, , , ,

Day 014 #FromZeroToHacker – Windows Fundamentals: Part 3

Let’s learn how to keep our Windows device secure with Windows Updates, Windows Security, BitLocker and more.

This is the last of the 3-part lesson from our #FromZeroToHacker Windows fundamentals.

Table of contents
Introduction
What I have learnt today?
Stats
Resources

Introduction to Windows Fundamentals

In Windows Fundamentals 1, we covered the desktop, file system, UAC, control panel, settings, and task manager.

In Windows Fundamentals 2, we covered diverse utilities such as System Configuration, Computer Management, Resource Monitor, and more.

In today’s lesson, we will learn about security features within the Windows OS:

  • Windows updates
  • Windows security
  • Virus & threat protection
  • Firewall & network protection
  • App & browser control
  • Device security
  • BitLocker
  • Volume Shadow Copy Service
Windows logo 1992

What I have learnt today?

Windows updates

Yes, we know them. And you may hate them. But they are sadly needed.

Windows Update is a service provided to manage security updates, feature enhancements, patches, and more.

There is a tradition to release a patch each 2nd Tuesday on what it is called Patch Tuesday, but critical updates and patches can be released anytime. You can read more on the Microsoft Security Update Guide.

You can find it in Settings:

Windows Fundamentals Settings

The screen is pretty self-explanatory:

Windows fundamentals Update

Well, seems like I have some updates to do…

Users used to have the option to reject the most important updates but they no longer can be ignored or pushed to the side. They can be postponed, but eventually, the system will force an update where the computer will reboot, to the delight of its users. Here is an example of a required update:

Windows update required

Windows security

Windows security is where we can manage the tools to protect our computer and our data. Available in Settings.

Windows Security

There are four protection areas:

  • Virus and threat protection
  • Firewall and network protection
  • App and browser control
  • Device security

Shortly, we will address each one of these sections.

Each protection area has a status colour:

  • Green, when your device is protected.
  • Yellow, where there is a safety recommendation to review.
  • Red, an important warning about something that requires your attention.
Windows protection areas

Virus & threat protection

This section is divided into two parts: Current threats and Virus & threat protection settings.

Current threats:

Virus and threat protection

Scan options:

  • Quick scan, to check threats in common folders.
  • Full scan, to check all the files and running programs.
  • Custom scan, to choose which files and folders to check.

Threat history:

  • Last scan, the last time an automatic scan has scanned the computer.
  • Quarantined threats, that have been isolated from running.
  • Allowed threats, items that have been identified as a threat but you have allowed to run.

Virus & threat protection settings

Virus and threat protection settings

Manage settings:

  • Real-time protection locates and stops malware.
  • Cloud-delivered protection provides increased and faster protection to the cloud.
  • Automatic sample submission sends sample files to Microsoft to help protect you and others (so they say).
  • Controlled folder access protect files, folders, and memory areas.
  • Exclusions is used to select what files that won’t be scanned.
  • Notifications that Windows Defender Antivirus will send critical information when needed.

Virus & threat protection updates:

  • Check for updates manually checks for updates to update your Windows.

Ransomware protection:

  • Controlled folder access is required by Ransomware protection.

Firewall & network protection

A firewall controls what is and what isn’t allowed to pass through our computer works. Think about a bouncer.

Sorry for the analogy, this is the Firewall & network protection section:

Firewall and network protection

There are three types of networks:

  • Domain – Networks where the host system can authenticate to a domain controller.
  • Private – A user-assigned profile used to designate private or home networks.
  • Public – The default profile for public networks, such as Wi-Fi hotspots we found in shops, airports, coffee shops, and other locations.

There are also other options, the one we can see at the bottom:

Allow an app through firewall – You can turn it off and on if you allow certain apps and features on private and public networks.

Allowed apps through firewall

Advanced Settings
Advanced settings for Windows Defender Firewall. Only for experienced Windows users.

Advanced settings

Best practices for configuring Windows Defender Firewall.

App & browser control

Microsoft Defender SmartScreen protects against phishing and malware websites and applications. More about it on the Microsoft Defender SmartScreen help.

App and browser control

Check apps and files lets you use Windows Defender SmartScreen to help you protect your device by checking for unrecognized apps and files:

Windows Defender SmartScreen

With Exploit protection built into Windows 10 you can protect your device against attacks.

Windows Fundamentals Exploit protection

Unless you are an expert, it is recommended that you leave the default settings. And no, watching an 8 min Youtube video isn’t enough.

Device Security

Normally, this section is left untouched for 99% of the users.

Device security

Core isolation prevents attacks from inserting malicious code into high-security processes.

Core isolation

Security processor provides additional encryption for your device.

Security processor

It uses the Trusted Platform Module or TPM, a chip designed to carry out cryptographic operations.

Again, this is best left untouched.

BitLocker

BitLocker Drive Encryption is a data protection feature that addresses the threats of data theft or lost, stolen, or inappropriately decommissioned computers.

That means that it encrypts data from your computer so you and only you can access to certain data.

More about BitLocker on Windows official website.

Volume Shadow Copy Service

Volume Shadow Copy Service, or VSS, coordinates the required actions to create a shadow copy or snapshot.

Volume Shadow Copies are stored in the system volume folder. If VSS is enabled, you can:

  • Create a restore point
  • Perform system restore
  • Configure restore settings
  • Delete restore points

Malware writers know that this feature exists and write code in their malware to look for these files and delete them, making it impossible to recover unless you have an offline or off-site backup.

Volume shadow copy service

Stats

From 195.022th to 191.218th. Not a great increase, but a steady one!

Here is also the Skill Matrix:

Resources

Path: Pre Security

Windows Fundamentals

TryHackMe: Windows fundamentals part 3

Other resources

Microsoft Security Update Guide
Best practices for configuring Windows Defender Firewall
BitLocker