Windows 10 Security Concerns


#1

You know, I'm pretty concerned about security issues with Windows 10 so I thought we could have a thread...


#2

What are your concerns?


#3

Win10 is no less secure than 7 or 8. Tons of exploits come out, but it’s the most popular OS in the world so that’s natural. MS updates quickly, and in fact the forced mandatory updates in win10, much as I hate them personally, definitely improve security for most users.

I do wish EMET was part of the OS, not running in userspace, with compatibility settings and signatures updated via windows update. EMET is a [I]substantial[/I] component of securing windows. If you’re a techie running windows, you should be running EMET. Most exploits simply don’t work with it running.

Additionally, I would like to see a browser (like Edge) integrating NoScript, Ghostery, or Privacy Badger natively. Again, signatures and settings updated in Windows Update, as these are too finicky and lead to too much page damage for the average Joe to handle on his own.

Last, I wish windows included sandboxing like Sandboxie and OSX’s App Sandbox. This would be another substantial security improvement. Obviously universal apps are already sandboxed; I’m talking about desktop programs here.

None of the above are regressions from earlier versions of windows, just improvements I’d like to see added in the future.


#4

I actually have an odd question on the pace of updates - in my very limited experience, 10 seems to have a slower pace of updates than 8.1 did. Is that accurate or just a result of time dilation due to being so close to the singularity of the OS upgrade?


#5

My impression is that MS has been blazing with Win 10 updates. They’ve been averaging cumulative updates about once a month, and I’m not talking about security patches. Those cumulative patches include tons of non-security fixes. Then there was Threshold, which was the introduction of new features. The next major update along those lines is Redstone, later this year.

But Win 10 would probably be considered to be well past the traditional Service Pack 1 stage, and arguably closer to Service Pack 2 status already. And it’s only 6 months old!


#6

Definitely not the case. Windows 8.1 and every earlier release strictly stuck to “Patch Tuesday” (the 2nd tuesday in the month was when the updates were released) outside of a few exceptions. For Windows 10 though, there have been a much larger number of exceptions - significant bug fix updates sometimes two or even three times a month.

The difference in perception could be attributed to the method in which each OS handles reboots. Windows 8 and 8.1, in the effort of reducing data loss caused by unexpected reboots [U]always told you about an upcoming reboot[/U]. And that reboot wouldn’t happen unless you personally observed the dialog telling you it was going to happen, so that you would theoretically know to save your stuff.

Windows 10 is a bit smarter in that regard. There’s a setting to always notify you before a reboot happens, but the default is that reboots will happen in the middle of the night (just like Windows 7 did) potentially causing some data loss, but mainly just acting how normal people expected.


#7

Risking data loss isn’t what [I]I[/I] expected. It’s one of the primary reasons why I strongly dislike Win10. But then I’m certainly not your normal user.

When I came home to see my monitor’s “ENTER PASSWORD:” line from the BIOS burning into my screen that first time, I was not happy, not happy at all.


#8

Similarly, the default setting really aggravated my “leave the computer all at all times forever and ever” habits, since I’d gotten used to leaving a shit ton of stuff open. Saved insofar as that’s possible, but stuff like progress on a video in VLC or stuff entered into a browser text box tends not to carry over (Lazarus sometimes catches the latter, at least).

Needless to say, that got tweaked fast.


#9

Yep. Unfortunately you can’t replicate the win8 and earlier behavior. I used to let it update, then reboot whenever I damn well felt like it. That is [I]impossible[/I] in win10-- once you update, win10 is gonna reboot whether you like it or not. Don’t like it? Screw you, windows knows better!

What you [I]can[/I] do is disable the automatic updates via a policy editor/regedit tweak. Then you have to update manually, which is obviously less secure than automatic updates. And once you do update, you [I][U]must[/U][/I] reboot.

It really sucks that they offer no way to change this behavior. I agree with the default, but sophisticated users like myself should be allowed to manage our computers as we see fit. I never, [I]ever,[/I] want my computer to reboot when I don’t initiate it, under any circumstances.


#10

Note, though, that the currrent version of EMET (5.2) prevents IE11 from running with the default recommended security profile set. That was fun to track down…

Dunno if that’s fixed in the current beta version.


#11

Right, that’s why I said they would need to update compatibility settings and signatures, to avoid that sort of thing. EMET isn’t consumer-friendly right now-- but there’s no reason why that couldn’t be fixed easily enough, and it would be a real tangible security improvement in windows.


#12

Is MSE still a separate entity on Windows 10?n I liked it on win7 and don’t want to have to use a different 3rd party antivirus program.


#13

It’s not built-in, so you have to download it if you want to use it on Win10.

Although, I’d probably go with Malwarebytes Anti-exploit.


#14

Run AV+ Malwarebytes Anti-Exploit and Anti-Malware.


#15

MSE was renamed Windows Defender and is built-in to Windows 8 and Windows 10. Because Microsoft loves confusion, there was an earlier product that was not MSE, called Windows Defender, that only protected against spyware rather than being a complete anti-malware solution. The thing that is now built-in is the former Microsoft Security Essentials.


#16

… that said, follow the above advice. Third party AV + MB’s Anti Exploit is a good combo to use if you’re ever going out into the wild.


#17

Bump.


#18

Why did you bump it? You apparently don’t have a specific concern, nor has anyone else for the past 6 weeks.


#19

They have, but in the general Windows 10 thread, drowning out any other possible discussion.


#20

Steve Gibson has a utility to stop the nagging to upgrade to 10: https://www.grc.com/never10.htm