7 tips to keep your Windows PC protected against malware

The internet has already become part of our daily lives — be it searching, shopping, connecting with family and friends, and so much more. Our computers contain valuable personal information than ever, and more and more they're the targets of malicious actors. If you don't take steps to protect your computer and data, you're leaving the door wide-open to malware and hackers that will steal your data and take over your computer.

While viruses remain one of the most common forms of malware threats, ransomware attacks have spiked in recent years. This kind of malware locks your computer by encrypting all of your files and demanding that you pay a ransom, typically in Bitcoin, to unlock it all. The WannaCry attack is a perfect example of ransomware — it wreaked havoc hundreds of thousands of Windows computers around the world in a matter of days.

In this guide, we'll walk you through seven tips you can use to keep your computer and data protected against malware, including viruses, ransomware, worms, Trojans, spyware, adware, and other malicious programs.

1. Backup, backup, backup

One of the best ways to protect your computer and data from malware attacks is to make regular backups. You should always create at least two backups: one to keep offline and another to keep in the cloud.

Have an offline backup

Your recovery plan must include a full backup of your system and data to keep offline using an external hard drive or in a local network location (e.g. Network-attached Storage (NAS)). This is the kind of backup that will ensure you can recover from any malware, hardware failure, errors, and natural accidents.

Remember that there is no such as thing as enough backup. If you can make a backup of the backup that you can store offsite, do it.

After creating a backup, always disconnect the external drive and store it in a safe location, or disconnect the network location where you store the backup because if the drive stays online and accessible from your computer, a malware can still infect those files.

While you can always use third-party tools, on Windows 10, Windows 8.1, and Windows 7, you can create a full backup using the System Image Backup tool to make a copy of your entire machine, including files, settings, apps, and OS installation.

File History is a good example of a tool to create a backup of your files. You can use this feature on Windows 10, Windows 8.1, and Windows 7. However, it appears that this feature may disappear for Windows 10 users starting with the Fall Creators Update.

Alternatively, if you don't have a lot of files, you could just make regular copies of your documents on a USB flash drive.

If you're a home user and files don't change very often, you should at least be making a backup once a week. On the other hand, if you're dealing with business files, you should be making backups at least once or twice a day.

Online backup

There are many ways to make backups online. OneDrive is a common example of online backup, but this solution should only be considered to protect your data against hardware failure, theft, or natural accidents. If your device gets infected with a ransomware or another type of malware, OneDrive is likely to sync the changes making those files stored in the cloud unusable.

A better solution includes subscribing to a third-party online backup service, such as CrashPlan or IDrive that allow you to schedule or trigger backups on demand to prevent syncing infected or encrypted files.

The only caveat is that most cloud storage services don't offer bare-metal recovery. If that's something you need, you could create a full backup like you would normally do and then upload the package to a paid cloud storage service, such as Amazon Drive, Google Drive, etc.

2. Update Windows and software

It's crucial to always install the latest updates for Windows and other software.

Companies like Microsoft and others are regularly releasing updates to patch potential vulnerabilities that can be exploited by hackers.

In the case of the WannaCry attack, many computer systems could have been saved from the malware, if companies cared enough to install the patch issued by Microsoft months before the attack.

Starting with Windows 10, updates download and install automatically, because now they're mandatory. However, you can always make sure your system is up to date on Settings > Update & security > Windows Update, and clicking the Check for updates button.

On devices with Windows 8.1 or Windows 7, Windows Update could be disabled or not working, you can check on Control Panel > System and Security > Windows Update, turn on the feature and check for updates as necessary.

Windows 7 update prompt (Image credit: Windows Central)

In addition to keep Windows up to date, you also need to make sure to periodically install software updates. If you're running Windows 10, apps your install from the Windows Store will automatically update. However, traditional desktop application may have different update mechanisms, as such make sure to check your software vendor support website for the steps to keep your software up to date.

3. Upgrade to Windows 10

It's just simple math: older versions of Windows are more vulnerable than newer versions. New releases of Windows always include security improvements, and over time removes or updates features that may have become vulnerable.

If you're running Windows 8.1 or Windows 7, you should consider upgrading to Windows 10, as it's not only more secure, but you can also take advantage of a lot of new features and more frequent updates with new improvements. (Are you still running Windows Vista? No problem, we got you covered with the upgrade instructions in this guide.)

4. Use a firewall

A firewall is a software- or hardware-based application that helps to block malicious attacks from hackers, worms, ransomware, viruses, and other types of malware trying to access your computer from the internet to steal your information.

You can always install and configure third-party security tools, but Windows 10, Windows 8.1, and Windows 7 include a very efficient firewall out-of-the-box.

Windows Firewall is usually enabled by default, but it's important to make sure it's working correctly on Control Panel > System and Security > Windows Firewall. Then click on the Turn Windows Firewall on or off link on the left pane, and make sure to select Turn on Windows Firewall for both private and public networks.

If you have a third-party solution, make sure to check your software vendor support website to learn the steps to manage their firewall.


5. Install an antivirus solution

Nowadays, it's essential to have an antivirus installed on your computer to detect and remove malware before they can compromise your data, slow down or crash your device.

However, it's not just about installing the security software and forgetting about it. You must also keep it up to date to stay protected from the latest viruses, worms, ransomware, and other threats.

Windows 10 users by default are protected with the Windows Defender Antivirus, which not only offers great real-time protection against viruses, spyware, worms, Trojans, and rootkits, but it's also capable of detecting and removing ransomware like WannaCry. (It should be noted that Windows 8.1 can also take advantage of Windows Defender Antivirus for free, and Windows 7 users can install Security Essentials.)

If you want even more protection, it's also possible to change the Windows Defender Antivirus cloud-protection level on Windows 10.

Of course, you can opt to use any antivirus you like -- just make sure it comes from a trusted name. If you don't know which one to get, check our list of recommended antivirus for Windows.

In the case, you're looking to get some extra protection against ransomware; you can also try security software specialized on this kind of malware, such as RansomFree.

RansomFree is a relatively new security software from Cybereason that doesn't use traditional definition updates. Instead, it uses behavioral system analysis to prevent ransomware from taking over your computer.

Once installed, the software will stop any suspicious activity. Then you'll be prompted to allow or deny the activity. If you deny the activity, then RansomFree will send it to quarantine.

You can learn more and download a free copy at Cybereason.

6. Stay one step ahead

The best security software is yourself. Usually, a computer gets infected with malware because someone clicked a specially crafted email attachment, web pop-up, or installed an application from an untrusted source.

When checking emails, only open those emails from senders you know, or from senders you're able to identify, and then delete anything that looks suspicious. Typically, you can quickly spot spam emails because they have a lot of grammar errors and typos.

Other times a malware can hide on pop-ups when you visit a website. If the pop-up doesn't look legit, do not click the image or links, just close the window. If it's impossible to close the window, simply reboot your computer.

Use only modern web browsers, such as Microsoft Edge, Google Chrome, and Mozilla Firefox. These applications have been evolving a lot in the past years, and they have good security built-in, and they're capable of warning you of potential unsafe websites.

Avoid downloading and installing apps from unknown sources, always try to download the bits from the original source. If you're running Windows 10, whenever possible only download apps from the Windows Store, which have been verified by Microsoft for security.

7. What to do if your computer gets infected

Here are a few things you can do to recover your system from a malware infection.

In the case, your computer gets infected with a virus, worm, ransomware, or another type of malware, the first thing you want to do is to physically disconnect the device from the network and turn off the PC's Wi-Fi to prevent the malware from spreading (or, if you can't do that, kill either remove it from the range of your Wi-Fi or turn off the router until you've killed the infection).

If you're able to control your computer, use the Windows Defender Antivirus offline scan option. Alternatively, you can create a bootable media with Windows Defender Antivirus to perform an offline scan.

In the case, you're using a different antivirus, check your software support website for instructions to perform an offline scan.

If you're unable to remove the malware, it's time to restore your system from backup. If you only have a backup of your data, you can perform a clean install of Windows 10, and then restore your files from backup. Additionally, you'll need to reconfigure your user experience and reinstall previously installed applications.

In the case, you're not up to the challenge, or you don't have a backup of any kind, you'll be better off contacting a computer professional for help. Of course, if you have any questions, you can always seek for help in the Windows Central forums.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.