论您的计算机上有什么安全措施，访问错误的网站都会对您造成伤害。一个不错的选择是使用Chrome ，因为它会在您访问恶意^(Chrome)网站或下载^{(website or download something)}有害内容之前尝试警告您。享受！

[Guide] How to Secure Windows 10

If you’ve recently bought а Windows 10 maсhine or upgraded your PC to Windows 10, you mіght be wondering how secure thе operating system is. Luckily, by default, Windows 10 is more secure than Windows 7 and Windows 8.1. It has a lot of new security features that help block viruses and malware infections. This is especially true if you arе usіng newer hardware.

Even though Windows 10 is more secure, there is still more room for additional security. In this post, I’m only going to talk about various settings in Windows that you can configure to make Windows more secure. I won’t be mentioning any third-party programs like anti-virus, anti-spyware, etc. For additional security tips, you should check out my post on how to protect yourself from hackers and spyware.

Windows 10 Privacy Settings

The first thing I do whenever I setup a new Windows 10 machine is to turn off all the tracking features that Microsoft included with Windows 10. Unfortunately, this is one area that is not better than older versions of Windows.

Windows 10 has several features that connect back to Microsoft and, even though they are not going to cause you to be hacked or get a virus, they are still a little unsettling. Do I really want Microsoft knowing what I’m typing on my computer all the time or listening to everything in the room all the time because of Cortana? Not really.

This is much easier to do when you first install Windows because you can click Customize and disable everything all at once. Obviously, if you can’t reset or reinstall Windows, you can manually change the settings.

To do this, go to Settings and then click on Privacy. You’ll find a whole slew of items on the left side along with their On/Off options to the right. I literally have everything to Off and only turn something on if I run into an app that requires a certain permission.

Enable Automatic Updates

If you’re running Windows 10, you should definitely enable automatic updates. It should be enabled by default, but it’s a good idea to check anyway. Click on Start, type in Windows Update and then click on Windows Update settings.

This will bring you to the Settings dialog on Windows Update. Click on Advanced Options and make sure the drop-down box says Automatic (recommended).

Also, make sure to check the Give me updates for other Microsoft products when I update Windows. This is especially important if you have Office installed as it will install all Office-related security and feature updates too.

Enable Windows Defender

Again, this should be enabled, but to check, click on Start, then Settings and Update & Security. Click on Windows Defender and make sure the following three settings are enabled: Real-time protection, Cloud-based protection, and Automatic sample submission. 

I’ve been using only Windows Defender on my Windows 10 machine for many months and haven’t had to install any third-party anti-virus or anti-malware software. Windows Defender does a great job of protecting your computer and it’s built right into Windows, which is great.

Enable Windows Firewall

The built-in Windows firewall is a very powerful feature, if you really want to control how your computer communicates with other device on the network. However, the default settings will work fine for most people. By default, all outbound communication is allowed to pass through the firewall.

Inbound connections are controlled by a list where you can check or uncheck which programs are allowed through the firewall. First, click on Start, type in firewall and then click on Windows Firewall.

If your screen shows green shields with check marks, that means the firewall is On. If not, click on Turn Windows Firewall on or off to enable it. Next, you should click on Allow an app or feature through Windows Firewall to pick the programs that should have free access through the firewall.

You’ll notice there are two columns with check marks: Private and Public. Check out my post on the Network and Sharing Center in Windows 10 to learn the difference between public and private networks. The more items you can uncheck from the Public column, the better your security. Items like File and Printer Sharing or Netlogon Service should never have a check in the Public column. You’ll have to Google to figure out which items you can uncheck.

It’s also a good idea to uncheck anything that has “Remote” in the name like Remote Assistance, Remote Desktop, etc. Unless you connect to your computer remotely, you can uncheck both the Private and Public columns for all of these programs/services.

Advanced Sharing Settings

While you are in the Network and Sharing Center, you should also configure the Advanced Sharing Settings. Scroll down to the Advanced Sharing Settings section of the article. For a quick review, here is what you should choose for the settings for maximum security. Adjust them accordingly if you need to.

Private

• Turn off network discovery (Only if you never access other devices on your network using this PC)
• Turn off file and printer sharing
• Allow Windows to manage HomeGroup connections

Guest or Public

• Turn off network discovery
• Turn off file and printer sharing

All Networks

• Turn off public folder sharing
• Turn off media streaming (enable only when you need to stream content from the PC to a device)
• Use 128-bit encryption for file sharing connections
• Turn on password protected sharing

User Account Control (UAC)

UAC has been around in Windows for a long time now. You’ll always read articles on the Internet explaining how you can disable UAC if you don’t like those pesky prompts all the time. In my opinion, I don’t get them that often and it’s not worth making your computer less secure just for a minor convenience.

Click on Start, type in UAC and then click on Change User Account Control Settings. By default, the slider should be at Notify me only when apps try to make changes to my computer, but you should try Always notify if you can bear it.

This is definitely a good option if you visit websites that are sketchy in nature. Keeping UAC to the highest setting will prevent certain changes from being made on your computer without your consent.

Use a Local Account

Since Windows 8, Microsoft has been pushing users to login using their Microsoft account. This has some benefits like two-factor and being able to sync your desktop to any computer, but it also has downsides. Firstly, again, I don’t want Microsoft knowing when I’m logging into my computer or anything else about my computer.

Secondly, what if my Microsoft account gets hacked or something else? Do I have to worry about someone being able to remotely log into my computer, etc.? Instead of worrying about all of that, just use a local account like you were with Windows 7 and earlier. To do that, click on Start, type account and then click on Manage your account.

Click on the Sign in with a local account instead link and follow the steps. You’ll get some warnings from Microsoft as to why you shouldn’t do this, but just ignore them. Nothing bad will happen to your computer.

Use a Lock Screen

If you want to keep your computer secure, you should make sure the screen is locked automatically when you’re not around. To do this, click on Start, type lock screen and select Lock screen settings.

Click on Screen timeout settings and select an appropriate value that works for you. Also, be careful which apps you allow on the lock screen as others will be able to access that information without entering a password.

Secure Boot & UEFI

If you have a newer computer, you should make sure that you enable secure boot and UEFI instead of legacy BIOS. These options are changed in the BIOS, so you’ll have to Google around to get into the BIOS first and then enable these settings.

It’s worth noting that you may or may not have the option for secure boot on your computer. Also, if you switch from LEGACY+UEFI to just UEFI and your computer doesn’t boot, just go back into the BIOS and change it back.

Disable Flash and Java

Two of the biggest threats to all computers are Flash and Java. Literally, every week there is a new security vulnerability found in one of these platforms. Most websites have moved beyond Flash because HTML 5 is now supported in all major browsers.

My suggestion would be to disable Flash and Java and just use your computer normally. Like me, you might find that you never really needed either installed in the first place.

Check out my previous post on how to disable Flash in Microsoft Edge. If you’re using Internet Explorer still, just click on the gear icon, then Internet Options, then Programs, then Manage Add-ons.

Under Show, select All add-ons and then right-click on Shockwave Flash Object and select Disable. If you are using Google Chrome, type in chrome://plugins in the address bar and then click on Disable under Adobe Flash Player.

For Java, just go to Control Panel, Programs and Features and uninstall any Java version currently installed on your computer. You can also read my post on how to uninstall or disable Java in Windows and Mac.

Encrypt Hard Drive

Finally, you should encrypt your entire hard drive if you want the maximum security for your PC. Encryption is more protection against someone stealing your computer or gaining access to your machine physically rather than online threats, but it’s still important.

I’ve written a detailed article on how to encrypt a hard drive using BitLocker in Windows. If you have a computer with a fast CPU, the encryption will not make a noticeable difference in speed. If you have an older computer, I would probably avoid using encryption unless you upgrade the hardware.

Overall, you should be in pretty good shape if you follow all the steps above. Remember, though, visiting the wrong websites will harm you no matter what security you have on your computer. A good option is to use Chrome since it tries to warn you before you visit a malicious website or download something harmful. Enjoy!

Related posts

• Download Quick Start Guide到Windows 10从Microsoft

• 如何使用Windows 10 PC - Basic初学者教程和提示

• Download Windows Ink Guide用于Microsoft Windows 10

• 结识Windows 10 Guide为Employees从Microsoft

• Windows 10 Group Policy Settings Reference Guide

• Windows 10中的启用包是什么

• 如何在Windows 10中Delete Win Setup Files [指南]

• 如何在Windows 10中禁用Automatic Driver Updates

• 如何在Windows 10上禁用Feature Updates的保障措施

• Windows 10 任务管理器指南 - 第一部分

• 如何在Windows 10中编辑主机File [指南]

• Ashampoo WinOptimizer是优化Windows 10的免费软件

• 在Windows 10中添加Printer [指南]

• 适用于 Windows 10 的蓝屏死机故障排除指南

• 如何禁用可移动存储类和Windows 10访问

• Windows 10中Taskbar Context Menu中的Hide Toolbars option

• Windows 10 中的 OTT 备份、系统映像和恢复指南

• [已解决] Windows 10中意外的商店异常BSOD

• Windows 10 键盘快捷键：终极指南

• 在 Windows 10 中禁用触摸屏 [指南]