Best tips to keep your Windows 10 PC protected against malware

In a world where the internet is already part of our daily lives, and our computers store most of our personal information, more than ever, we're quickly becoming targets of malicious actors. As a result, if you don't take the necessary steps to protect your device and data, you'll be leaving the doors wide-open to malware and hackers that only want to steal your information and harm your computer.

Although malware come in many forms, one thing is certain; you don't want one inside your computer. Thankfully, you have a lot of tools to fight back all sort of malware, many of which come built into Windows 10. However, protecting your system and files isn't just about installing a security app and hoping for the best. It's a combination of software and knowing how to avoid potential threats.

In this Windows 10 guide, we'll walk you through nine tips to keep your desktop, laptop, or tablet and data protected against virtually every type of malware, including viruses, ransomware, worms, Trojans, spyware, adware, and other malicious programs.

1. Update Windows 10 and software

Why you can trust Windows Central Our expert reviewers spend hours testing and comparing products and services so you can choose the best for you. Find out more about how we test.

Perhaps the single most important step you can take to keep your device and data safe and secure is to maintain Windows 10 and programs always updated.

Software companies, such as Microsoft, are continuously rolling out updates to patch potential vulnerabilities that can be exploited by hackers.

Although updates download and install automatically on Windows 10, you can always make sure that your system has the latest patches installed on Settings > Update & Security > Windows Update, and clicking the Check for updates button.

Also, it's important to periodically check and install updates for any software installed on your computer. On Windows 10, apps you acquire from the Microsoft Store will update automatically as soon as a new version becomes available. However, classic desktop applications will not (in most cases) because they have different update mechanisms. Always check the software company's support website to download and update your programs.

2. Upgrade to the latest version of Windows 10

Because your device is running Windows 10, it doesn't necessarily mean that it's using the latest version.

Windows 10 was originally launched in 2015, and since then, Microsoft has released multiple feature updates adding new features and changes to improve performance, productivity, and more importantly, the company has been implementing many security enhancements.

If you want to keep your device protected against malware, you always want to be running the latest version.

Similar to those updates you get every month, new versions of Windows 10 are available free of charge, and they usually download an install automatically. However, if you're still not running the latest version, there are multiple ways to upgrade manually, including using Windows Update, Update Assistant, and Media Creation Tool, which allows you to perform an in-place upgrade as well as perform a clean install of the latest version.

Quick Tip: To find out which version of Windows 10 your PC is running, use the Windows key + R key combo, type winver, and click OK. If it reads version 1709, then you're running the Fall Creators Update.

It's worth noting that at the time of this writing the Windows 10 Fall Creators Update (version 1709) is the latest version. The Spring Creators Update (version 1803) is expected to roll out in April 2018.

3. Use antivirus

Antivirus is a must-have component on every computer to detect and remove malware before they can compromise your files, affect performance, or crash your device.

However, it's not a piece of software that you install once and never think about again. You must keep it up to date to stay protected against the latest threats, including viruses, worms, ransomware, and other malicious code.

Windows Defender Antivirus

Out-of-the-box Windows 10 includes the Windows Defender Antivirus, part of the Windows Defender Security Center, and it offers excellent real-time protection from viruses, ransomware, spyware, worms, rootkits, and Trojans.

If you want even more protection, it's also possible to change the Windows Defender Antivirus cloud-protection level on Windows 10.

Third-party antivirus

The Windows 10 built-in malware solution should be more than enough protection for most users. However, there are a lot of third-party security solutions that you can use. Some of them are free and others you have to pay a subscription feed.

If you don't know which one to get, check out our antivirus recommendation guide for Windows 10.


If you're using the Windows Defender Antivirus, you can also add Malwarebytes as another layer of defense. Malwarebytes is a popular anti-malware solution that can scan, detect, and remove the toughest malware already infecting your computer.

It's a free tool, and it can be installed alongside the built-in antivirus on Windows 10, but you must periodically scan your device manually. If you're interested, there's a paid version of Malwarebytes that offers real-time protection, the ability to schedule scans, and many other features.

4. Use anti-ransomware

Although viruses remain one of the most common types of malware threats, ransomware attacks are becoming very popular. Ransomware is another kind of malware that's capable of locking you off your device by encrypting all of your files and demanding you to pay a ransom, typically in Bitcoin, to unlock everything (without any guarantee).

Controlled folder access

Starting with the Fall Creators Update, Windows 10 includes an anti-ransomware feature known as "Controlled folder access." This feature not only prevents ransomware from taking over your device and taking your data hostage, but it also blocks other malicious programs from trying to make unwanted changes to your files.

If you're concern about these new types of attacks, you can follow this guide to enable and configure Controlled folder access on your Windows 10 computer.

It's worth noting that this is a security feature part of Windows Defender Exploit Guard, which means that it's only available when using Windows Defender Antivirus.


Alternatively, if Controlled folder access isn't for you, or you're using a third-party anti-malware solution, you can add extra protection against ransomware with third-party tools, such as RansomFree.

RansomFree is a relatively new security software from Cybereason that doesn't use traditional definition updates. Instead, it uses behavioral system analysis to prevent ransomware from taking over your computer.

After it's installed, the tool will stop any suspicious activity that looks like a ransomware attack. Then you'll be prompted to allow or deny the activity. If you deny the activity, then RansomFree will send it to quarantine.

Cybereason's RansomFree is available to anyone free of charge, and you can get it from its official website.

5. Use firewall

Another way to protect your desktop, laptop, or tablet from malware is to use a firewall.

A firewall is a software- or hardware-based program that helps to block malicious attacks from hackers, worms, ransomware, viruses, and other types of malware trying to access your computer from the internet and local network to steal your information.

You'll find a lot of third-party security tools that provide network security protection, but Windows 10 includes a very efficient firewall built-in.

Windows Firewall is usually enabled by default, but it's important to make sure it's working correctly on Windows Defender Security Center > Firewall & network protection, and make sure that each network connection reads "Firewall is on." If it reads "Firewall is off," click the Turn on button. Or click the network connection link, and under "Windows Defender Firewall," turn on the toggle switch.

If you have a third-party solution, make sure to check your software vendor support website to learn the steps to manage your firewall.

6. Use verified apps only

We can't stress this enough. At all cost, avoid downloading and installing apps from unknown sources, always try to download software from their official websites. On Windows 10, whenever possible, only download apps from the Microsoft Store, which have been verified by Microsoft to ensure that they don't include malicious code, and they work as advertised.

If you want to take malware protection one step further, you can enable a feature on Windows 10 to block users from installing classic desktop (win32) programs outside of the Microsoft Store. This option will not only prevent anyone from getting apps from untrusted sources, but it'll also block potentially harmful programs that try to install automatically without your consent.

Alternatively, you can also use a standard user account instead of an administrator account to prevent installing harmful programs or malicious code from trying to execute code using elevated privileges.

However, if your account is the only administrator account on the computer, you don't just want to change the account type to standard. First, you want to create a new administrator account, then from the new account, you want to change your original account type to standard.

Using a limited account, you'll still be able to run applications, but you won't be able to install new programs. You'll be able to change settings, but it'll prevent you from making unwanted changes to other accounts. If a task requires administrator privileges, you'll get a User Account Control (UAC) prompt to provide the username and password of the new administrator account you created to allow the task to run.

7. Create multiple backups

One of the best ways to protect your computer and files from malware attacks is to make regular backups. If you're concern about your files getting compromised, you should always consider creating a least two backups: one to keep offline and another to keep off-site, in the cloud.

Offline backup

Your recovery plan must include a full backup of your system and data to keep offline using an external hard drive or a local network location (for example, Network-attached Storage (NAS)). This is the kind of backup that will ensure you can recover from any malware infection, errors, hardware failure, and accidents.

When it comes to protecting your data, there's no such thing as too many backups. If you can make a backup of the backup that you can store off-site, don't hesitate and just do it.

After creating a full backup, always remember to disconnect the drive and store it in a safe location, or disconnect the network location where you store the backup. This is because if the drive stays online and accessible from your device, malware can still get to it and infect those files too.

If you're running Windows 10, you don't need to get a third-party backup program, as you can use the built-in System Image Backup tool to make a copy of everything on your computer, including files, apps, settings, and Windows installation.

In addition to having a backup of your entire system, File History is another form of offline backup that you can use to create a backup of all your files locally.

Alternatively, if you don't have a lot of files, you could just copy and paste your documents on a USB flash drive regularly.

You should be making a full backup once a day, but if your files don't change very often, you should consider backing them up at least once a week. If you're dealing with business data, you should be making backups at least once or twice a day.

Online backup

An online backup is perhaps one of the best ways to protect your files against malware as well as to protect yourself from data loss as a result of accidental deletion, hard drive failure, and natural disasters.

OneDrive is the simplest online backup solution a Windows 10 user can use, but this solution should only be considered to protect files against hardware failure, theft, or natural accidents. If malware infects your files, OneDrive is likely to sync the modified files rendering them unusable.

It's worth noting that you can recover your data using Version History on OneDrive or File Restore on OneDrive for Business, but in either case, it's a tedious process as you have to recover files one at a time.

Although you can use OneDrive to protect your data, using a third-party online backup service, such as Carbonite or IDrive are more suited solutions. These services let you schedule and trigger backups on demand to prevent uploading infected or encrypted files.

The only disadvantage with most cloud storage services is that they don't offer bare-metal recovery. If that's something you must be able to do, you could create a full backup using the System Image Backup tool, for example, and then upload the package to a paid cloud storage service, such as Amazon Drive, Google Drive, etc.

8. Train yourself

The best tool to protect your system and data is yourself. Usually, a device gets infected with malware and data gets compromised as a result of someone clicking a link on a specially crafted email or a website pop-up, or someone installing an application from an untrusted source.

When checking emails, only open those emails from senders you know, or from senders you're able to identify, and then delete anything that looks suspicious. Typically, you can quickly detect spam emails because they have a lot of grammar errors and typos.

Malware can hide on pop-ups that appear on websites you visit. If the pop-up doesn't look legit, do not click the image or link, just close the window. Sometimes specially crafted pop-ups will be impossible to close, if this is the case, go ahead and just restart your device.

Only use your typical modern web browsers, such as Microsoft Edge, Google Chrome, and Mozilla Firefox. These applications are always getting updated, and they feature excellent built-in security, and most of them can warn you of a potential security problem and keep you away from unsafe websites. If you get a warning, don't try to find a way around it, as there's probably a good reason that it's not letting you load the page.

9. Dealing with a malware infection

If a virus, worm, ransomware, or another type of malware sneaks in, the first thing you want to do is to disconnect your computer from the network. You can do this by unplugging the Ethernet cable, disabling the Wi-Fi adapter, or turning off the router to prevent spreading the malware to other devices.

Then open Windows Defender Antivirus and use the offline scan feature. Alternatively, if you don't have control of your computer, on a different device, use these instructions to create a bootable media with Windows Defender to perform an offline scan to remove the threat.

Many antivirus software supports the ability to perform an offline scan. If you're using a third-party security software, check your vendor support website for the instructions on how to perform an offline scan.

If none of the steps have worked to remove the malware, then you should restore your system using the latest backup available. In the case, you only have a backup of your files, use these steps to do a clean install of Windows 10. After the installation, you'll need to reinstall your applications, re-apply settings, and restore files using the most up-to-date backup.

Finally, if you realize that these instructions are above your pay grade, or you don't have any form of backup, it's now the time to contact a computer professional for help. If you live near a Microsoft Store, you should go to the store to get help. As always, remember that you can use the Windows Central forums to post questions and seek help.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Mauro Huculak

Mauro Huculak is technical writer for His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.