Windows 10 operating system security features free download
Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. Watch the latest Microsoft Mechanics Windows 11 security video that shows off some of the latest Windows 11 security technology.
Use the links in the following table to learn more about the operating system security features and capabilities in Windows Skip to main content. This browser is no longer supported. Table of contents Exit focus mode. Table of contents. Submit and view feedback for This product This page.
View all page feedback. Additional resources In this article. Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting.
Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely. Learn more Secure Boot and Trusted Boot.
Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. Learn more about Cryptography and certificate management.
The Windows built-in security application found in settings provides an at-a-glance view of the security status and health of your device. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. Learn more about the Windows Security app. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications.
Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. Learn more about Encryption. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
If you uninstall the other app, Microsoft Defender Antivirus will turn back on automatically. For info on how to uninstall an app, see Repair or remove an app in Windows. To change your user account to an admin account, see Create a local user or administrator account in Windows. Some of these options are unavailable if you’re running Windows 10 in S mode. Account protection – Access sign-in options and account settings, including Windows Hello and dynamic lock.
You’ll have exploit protection and you can customize protection settings for your devices. Device security – Review built-in security options to help protect your device from attacks by malicious software. Open Windows Security settings. Yellow means there is a safety recommendation for you.
Red is a warning that something needs your immediate attention. If you’re worried about a specific file or folder on your local device, you can right-click the file or folder in File Explorer, then select Scan with Microsoft Defender. Tip: On Windows 11 you may have to select Show more options after you right-click to see the option to scan the file or folder.
If you suspect there’s malware or a virus on your device, you should immediately run a quick scan. Note: Because of streamlined security, this isn’t available if you’re running Windows 10 or 11 in S mode. Under Current threats , select Quick scan or in early versions of Windows 10, under Threat history , select Scan now. If the scan doesn’t find any issues, but you’re still concerned, you may want to check your device more thoroughly. Under Current threats , select Scan options or in early versions of Windows 10, under Threat history , select Run a new advanced scan.
Full scan check all files and programs currently on your device. Custom scan scan specific files or folders. Microsoft Defender Offline scan restarts your computer and runs a deep scan before Windows loads to catch especially sneaky malware. Learn more about Microsoft Defender Offline. Learn more about running an advanced scan. Touch : To use touch, you need a tablet or a monitor that supports multi-touch. Two-factor authentication requires the use of a PIN, Biometric finger print reader or illuminated infrared camera , or a phone with Wi-Fi or Bluetooth capabilities.
Windows Hello requires a camera configured for near infrared IR imaging or fingerprint reader for biometric authentication. Xbox application requires an Xbox Live account, which is not available in all regions. For the most up-to-date list of regions, please go to Xbox Live Countries and Regions website. Language versions. Additional languages available as Language Interface Packs.
Feature deprecations and removals. Please see below for information regarding some of the key removed features: Desktop Messaging App : The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. Starting with the May Update Windows 10, version , the sync feature has been removed from all devices.
Due to this change, you will only be able to access messages from the device that received the message. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed.
Cortana : Cortana has been updated and enhanced in the Windows 10 May Update Windows 10, version With these changes, some previously available consumer skills such as music, connected home, and third-party skills will no longer be available.
Get detailed information here. Use the Phone page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features. HomeGroup: HomeGroup was removed starting with the April Update Windows 10, version , but you still have the ability to share printers, files, and folders. Any printers, files, and folders you shared using HomeGroup will continue to be shared. Instead of using HomeGroup, you can now share printers, files, and folders by using features that are built into Windows Share your network printers Share files in File Explorer For Xbox and HomeGroup users, please see more information on streaming media People app: In Windows 10, the People app shows mail from Microsoft contacts and contacts from your school or work organization under Conversations.
Starting with the April Update Windows 10, version , in order to see new mail in the People app from these specific contacts, you need to be online, and you need to have signed in with either a Microsoft account or, for work or school organization accounts, through the Mail , People , or Calendar apps. For reading PDF files, Microsoft Edge is the recommended replacement app and offers similar functionality as well as additional features including improved accessibility support, improved Inking, and support for AskCortana.
Note that users of earlier Windows 10 versions can continue using the Reader app. After Windows Journal is removed, you will no longer be able to open or edit Journal files with. JNT or. JTP extensions. In place of Windows Journal, we encourage you to switch to OneNote.
If you need to open or edit your journal files, more information is available here. You are no longer able to play music or video files that were protected by this rights management technology.
Click here to learn more.
Download Microsoft Security Essentials from Official Microsoft Download Center – Windows 10 operating system security features free download
There are many mitigations that have been added over time, such as process quota pointer encoding; lookaside, delay free, and pool page cookies; and PoolIndex bounds checks. Windows 10 adds multiple “pool hardening” protections, such as integrity checks, that help protect the kernel pool against more advanced attacks. Supervisor Mode Execution Prevention SMEP : Helps prevent the kernel the “supervisor” from executing code in user pages, a common technique used by attackers for local kernel elevation of privilege EOP.
Safe unlinking: Helps protect against pool overruns that are combined with unlinking operations to create an attack. Memory reservations : The lowest 64 KB of process memory is reserved for the system. Apps aren’t allowed to allocate that portion of the memory. This allocation for the system makes it more difficult for malware to use techniques such as “NULL dereference” to overwrite critical system data structures in memory. When applications are loaded into memory, they’re allocated space based on the size of the code, requested memory, and other factors.
When an application begins to execute code, it calls the other code located in other memory addresses. The relationships between the code locations are well known—they’re written in the code itself—but previous to Windows 10, the flow between these locations wasn’t enforced, which gave attackers the opportunity to change the flow to meet their needs. When a trusted application that was compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution.
If the location isn’t trusted, the application is immediately terminated as a potential security risk. An administrator can’t configure CFG; rather, an application developer can take advantage of CFG by configuring it when the application is compiled. Consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Browser security is a critical component of any security strategy, and for good reason: the browser is the user’s interface to the Internet, an environment with many malicious sites and content waiting to attack.
Most users can’t perform at least part of their job without a browser, and many users are reliant on one. This reality has made the browser the common pathway from which malicious hackers initiate their attacks. All browsers enable some amount of extensibility to do things beyond the original scope of the browser. Two common examples are Flash and Java extensions that enable their respective applications to run inside a browser. The security of Windows 10 for the purposes of web browsing and applications, especially for these two content types, is a priority.
Windows 10 includes an entirely new browser, Microsoft Edge. Microsoft Edge is more secure in multiple ways, especially:. Smaller attack surface; no support for non-Microsoft binary extensions. Multiple browser components with vulnerable attack surfaces have been removed from Microsoft Edge. Runs bit processes. A bit PC running an older version of Windows often runs in bit compatibility mode to support older and less secure extensions. When Microsoft Edge runs on a bit PC, it runs only bit processes, which are much more secure against exploits.
This feature helps protect against use-after-free UAF issues. Designed as a Universal Windows app. Microsoft Edge is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. Simplifies security configuration tasks.
Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, there are fewer required security settings.
In addition, Microsoft Edge default settings align with security best practices, making it more secure by default. In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10, primarily for backwards-compatibility with websites and with binary extensions that don’t work with Microsoft Edge. You can’t configure it as the primary browser but rather as an optional or automatic switchover.
We recommend using Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. For sites that require IE11 compatibility, including those sites that require binary extensions and plug-ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. With this configuration, when Microsoft Edge identifies a site that requires IE11, users will automatically be switched to IE Some of the protections available in Windows 10 are provided through functions that can be called from apps or other software.
Such software is less likely to provide openings for exploits. If you’re working with a software vendor, you can request that they include these security-oriented functions in the application. The following table lists some types of mitigations and the corresponding security-oriented functions that can be used in apps.
Control Flow Guard CFG is also an important mitigation that a developer can include in software when it is compiled. For more information, see Control Flow Guard , earlier in this topic. You might already be familiar with the Enhanced Mitigation Experience Toolkit EMET , which has since offered various exploit mitigations, and an interface for configuring those mitigations.
You can use this section to understand how EMET mitigations relate to those mitigations in Windows However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore haven’t been brought into Windows Because many of EMET’s mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.
Advanced virus and malware protection. Home Wi-Fi network security. Easy to install, effortless to use. Smart Scan Scans your device for hard-to-find vulnerabilities in hidden places.
CyberCapture Automatically sends suspicious files for analysis in the Cloud, then pushes a cure to Avast users if needed. Behavior Shield Alerts you immediately if any of your apps start behaving suspiciously. File Shield Alerts you to any suspicious files — before you open them.
Quarantine Stores potentially harmful files and completely isolates them from the rest of your operating system. It also includes these privacy and security features: Wi-Fi network security. Connect safely and with confidence, even on unsecured or public Wi-Fi networks. Block hackers and intruders from piggybacking on your network and stop them from accessing your sensitive, personal files.
Network Inspector Connect safely and with confidence, even on unsecured or public Wi-Fi networks. Firewall Our intelligent firewall monitors all network traffic between your PC and the outside world and blocks malicious intrusions. Safe browsing and emailing. Stay safe when browsing, emailing, or working online. Valitse Asenna Windows. Aloita Windows n asentaminen kaksoisnapsauttamalla setup. Lataa Insider Preview -esiversioita Windows Insider -sivustosta.
Oppilaitosversioita tuoteavain tarvitaan on oppilaitostuotteiden lataussivulla. In addition to the requirements above that are needed to run Windows, some features have additional requirements. In some cases, features included with updated versions of Windows 10 will be best experienced with newer processors. Below are some additional details regarding requirements for key features:.
When upgrading to Windows 10 from a previous version of Windows such as Windows 7 or Windows 8. Please see below for information regarding some of the key removed features:. The following changes impact devices that are upgrading to Windows 10 from Windows 7, Windows 8 or Windows 8.
Table of Contents. System requirements for installing Windows 10 Keeping Windows 10 up-to-date More information on hard drive space requirements to install or update Windows 10 Feature-specific requirements for Windows 10 Language versions Feature deprecations and removals. System requirements for installing Windows Keeping Windows 10 up-to-date. Some of the disk space needed for installing updates is only temporarily required. Typically, ten days after installing an update, a disk cleanup will be automatically performed to delete copies of the older, unneeded Windows files and free up space again.
Not all features in an update will work on all devices. An internet connection is required to perform updates and Internet access ISP fees might apply. If you need assistance installing an update, Windows 10 Update Assistant may be able to help.
More information on hard drive space requirements to install or update Windows Feature-specific requirements for Windows TPM 2. You might not be able to pause the active downloads or resume downloads that have failed.
Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software. Details Note: There are multiple files available for this download. Once you click on the “Download” button, you will be prompted to select the files you need. File Name:. Date Published:. File Size:. System Requirements Supported Operating System.