Windows 10 best practices for home user?
January 12, 2017 10:21 AM Subscribe
I'm getting my first Windows machine after 5 years of using MacOS. What are current best practices for software hygiene? How do I neuter Windows 10's spyware? Do I need third party anti-virus software? Is there good maintenance software I should use from the start?
I'm a software engineer with strong opinions about operating systems and user interfaces. I'm getting a Windows machine for gaming. I'm thinking of also ditching my Mac; I only use it as a fancy terminal. 95% of my time is spent in Chrome, apps like Slack that work identically on Windows and Mac, and ssh to a Linux box. And I've been hearing good things about Ubuntu-on-Windows.
I've read how Windows 10 has a bunch of crap in it that tracks the user or tries to upsell you to Microsoft's terrible cloud services. I've seen a zillion guides for changing settings for privacy and even some recommended programs. Is there one consensus article I can follow or tool I should use? (I'm more worried about performance than privacy, fwiw.)
From what I've read most anti-virus software is now worse than the malware they claim to protect you from. Current advice seems to be that Windows Defender is sufficient. Is that true?
Is there some system management software or technique that if I use from the beginning my life is easier? Maybe Ninite or Chocolatey instead of installing apps myself? Some sort of cleaner / snapshot tool to make it easier to undo any mistakes?
(Some Metafilter resources I've read: Computer defense, New laptop best practices, Should I let Windows 10 have its way with me?. Also the profile pages for deezil and samsara.)
I'm a software engineer with strong opinions about operating systems and user interfaces. I'm getting a Windows machine for gaming. I'm thinking of also ditching my Mac; I only use it as a fancy terminal. 95% of my time is spent in Chrome, apps like Slack that work identically on Windows and Mac, and ssh to a Linux box. And I've been hearing good things about Ubuntu-on-Windows.
I've read how Windows 10 has a bunch of crap in it that tracks the user or tries to upsell you to Microsoft's terrible cloud services. I've seen a zillion guides for changing settings for privacy and even some recommended programs. Is there one consensus article I can follow or tool I should use? (I'm more worried about performance than privacy, fwiw.)
From what I've read most anti-virus software is now worse than the malware they claim to protect you from. Current advice seems to be that Windows Defender is sufficient. Is that true?
Is there some system management software or technique that if I use from the beginning my life is easier? Maybe Ninite or Chocolatey instead of installing apps myself? Some sort of cleaner / snapshot tool to make it easier to undo any mistakes?
(Some Metafilter resources I've read: Computer defense, New laptop best practices, Should I let Windows 10 have its way with me?. Also the profile pages for deezil and samsara.)
My take on best practices for privacy:
1) Windows boxes are "Wintendos": They are for playing games that won't work on another platform, and only for doing that.
2) No personally identifiable information touches Windows boxes. (Not even in a separate partition or VM container.)
3) Windows boxes go on their own VLAN, which has Internet access but is firewalled away from the stuff that does deal with personally identifiable information.
4) Nothing running Windows gets connected to a microphone or camera.
5) When in doubt, pave it and load a pristine image.
That may strike you as a bit extreme, but as I said in the "Should I let Windows 10 have its way with me?" thread,
You don't need third-party anti-virus software if you can refrain from engaging in virus-enabling behavior. This is especially true if performance matters to you.
If you use a browser on a Windows box, using a plugin like NoScript to disable scripting by default is a good idea, as is turning off (and/or not installing in the first place) things like Adobe Flash and the Java runtime. You may want to consider an ad blocker as well.
I use Windows Defender, apply vendor-provided updates in a timely manner, and run CCleaner every once in a while.
posted by sourcequench at 12:08 PM on January 12, 2017 [2 favorites]
1) Windows boxes are "Wintendos": They are for playing games that won't work on another platform, and only for doing that.
2) No personally identifiable information touches Windows boxes. (Not even in a separate partition or VM container.)
3) Windows boxes go on their own VLAN, which has Internet access but is firewalled away from the stuff that does deal with personally identifiable information.
4) Nothing running Windows gets connected to a microphone or camera.
5) When in doubt, pave it and load a pristine image.
That may strike you as a bit extreme, but as I said in the "Should I let Windows 10 have its way with me?" thread,
Regardless of setting, "telemetry" can send arbitrary files to and retrieve arbitrary files from your PC, and execute arbitrary commands. You have Microsoft's vague assurances that they have controls in place to prevent abuse, but you cannot opt out through any official means.While you can and should follow the Lifehacker list (or similar guides, all of which amount to "turn off all the options under privacy settings, turn off Cortana and uninstall OneDrive), you cannot neuter the spyware in any way that is permanent or completely effective.
You don't need third-party anti-virus software if you can refrain from engaging in virus-enabling behavior. This is especially true if performance matters to you.
If you use a browser on a Windows box, using a plugin like NoScript to disable scripting by default is a good idea, as is turning off (and/or not installing in the first place) things like Adobe Flash and the Java runtime. You may want to consider an ad blocker as well.
I use Windows Defender, apply vendor-provided updates in a timely manner, and run CCleaner every once in a while.
posted by sourcequench at 12:08 PM on January 12, 2017 [2 favorites]
DisableWinTracking kills most of Microsoft's phoning home.
> You don't need third-party anti-virus software if you can refrain from engaging in virus-enabling behavior
Even if you don't engage in virus-enabling behavior, sources you trust might get infected.
> If you use a browser on a Windows box, using a plugin like NoScript to disable scripting by default is a good idea, as is turning off (and/or not installing in the first place) things like Adobe Flash and the Java runtime. You may want to consider an ad blocker as well.
For Firefox, there are extensions like RequestPolicy or Policeman that allow fine-tuning the running of scripts and whatnot from whatever source on whatever site, essentially making running different plugins for scripts, ads etc redundant. Usability might suffer, YMMV...
posted by farlukar at 12:34 PM on January 12, 2017
> You don't need third-party anti-virus software if you can refrain from engaging in virus-enabling behavior
Even if you don't engage in virus-enabling behavior, sources you trust might get infected.
> If you use a browser on a Windows box, using a plugin like NoScript to disable scripting by default is a good idea, as is turning off (and/or not installing in the first place) things like Adobe Flash and the Java runtime. You may want to consider an ad blocker as well.
For Firefox, there are extensions like RequestPolicy or Policeman that allow fine-tuning the running of scripts and whatnot from whatever source on whatever site, essentially making running different plugins for scripts, ads etc redundant. Usability might suffer, YMMV...
posted by farlukar at 12:34 PM on January 12, 2017
Windows Defender is good, I've never had it try to upsell me, the 'disablewintracking' plugin does a good job. Gaming in 2016 presumes a high level of connectivity so making your windows box completely standalone is possible but will lead to inconvenience.
posted by Sebmojo at 2:31 PM on January 12, 2017
posted by Sebmojo at 2:31 PM on January 12, 2017
Response by poster: Yeah I may have overstated my privacy needs. NoScript, for instance, is way too much hassle, but I do use uBlock. I intend to move into the machine as my primary computer with all my browser logins, etc.
In Windows 10 I'm mostly worried about the complexity of tracking. There has to be overhead not to mention security risk. DisableWinTracking looks like the kind of tool I'm asking for and this Lifehacker article is good reading.
posted by Nelson at 2:43 PM on January 12, 2017
In Windows 10 I'm mostly worried about the complexity of tracking. There has to be overhead not to mention security risk. DisableWinTracking looks like the kind of tool I'm asking for and this Lifehacker article is good reading.
posted by Nelson at 2:43 PM on January 12, 2017
What are current best practices for software hygiene?
Not sure exactly what you mean here. Windows still suffers from a bit of software entropy, but it's much, much less of an issue than it used to be. Anecdotally, it's not dissimilar to MacOS at this point. Don't install a bunch of apps if you don't need them. Run an adblocker and antimalware blocker in your browser. Keep your apps up to date (Secunia PSI is great for this). Don't turn off UAC (you're asking to get broken into here). Watch out for phishing messages. Be cautious about visiting seedy websites.
How do I neuter Windows 10's spyware?
No one has proven that Microsoft is taking anything they shouldn't be. It's all supposition and paranoia. You can certainly download a utility that checks all the correct boxes to turn specific settings off. I do that. But if you believe that Microsoft is secretly watching you, why would you believe a combination of check boxes and DNS entries would stop them? Similarly, if the NSA or FSB wants into your machine, they're probably going to get into it no matter what you do.
Do I need third party anti-virus software?
No. Just use Windows Defender.
Is there good maintenance software I should use from the start?
Secunia PSI keeps apps up to date. Security suites are mostly a waste of time and money.
Microsoft's terrible cloud services.
Microsoft's cloud services, are generally pretty good. Their online versions of Office are far better than Google Docs/Sheets, for one. If you don't want them, don't buy them. I HATE ads, and I don't notice this at all day to day.
Maybe Ninite or Chocolatey instead of installing apps myself?
Ninite is pretty cool and can save you time. Chocolatey I haven't used.
Some sort of cleaner / snapshot tool to make it easier to undo any mistakes?
I haven't found this necessary, personally. And if my machine got infected with anything even semi-serious, I would wipe it no matter what.
posted by cnc at 11:06 PM on January 12, 2017 [2 favorites]
Not sure exactly what you mean here. Windows still suffers from a bit of software entropy, but it's much, much less of an issue than it used to be. Anecdotally, it's not dissimilar to MacOS at this point. Don't install a bunch of apps if you don't need them. Run an adblocker and antimalware blocker in your browser. Keep your apps up to date (Secunia PSI is great for this). Don't turn off UAC (you're asking to get broken into here). Watch out for phishing messages. Be cautious about visiting seedy websites.
How do I neuter Windows 10's spyware?
No one has proven that Microsoft is taking anything they shouldn't be. It's all supposition and paranoia. You can certainly download a utility that checks all the correct boxes to turn specific settings off. I do that. But if you believe that Microsoft is secretly watching you, why would you believe a combination of check boxes and DNS entries would stop them? Similarly, if the NSA or FSB wants into your machine, they're probably going to get into it no matter what you do.
Do I need third party anti-virus software?
No. Just use Windows Defender.
Is there good maintenance software I should use from the start?
Secunia PSI keeps apps up to date. Security suites are mostly a waste of time and money.
Microsoft's terrible cloud services.
Microsoft's cloud services, are generally pretty good. Their online versions of Office are far better than Google Docs/Sheets, for one. If you don't want them, don't buy them. I HATE ads, and I don't notice this at all day to day.
Maybe Ninite or Chocolatey instead of installing apps myself?
Ninite is pretty cool and can save you time. Chocolatey I haven't used.
Some sort of cleaner / snapshot tool to make it easier to undo any mistakes?
I haven't found this necessary, personally. And if my machine got infected with anything even semi-serious, I would wipe it no matter what.
posted by cnc at 11:06 PM on January 12, 2017 [2 favorites]
This thread is closed to new comments.
http://lifehacker.com/5717628/set-up-and-get-to-know-your-new-windows-pc
posted by Leontine at 11:29 AM on January 12, 2017 [1 favorite]