To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Top Windows 10 security threats

In most regards Windows 10 is more secure than older operating systems, but it introduces it's own security risks: we explain all

Windows 10 brings a range of new security features that go a long way to making users’ experience of the internet safer. But it’s not 100% secure (nothing is) and actually introduces some new problems. We’ve teamed up with BullGuard to check out these issues and suggest ways to toughen up your security.

Social engineering

It doesn’t matter what version of Windows, OS X or any other operating system you run; if someone can trick you into giving them access to your bank account, computer or home network you’ve been compromised. There are plenty of scams out there aimed specifically at Windows users, including fraudsters making cold calls claiming to be from Microsoft. Ultimately they will try to trick you into giving them remote access to your PC and will almost inevitably end up with funds moving from you to them.

On a similar line, every time a new version of Windows comes out some bright spark decides to send malware as an attachment to everyone claiming that the file is an update from Microsoft. Run it and suffer the consequences. For example, even before Windows 10 was generally available a criminal sent out an email that offered a fast way to upgrade to the new operating system. In this case, the attacker attached a ransomware Trojan, a type of malware that encrypts your files until you pay a significant amount of money for the decryption key.

The general advice is: if it’s too good to be true then it probably is. And Microsoft will never contact you directly and send you updates by email. That’s what Windows Update is for and, with Windows 10, that kicks in automatically anyway.

Close to the Edge

Microsoft’s new web browser, Edge, is widely considered to be more secure than Internet Explorer. However, it’s not perfect and some security experts are concerned that it introduces a couple of extra security vulnerabilities that Internet Explorer lacked. For example, it integrates plugins for Flash and a PDF reader, which is a concern because both technologies have proven to be insecure and have provided attackers with a route to hacking into desktop systems for many years. The fact that these technologies are now built into the browser could potentially open the door to attackers. Ultimately Edge is better than Internet Explorer and some researchers rate it as highly as Google’s Chrome browser, so it’s probably OK to use for now. But keep your eyes open for news about future attacks.

Web threats

Drive-by attacks, where you visit a website and it installs malware on your PC in the background without your intervention, have been around for years and Windows 10 is not immune. It does have some built-in technology, such as the SmartScreen URL blocker, to help keep the bad sites at arm’s length but at some stage you could run into an infected website. That is when running a good anti-malware product will help. Microsoft’s own free anti-malware product frequently performs poorly in tests and you should choose an alternative. Running a good web browser, such as Chrome, which incorporates its own malicious website blocking system, would add another layer of protection.

General exploitation

As soon as Windows 10 became available researchers and criminals started prodding it to find its weak points. One researcher found a security hole in Windows’ scroll bars that allowed him to attack the system by changing literally one bit of code. This security hole is now patched, but the fact is that there are vulnerabilities in all code and it’s a matter of time before more problems with Windows 10 are found.

So what can we, the normal users, do to protect against this sophisticated type of attack? Aside from updating regularly there’s not a great deal, other than not clicking on links in suspicious emails or opening attachments (programs and even documents) from people you don’t know. However, there is one serious technical approach you can take, which is to install a little-known free utility from Microsoft that blocks many types of exploitation: the free EMET, short for The Enhanced Mitigation Experience Toolkit.

Virus updates

An out-of-date anti-malware program presents a serious security threat. Update it regularly to receive the best protection possible and renew your subscription when it becomes due. Microsoft has had enough of people failing to renew and update and will take direct measures on your system should you decide to keep creaking along with your ancient 2012 anti-virus program. Windows Defender will re-activate itself and replace an expired anti-malware product automatically. Windows 10 will even uninstall expired or incompatible security products.

This sounds like a responsible move by Microsoft but, as we’ve noted, its own anti-malware products rarely do well in tests and, unless you pay attention, you could find yourself unwittingly relying on Defender’s security. Wake up and install an up-to-date anti-malware program, such as BullGuard Internet Security, which is certified to work with Windows 10.

Windows 10 privacy

Speaking of privacy, one of the biggest problems people have with Windows 10 is its apparent intrusive approach to users’ privacy. For example, did you know that if you used the default settings when setting up Windows that your contacts could access your WiFi network? That’s over-stating things, to be fair, because you can decide who gets access on a case-by-case basis and your friends can’t re-share access, but it’s a creepy feature when you first glance into the settings you accepted a month or two ago. It’s easy to turn off, regardless. Just go to Manage WiFi Settings and untick the options under the heading, ‘For networks I select, share them with my…”

Windows 10 privacy settings

This is an independent guide from the Expert Reviews editorial team. This content was produced to the same impartial standards as the main content on our site but paid for by BullGuard.

Read more