WINDOWS
Don't use Windows. For Defensive Computing, it is the worst choice.
Going further, I suggest avoiding all software from Microsoft such as their web browser (Edge), their email clients (Outlook in particular) , their Office suite (try Libre Office instead) and their email server (Exchange).
Given that this is my mindset, this topic is fairly small.
If you are buying a new computer, and intend to use Windows, then I suggest Windows 10 rather than Windows 11. The main reason I say this is that Windows 10 is more mature. It is also likely to be more compatible with software and hardware. And, any new features in Windows 11 are likely to be problematic, judging by history. This is true as of October 2022, in 2 or 3 or 4 years, things may change.
CONFIGURING WINDOWS
A Windows system with a single userid is mis-configured. Every copy of Windows should have at least one restricted user and one administrator class user. The restricted user should be used 99.9% of the time. The two passwords can be very similar.
Use a local account rather than a Microsoft account. Microsoft is always making this harder. For years, doing the initial configuration while not connected to the Internet was enough to avoid the requirement for a Microsoft account. With Windows 11, other tricks are needed.
By default, File Explorer hides the file type. This is bad and Microsoft has kept this miserable default for decades. Change it. See Windows File Explorer Settings: the Setting You Should Change Right Now by Leo A. Notenboom. For Windows 8, 10 and 11.
Turn Off Fast Startup in Windows by Leo A. Notenboom. I agree with this. The recommendation goes for both Windows 10 and 11. The article was originally published in 2016.
Go to Settings -> Privacy. Turn off everything that is on. Microsoft code words: "improve" means spying on you. "track" means spying on you. "relevant content" means spying on you. "suggested content" are ads. "personalization" means spying on you. "tailored experiences" means spying on you. "activity history" means spying on you.
Double click on My Computer/This PC and get the properties of the C disk. Turn off the option to "Allow files on this drive to have contents indexed in addition to file properties" Doing this, saves writing to the SSD that is the C disk. This may have been useful back when PCs had mechanical hard drives.
Why and how to login to Windows with a Local Account rather than a Microsoft Account: Why Microsoft Account is a Raw Deal and How to Absolutely Avoid It on a Windows Computer by Dong Ngo. For Windows 10 and 11. August 2022.
Some of us old time Windows users like the Show Desktop icon in the bottom left corner of the taskbar. It was there in Windows XP and somewhere along the line was removed. This hack can restore it. This has to be done for each Windows userid. It works on Windows 8 and 10, I have not tested Windows 11.
WINDOWS SOFTWARE
Portable apps are safer than normally installed apps because they are harder for malware to find. Also, they are easy to backup, just copy a folder. And, they let you have two different versions of an app available at the same time. An excellent source of portable Windows software is at portableapps.com.
Do not use Bit Locker, instead use VeraCrypt
For checking on the health of an SSD, I suggest the free Clear Disk Info program.
Nir Sofer has a huge collection of excellent, free portable software at nirsoft.net. Perhaps my favorite is WifiInfoView. I also like TaskSchedulerView.
The free Process Explorer program from Microsoft is invaluable, I install it on every Windows computer that I configure. Likewise, the free Autoruns program from Microsoft is great at giving you control over the programs that run when the system starts up.
Using the online version of Outlook is safer that using a locally installed copy of Outlook. With the web version, Office attachments get interpreted on Microsoft servers for display.
Steve Gibson offers a free, portable program called InControl that makes it very easy to stay on your desired Windows Service Pack (22h1 for example). The program updates the Registry to set a number of relatively new configuration options that control Windows Update. This not only lets you stay on your current service pack, until you think the next one is ready for prime time, it can also prevent Windows 10 from being updated to Windows 11.
USING WINDOWS
Before running any downloaded executable file, check it at VirusTotal.com.
How to Keep Windows Running Smoothly With Routine Maintenance by Leo A. Notenboom January 24, 2024. A classic Defensive Computing article.
My Print Queue is Stuck. How Do I Print Anything? by Leo A. Notenboom (last updated Aug. 1, 2022). To clear the print queue: turn off the printer, stop the Print Spooler service, delete all the files in c:\Windows\System32\ spool\PRINTERS, start the Print Spooler service, turn on the printer.
The First Things to Do with a New Windows Computer by Leo A. Notenboom (October 2022). Backup, backup and backup some more.
Windows Update sometimes breaks or hangs. Should that happen to you see this January 2024 article by Leo A. Notenboom: How Do I Fix Windows Update? What is so good about this article is that it first describes using a hammer, then explains a bigger hammer and finally suggests very very big hammer. One of the three hammers should certainly fix Windows Update.
November 2022: A Windows 10 laptop computer that I use every day had not installed bug fixes in a very long time. I do that on purpose, so that I can trust the computer will work the same today as it did yesterday. Still, at some point it needs software updates. So, I rebooted the computer and let it install a ton of fixes both to Windows 10 and assorted drivers. Reboot and more fixes. Reboot and more fixes. All seemed well and at the end of my working day, I closed the lid to put the computer to sleep. I had done the same thing well over 100 days in a row. Could have been 200 days in a row. Yes, it had not rebooted in months and months prior to the bug fixes. The next morning, the laptop would not wake up from sleeping when the lid was opened. F**k Microsoft and their Operating System.
ARTICLES
June 28, 204: Windows: Insecure by design by Steven J. Vaughan-Nichols for The Register. One example from the article: In June 2023, a Chinese hacking group stole US government emails from Microsoft's Exchange Online. The Feds managed to catch the hackers, not Microsoft. A former White House cyber policy director asserted that Microsoft and its products are a national security concern. There are other examples too.
A STORY
Once upon a time, OK, it was November 16, 2022, I was setting up a new Lenovo T14 Thinkpad that was running Windows 10. The next day, I happened upon the folder
C:\Program Data\Microsoft\Windows\WER\ReportArchive
This seems to be where Windows stashes dumps, records of programs that have crashed/failed. At some point these are probably sent to Microsoft. To me, it seems like quite a lot of program crashes for the first day of using the new computer. Maybe I'm being overly critical? I think not.
Consider the dump files shown in the screen shot below. An Administrator is not allow to see the files at all. And, even if you hack around this security restriction, Windows does not include a utility to format these files into a human readable format. These failures are none of our business.
- - - - - - - - - - - - -
See also, the topics on Microsoft and Microsoft Office.
This page: 6 views per day (over 864 days) Total views: 5,397 Created: October 4, 2022 |
This Page Last Updated July 2, 2024 | Site Page Views TOTAL 1,097,341 | Site Page Views TODAY 1,217 |
Website by Michael Horowitz @defensivecomput |
top |