Skip to main content

7 tips to keep your Windows PC protected against malware

The internet has already become part of our daily lives — be it searching, shopping, connecting with family and friends, and so much more. Our computers contain valuable personal information than ever, and more and more they're the targets of malicious actors. If you don't take steps to protect your computer and data, you're leaving the door wide-open to malware and hackers that will steal your data and take over your computer.

While viruses remain one of the most common forms of malware threats, ransomware attacks have spiked in recent years. This kind of malware locks your computer by encrypting all of your files and demanding that you pay a ransom, typically in Bitcoin, to unlock it all. The WannaCry attack is a perfect example of ransomware — it wreaked havoc hundreds of thousands of Windows computers around the world in a matter of days.

In this guide, we'll walk you through seven tips you can use to keep your computer and data protected against malware, including viruses, ransomware, worms, Trojans, spyware, adware, and other malicious programs.

1. Backup, backup, backup

One of the best ways to protect your computer and data from malware attacks is to make regular backups. You should always create at least two backups: one to keep offline and another to keep in the cloud.

Have an offline backup

Your recovery plan must include a full backup of your system and data to keep offline using an external hard drive or in a local network location (e.g. Network-attached Storage (NAS)). This is the kind of backup that will ensure you can recover from any malware, hardware failure, errors, and natural accidents.

Remember that there is no such as thing as enough backup. If you can make a backup of the backup that you can store offsite, do it.

After creating a backup, always disconnect the external drive and store it in a safe location, or disconnect the network location where you store the backup because if the drive stays online and accessible from your computer, a malware can still infect those files.

While you can always use third-party tools, on Windows 10, Windows 8.1, and Windows 7, you can create a full backup using the System Image Backup tool to make a copy of your entire machine, including files, settings, apps, and OS installation.

File History is a good example of a tool to create a backup of your files. You can use this feature on Windows 10, Windows 8.1, and Windows 7. However, it appears that this feature may disappear for Windows 10 users starting with the Fall Creators Update.

Alternatively, if you don't have a lot of files, you could just make regular copies of your documents on a USB flash drive.

If you're a home user and files don't change very often, you should at least be making a backup once a week. On the other hand, if you're dealing with business files, you should be making backups at least once or twice a day.

Online backup

There are many ways to make backups online. OneDrive is a common example of online backup, but this solution should only be considered to protect your data against hardware failure, theft, or natural accidents. If your device gets infected with a ransomware or another type of malware, OneDrive is likely to sync the changes making those files stored in the cloud unusable.

A better solution includes subscribing to a third-party online backup service, such as CrashPlan or IDrive that allow you to schedule or trigger backups on demand to prevent syncing infected or encrypted files.

The only caveat is that most cloud storage services don't offer bare-metal recovery. If that's something you need, you could create a full backup like you would normally do and then upload the package to a paid cloud storage service, such as Amazon Drive (opens in new tab), Google Drive, etc.

2. Update Windows and software

It's crucial to always install the latest updates for Windows and other software.

Companies like Microsoft and others are regularly releasing updates to patch potential vulnerabilities that can be exploited by hackers.

In the case of the WannaCry attack, many computer systems could have been saved from the malware, if companies cared enough to install the patch issued by Microsoft months before the attack.

Starting with Windows 10, updates download and install automatically, because now they're mandatory. However, you can always make sure your system is up to date on Settings > Update & security > Windows Update, and clicking the Check for updates button.

On devices with Windows 8.1 or Windows 7, Windows Update could be disabled or not working, you can check on Control Panel > System and Security > Windows Update, turn on the feature and check for updates as necessary.

Windows 7 update prompt (Image credit: Windows Central)

In addition to keep Windows up to date, you also need to make sure to periodically install software updates. If you're running Windows 10, apps your install from the Windows Store will automatically update. However, traditional desktop application may have different update mechanisms, as such make sure to check your software vendor support website for the steps to keep your software up to date.

3. Upgrade to Windows 10

It's just simple math: older versions of Windows are more vulnerable than newer versions. New releases of Windows always include security improvements, and over time removes or updates features that may have become vulnerable.

If you're running Windows 8.1 or Windows 7, you should consider upgrading to Windows 10, as it's not only more secure, but you can also take advantage of a lot of new features and more frequent updates with new improvements. (Are you still running Windows Vista? No problem, we got you covered with the upgrade instructions in this guide.)

4. Use a firewall

A firewall is a software- or hardware-based application that helps to block malicious attacks from hackers, worms, ransomware, viruses, and other types of malware trying to access your computer from the internet to steal your information.

You can always install and configure third-party security tools, but Windows 10, Windows 8.1, and Windows 7 include a very efficient firewall out-of-the-box.

Windows Firewall is usually enabled by default, but it's important to make sure it's working correctly on Control Panel > System and Security > Windows Firewall. Then click on the Turn Windows Firewall on or off link on the left pane, and make sure to select Turn on Windows Firewall for both private and public networks.

If you have a third-party solution, make sure to check your software vendor support website to learn the steps to manage their firewall.

BitDefender

5. Install an antivirus solution

Nowadays, it's essential to have an antivirus installed on your computer to detect and remove malware before they can compromise your data, slow down or crash your device.

However, it's not just about installing the security software and forgetting about it. You must also keep it up to date to stay protected from the latest viruses, worms, ransomware, and other threats.

Windows 10 users by default are protected with the Windows Defender Antivirus, which not only offers great real-time protection against viruses, spyware, worms, Trojans, and rootkits, but it's also capable of detecting and removing ransomware like WannaCry. (It should be noted that Windows 8.1 can also take advantage of Windows Defender Antivirus for free, and Windows 7 users can install Security Essentials (opens in new tab).)

If you want even more protection, it's also possible to change the Windows Defender Antivirus cloud-protection level on Windows 10.

Of course, you can opt to use any antivirus you like -- just make sure it comes from a trusted name. If you don't know which one to get, check our list of recommended antivirus for Windows.

In the case, you're looking to get some extra protection against ransomware; you can also try security software specialized on this kind of malware, such as RansomFree.

RansomFree is a relatively new security software from Cybereason that doesn't use traditional definition updates. Instead, it uses behavioral system analysis to prevent ransomware from taking over your computer.

Once installed, the software will stop any suspicious activity. Then you'll be prompted to allow or deny the activity. If you deny the activity, then RansomFree will send it to quarantine.

You can learn more and download a free copy at Cybereason.

6. Stay one step ahead

The best security software is yourself. Usually, a computer gets infected with malware because someone clicked a specially crafted email attachment, web pop-up, or installed an application from an untrusted source.

When checking emails, only open those emails from senders you know, or from senders you're able to identify, and then delete anything that looks suspicious. Typically, you can quickly spot spam emails because they have a lot of grammar errors and typos.

Other times a malware can hide on pop-ups when you visit a website. If the pop-up doesn't look legit, do not click the image or links, just close the window. If it's impossible to close the window, simply reboot your computer.

Use only modern web browsers, such as Microsoft Edge, Google Chrome, and Mozilla Firefox. These applications have been evolving a lot in the past years, and they have good security built-in, and they're capable of warning you of potential unsafe websites.

Avoid downloading and installing apps from unknown sources, always try to download the bits from the original source. If you're running Windows 10, whenever possible only download apps from the Windows Store, which have been verified by Microsoft for security.

7. What to do if your computer gets infected

Here are a few things you can do to recover your system from a malware infection.

In the case, your computer gets infected with a virus, worm, ransomware, or another type of malware, the first thing you want to do is to physically disconnect the device from the network and turn off the PC's Wi-Fi to prevent the malware from spreading (or, if you can't do that, kill either remove it from the range of your Wi-Fi or turn off the router until you've killed the infection).

If you're able to control your computer, use the Windows Defender Antivirus offline scan option. Alternatively, you can create a bootable media with Windows Defender Antivirus to perform an offline scan.

In the case, you're using a different antivirus, check your software support website for instructions to perform an offline scan.

If you're unable to remove the malware, it's time to restore your system from backup. If you only have a backup of your data, you can perform a clean install of Windows 10, and then restore your files from backup. Additionally, you'll need to reconfigure your user experience and reinstall previously installed applications.

In the case, you're not up to the challenge, or you don't have a backup of any kind, you'll be better off contacting a computer professional for help. Of course, if you have any questions, you can always seek for help in the Windows Central forums.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

17 Comments
  • I have over 7 TB of image files. That is IMPOSSIBLE to backup to the cloud. The cost would be insane not to mention the amount of time to transfer the data.
    What I do instead is keep all of my image files on removable drives. These drives are indexed in ACDSEE and when I need a particular image, it is simple to look up what drive it is on and simply insert that drive into my docking station.
    As the drives are never connected full time to my system, there is little to no risk of them becoming compromised by malware.
    Documents are stored locally and backed up to OneDrive as well as on a separate external backup drive. Backups are made whenever a file is added or modified.
    I also have a clone of my system drive that is updated with every major change to my system. It takes about 15 minutes to clone my drive and if I am ever infected, or have a drive failure, it would take me less than 5 minutes to replace the drive and get back up and running.
    Hard drives are cheap and so are external docking stations. Combined with a free imaging software you have a backup solution that cannot be topped by any cloud storage option.
  • Another tip is to install an ad blocker in your browser to stop malvertising campaigns in their tracks (these can get you even if you visit a well known site). uBlock Origin is widely considered the best choice for this task (it's available on Chrome, Firefox and Edge).
  • Sadly, many sites frown upon adblockers even though malvertising is a problem.
  • Windows 7 doesn't have an AV built in and the version of Windows Defender installed by default is only anti-spyware. In this case I'd recommend Microsoft Security Essentials as it's now decent in protection as far as I know, it's free, and it doesn't bog down the system nor does it annoy you with unnecessary popups (except when you're infected.) Also, for ransomware prevention, I'd recommend something that doesn't have to be running all the time to prevent ransomware from running such as CryptoPrevent. I don't know how RansomFree works as I haven't used it, so it could work in the same way except with features that do require it to be running just like CryptoPrevent's automatic KillAll feature. (I think CryptoPrevent has to be running for the honeypot files to work properly, but I'm not sure.)
  • RansomeFree creates folders with file honeypots on your system if any of those files it modified in any way the program alerts you what process is causing it and gives you the chance to stop the process before it can encrypt the files. Sounds like they both work via similar means.
  • You are missing "Don't run your daily account with Admin rights". You should have a second account for anything that needs to change the system.
    https://blogs.msdn.microsoft.com/aaron_margosis/2004/06/17/why-you-shoul...  
  • And if you set a PIN for administrator, it's takes a second to gain elevated privileges should you need it.
  • YOU FORGOT "GET RID OF WINDOWS AND INSTALL LINUX"!!!! (just kidding) 
  • As a last measure of defense, Linux is worthy enough OS to switch. Alternatively, dual boot Windows and Linux. Keep your browsing activity and online activity on Linux and gaming/productivity on Windows. As for backup, Macrium reflect free version is very good. EMET is a good tool for Win 7,Win 8.1 and 10. Always keep a copy of LiveCD from Kaspersky or Dr. Web burned to usb, so in an event of ransomware attack you can use the LiveCD to clear out malware.
  • Oh I know I was just l messing around ;-)
  • If online browsing is all you want. A Linux VM inside windows would work, since you will not likely notice the performace penalty..unless you have a very old computer.
  • Hard drive space is so cheap these days (including SSD), I find the easiest way it to take a disk copy of the primary drive and then keep it disconnected from the PC once complete. I use Casper from https://www.fssdev.com/ personally, but there are many like this that will take a disk image without having to reboot to safe mode of dos anymore. So I just connect my external SSD drive, copy the disk, and then disconnect the drive again. Keep an emergency Casper boot disk, if you lose your drive from a virus, then wipe it, attach the external drive and copy it back to your primary drive..... Naturally for day to day file changes, a cloud drive is ok to use. I attach my drive about once every 2 weeks and then update the disk copy. Its my way, but I do find it works well and is not very time consuming. An SSD to SSH drive copy is very fast.
  • That screenshot of Windows Update makes me miss Windows 7. Hurry up fluent design system, been missing Aero on my Surface Pro.
  • Hey Mauro, do you think that the Cybereason RansomFree is safe to install? Because when I downloaded it, My web browser said that "this type of file can harm your computer"... blah blah. Have you tried it yourself?
  • I have installed it without problems. Though, I haven't come across suspicious activities yet (Knocking on wood that never happens). It should be OK to install. This company is fairly new. If you're skeptical, just give a search online for RansomFree, specially in the Google News section. Thanks,
  • Malwarebytes: Anti Spyware & Anti Exploit has been the best for me for a very long time. I have saved so many people and left them happy after introducing them to these 2 products.
    CCleaner is another handy utility.
    In free editions though, people have to manually care for their systems.
    It works, but they have to have strong habits to keep themselves from worry.
    Paid editions, handle everything automatically and hassle free.
    The biggest problem most users have is system updates occurring so frequently and time consuming and resource hungry, they abandoned the PC completely for a tablet or a Firestick. The PC OS demands have quite simply become too time consuming to maintain breaking peoples concentration on the task at hand, or making them seem foolish when trying to make a point. It is becoming increasingly embarrassing for people.
  • This screenshot of Windows Update reminds me Windows 7. Hurry up the stunning design system, the aero is looping on my surface pro. https://newzealand.babasupport.org/