10 Windows 10 Settings You Should Change Right Away

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
Aug 19, 2018
1
0
10
I've got to agree that the UAC advice is terrible. If anything, the advice should be to run as a regular user and to use an admin password for UAC prompts. Malware doesn't just come from user installed programs -- it can also come through web browser security flaws, PDF and Flash security flaws, etc.

Here's an easy to read article on any disabling UAC is a bad idea: Why You Shouldn’t Disable User Account Control (UAC) in Windows

The research at this link is a bit old, but it looked at Microsoft's security updates and showed that "removing admin rights would mitigate 96% of critical vulnerabilities affecting Windows operating systems, 91% critical vulnerabilities affecting Microsoft Office and 100% of vulnerabilities in Internet Explorer."
 

Rogue Leader

It's a trap!
Moderator
Disable User Account ControlPicture 3 of 12

Under the guise of saving you from yourself, Windows' User Account Control (UAC) gives you an aggressive warning every time you want to install software or change a key system setting. In other words, you have to be alerted to your own behavior so you can think twice about it. But since you presumably graduated kindergarten, you don't need this kind of paternalism.

To disable UAC, type "user account control" into the Cortana search box, click "Change User Account Control Settings" and then move the slider down to "Never notify."

Yeah, please never do this.
 

Karadjgne

Titan
Ambassador
"For those who disable uac and dont catch anything know atleast whether site is corrupted or normal.
Its most user error for downloading sketchy stuff always, thats why I never got to reinstall windows in my 6 years of use it, not including reinstalling to windows 10. I blame users who got viruses, malware on their pc."

Wrong. In so many ways. Most Trojans are hijacking valid legal sites. They attach themselves to normal websites and just visiting the site can and does load cookies onto your pc, which includes the Trojan files. Next time you hot the enter key, you give permission for that Trojan to now attach itself to your registry. Then it hits every email, every website you visit and attaches there. It's only https sites that are somewhat secure, regular http sites can always be considered suspect.

As to PayPal usage, that too is suspect. Doesn't take much for a keylogger Trojan on your pc to store your user/password and transmit that to a 3rd party site, who will then use VM's and proxy servers to access your PayPal account to pay for whatever.

It's impossible to guarantee the safety of any site visited. And even harder to say for any certainty exactly what sites are safe and which are not.
 
UAC at it's default settings in Windows 7 and newer gives a false sense of security, and many of the responses here bear that out.

The best defense is not running an account with local admin rights, otherwise on any UAC setting other than Always Notify, you are susceptible to silent privilege escalation. In other words, software which wasn't planning to play nicely in the first place, isn't guaranteed to be stopped by UAC on an admin account unless the Always Notify setting is used.

Turning on Always Notify is going to be the surest way to get most people to turn the thing off, similar to the response when it debuted in Vista.

A bit of critical thinking, rather than just critcizing the author's instructions: How many of the opponents of turning UAC off in this thread are running with UAC set to less than Always Notify? I would ask, if you're already compromising UAC's ability to fully protect your PC, why are you so against other people also compromising it's ability to protect their machines? It's not like you're the ones who have to clean up their messes.

The holes in UAC have not been completely plugged in Windows 10.
 
Paypal has sms verification to ensure that you accept the paying to something.
I have 2 or 3 way verification via sms to allow to change my password on email and similar.
Then probably as windows is soo easily hackable, why people still use it?
Well it is my pc and if it catches the virus or similar, I have easy way, reinstall.

Just to add, this is not arguing with anyone here, Just sharing opinions amd toughts.
I personally dont wanna argue here.
I would reply to you but im using phone soo the link for replying isnt avalilable.
 
I second NinjaNerd56, Most "power users" do things on their pc and they are the only people controlling it, and based the replu of their commenting on this.
But if you set you pc the way the article says and hand it to your son, daughter etc., Il wager you will be reformatting and reinstall windows in no time.

the article is silly at best, here are my thoughs on each step suggested;

Unhide files extensions or hidden files, I personally use the first not the second, but I work with images and videos files a lot and there are reasons why I would want to rename a file .old or .bak myself. all in all most users (not power users) have no use for this option, nor does it make it run better.

Preforming a "Disabling of UAC" is asking to get malware or worst installed on your system without asking permission, personally if UAC wasn't needed as many state, then I wonder why UAC with Password is a requirement for those secure linux workstation. Again this is telling people, go forth and get your information robbed.

Force Windows to Close Apps at Shutdown, again a useful perhaps but I beg to ask if your apps are not consistently closing normally and require a force close, I would be more in line of recommending at the reasons why those apps are not closing properly. malware comes to mind. patching ti with a force close isn't solving or address the issue is it ? a bad band aid at best.

Get Rid of the Useless Lock Screen, so if someone steal your laptop you want them to boot directly into your OS start your browser get online and purchase with your saved information something expensive and get stuck to pay for it later ? sarcastically "Brilliant idea" dear writer.

Switch Default Browsers, I see no benefits either in Edge, IE, Chrome (add your favorite browser here) over another is question of ketchup or mayo with your fries. as long as they are properly updated regularly they are kept safe for any online browsing, as a matter of fact plenty of articles and bench testing that have been done on the subject go forth and use the internet for what it is for... educate yourself.

Prevent Windows From Re-Opening Apps On Restart, surprising enough I agree with this bit of the article, but I prefer to have some application restart on reboot and some I dont, why I would suggest instead of using a nuclear device for a tactical attack to use CCLEANER >> TOOLS >> STARTUP and disable the programs that are unwanted on start Like Discord or such memory mongers

Protect Your Privacy, well one that is not harmful in any way and if you so concerned with your privacy I would suggest a product that locks down all the "snooping options windows has" by getting O&O Shut Up Windows 10, at least all the choices are centralized in one point and easily changed if needed on the fly. https://www.oo-software.com/en/shutup10

Enable System Protection / Restore Points another one of those "tomatoes versus toMAtoes" choices of life, either having it on or not all depends on your level of confort with your OS, I personally turn it off on my systems, but make sure its enabled on clients computers. Neither bad or Good, it is a practical programs.

Enable Storage Sense to Save Space, another useful options, I dont use it, I believe in not saving the deleted files but ask me once if I want to delete them, Have I regretted it in the past?... perhaps once or twice and nothing I could not recover from a USB or downloading again from the web.. this again doesn't make your system faster or safer either using or not.

Adjust Your Display Scaling, yes windows seems to think the whole world is blind and pumps itself to 125% off the start in most installations I have done. suggestion to restore it to 100% comes to mind and for the ones with harder abilities to read small print hell use it to make it easier on your eyes.

I would in fact suggest advising people to make use of the Windows back up function found in windows 10, it permits to have a secure copy of your complete system in a safe place, having it on a usb drive, or network driver, and scheduling it to happen on a Friday @ 2am is usually sufficient, but so many options out there regarding backups, including better programs like CODE42 systems that keeps multiple backups of your system (monthly and daily changes) for you to restore from.

Lastly I would suggest as well to make sure you have at the very least an anti virus on your system if you havent bought one or do not intent to at very least enable windows defender to ensure a certain level or protection for your system.

sincerely, The Paladin, a Computer user since 1978, and System Administrator since 1986
 


Let me get this straight. You blame the users for their actions, who get viruses, malware, root kits, Trojans, etc. You don't blame the computer. That I'll agree with, to a degree because you can take a regularly safe website, hack it, and commit the mischief... and it doesn't matter if its freakin' Google, FB, Yahoo, or even this one for that matter... as long as you can hack your way in... and insert your malicious code... or you can hack your way in to delivering the payloads via the advertisement system and wreak havoc too. Only difference may be how long the hack goes undetected. (in the ad system, it will usually be until someone realizes it was the ads that were the source) That isn't exactly the user's fault. And it isn't necessarily the fault of the website or ad agency.... although the ad agency should have verified/validated the data they send out to be pain free to your data.



You had to feed your card info directly to PayPal... if you have to update/delete/or add a new card/payment method to PayPal, you're just as susceptible to having it logged and taken, not to mention opening up a door to a "bank" of sorts.
 

USAFRet

Titan
Moderator


That's about silly, and totally incorrect.
Viruses don't care if Windows is showing you the extension...it is still there.

And I need to see those extensions.
Pictures from the camera, for instance.

foo.jpg
foo.RAF (fuji native RAW format)
Directly out of the camera.

After some editing, I would add:
foo.png
foo.psimage (paintshop pro native filetype)

So, without file extensions visible:
foo
foo
foo
foo

Yeah, that's real useful.
 


You missed something" Paypal has sms verification to ensure that you accept the paying to something.
I have 2 or 3 way verification via sms to allow to change my password on email and similar.
Then probably as windows is soo easily hackable, why people still use it?
Well it is my pc and if it catches the virus or similar, I have easy way, reinstall."
 

zircular

Prominent
Apr 25, 2017
3
0
510


Don't know if I'm lucky, I've just always been careful in what I'm doing. I've been on the internet (Windows only) for hours almost daily since 1994 as part of my work, and have had a total of 3 virus infections during that time all of which I discovered very quickly and none of them were really harmful. The last one was a fake Java update on a hacked site, 5 years ago or so, which I'd probably would have allowed to run anyway if UAC had been enabled, besides I realized it might be a virus already while it was installing so I managed to kill it before it did any harm.

Except for the first couple of years I've been using security software all the time (currently Avast AIS, Malwarebytes Premium, and Zemana Antilogger) which have caught some in between, but not many, and almost all of them were in my "warez days" many years ago (infected apps, keygens etc.). I've never used any Microsoft email software, I always verify links and never click on links I don't trust, don't visit porn or dubious sites, no facebook or similar social sites, no Skype/Messenger or similar, never use wireless, never open files from untrusted sources, and I scan files/sites on virustotal.com if in doubt. Given the current conditions and the lack of security almost everywhere that is sensible behaviour, and of more value than UAC, IMO.

Even if I should get an infection it's no big deal, I just load a clean image of the system and everything harmful is wiped. I keep multiple backups plus real time cloud backup of everything important so even ransomware can't do anything. I'm actually more worried about all the data I've given away to companies out there which later have been hacked, I know my data have leaked from several of them already. Hackers won't find any on my own system for all such things I keep strongly encrypted.

I do agree that UAC may be useful for people who know nothing about security, but a lot get infected anyway even with it turned on. So better teach them about general security instead, that would probably help more I think.
 
Aug 19, 2018
1
0
10
Windows SHOULD NOT default to hide extensions. An older trick to get people to install viruses. “Topless Brittany Spears.jpg.exe” yes it may be from a shady site, but quite a few average computer users will go to those sites to get porno pictures etc.
 

Karadjgne

Titan
Ambassador
I agree. Unfortunately, as able as my wife is about using production software, trying to teach her how to use the multi-device remote to do things like turn on the TV, change source to hdmi for Netflix etc is a serious object of futility. Ppl in general are sheep, it's a fact. The sheepdog does all the work. And that's you, Mr. Security. Ppl in general are barely able to turn on a pc, and open games or documents like email. Going deep into anything beyond that, you might as well be speaking in an alien language. This means most things need some sort of automated control, once a week virus scan, pop-up email notifications, Cortana directions, easy access Windows Store etc. It's the entire reason DOS died a quick death as a OS base, and windows point and click took off. This might be a tech based forum, but look at the posts, a good 80% or better are questions and freak outs by clueless ppl.

As said, turning off UAC might work for you, your bases are covered, but for those other 80%, anything that takes away any sort of security is an absolute no-brainer NO, Don't do it!
 

bskchaos

Distinguished
Jan 7, 2009
76
0
18,660
1- I use this but most people don't need to see extensions. Hidden files on? yeah sure, so people see all those weird files/folders they don't understand and mess with them. What's AppData and why is so big? desktop.ini? those transparent files?
2- What the actual F ?
3- Wait did I save that file? The password manager file I just updated or that spreadsheet I was working on? Luckly windows did not force my program to close loosing data.
8- This has been discussed too many times, no.
 
Aug 19, 2018
1
0
10
Dissabling the UAC is horrible advise. Advanced user or not. If this was Linux it would be equivlant to running as root without the need for a password for system changes.
 

geekinchief

Expert
Ambassador
Sep 10, 2008
25
0
18,530
Hi All,

I really love all the feedback, especially the thoughts about UAC. While I still find UAC annoying and think that many people would do fine without it, I have updated this article to be a bit more nuanced about the benefits and risks.
 
Thanks for the update, but it doesn't address the problem that people are given a false sense of security by UAC when running default settings. Arguably, the biggest feature of UAC is being notified when a process needs privilege escalation, and everybody in this thread should be harping on the fact that UAC allows silent privilege escalation when set to anything other than Always Notify, but instead they're just running around like they don't recognize this. Either you care about security or you don't.

I find the sandboxing feature of UAC to be specious as it allows software run with an unprivileged account to write to virtualized versions of protected folders. While this may not be an immediate security issue, it eschews proper software development, a behavior I find rather distasteful. I don't want badly written software or software in need of an update to work as a byproduct of UAC where it otherwise should fail due to outdated practices.
 


Number 4 still needs an urgent edit. My usual paragraph looks like this:- "Before making any changes to the Registry, choose Export from the File menu then take note of the filename and location of the backup you're making and which could rescue your system if anything goes wrong."

Number 18 could use an addition to point out that Windows Updates reverts those change to the default settings that comes with Windows 10. Spybot Anti Beacon has the facility to reimmunize those settings after every attempt by MS to reverse them.
 

randomizer

Champion
Moderator
Looks like the the slide order has become a bit messed up. The title for tip #2 is "Get Rid of the Useless Lock Screen" but the description talks about UAC and the picture is the same as on the last slide.
 
Aug 20, 2018
1
0
10
"How to ruin Tom's Hardware's reputation in 10 simple slides" by the current iditor in chief Avram Piltch.

It took Tom's Hardware over two decades to go from reputable, in depth hardware analysis to clickbait by idiots for idiots.
 
Status
Not open for further replies.