Improving on Windows 11 Threat Protection

Reading Time: 5 minutes

There’s always been two tribes when it comes to computing device preferences, and you’re either a Mac or a PC. Those who prefer Macs will usually have a long list of reasons why they prefer to them, and some will point out their perception of more solidity when it comes to defending against web-based threats. They’re ones you are not going to be able to steer clear of if you’re accessing the web, and that’s why robust virus threat protection and other types of protection are super important no matter when type of device you’re using.

Whether Macs are more secure than PCs certainly hasn’t been proven definitively, and people who prefer PCs will have their own long list of reasons as to why they prefer them. Neither type is completely impervious to threats of these sorts, but recently a lot has been made about the shortcomings of Windows 11 when it comes to device security. Here at 4GoodHosting we are definitely attuned to how this is a top priority for a lot of people, and like any other Canadian web hosting provider we can relate to how it’s not something your brush aside if operating your business means collecting and retaining sensitive data.

Which leads us to the good news we’re choosing to dedicate this week’s entry to – there are ways that users can improve threat protection for Windows 11 devices and they are not overly challenging, even for people who aren’t the most tech savvy.

Minimal Protection Built In

Windows 11 is an upgrade on its predecessor when it comes to devices security, and particularly with TPM and Secure Boot plus the guarantee of future security updates that come with them. The problems is that TPM and Secure boot only protect against two types of threats, and the effectiveness of it is entirely related to hardware configuration. If detection can’t be done based on the signature of the BIOS drivers and their relation to the OS then you’re out of luck when it comes to threat detections.

So here are the threats, and what you can do to improve security on a Windows 11 device to defend against each of them more effectively:

  1. Social Engineering

Actions taken on your PC determine your level of risk. Clicking on links, downloading files, installing programs or plugging in external USB drives without using caution and judgment isn’t wise. Doing so can create the problems that security hardware and software try to shield you from. And just because you received it from a trusted source doesn’t mean the link, program, or drive itself is to be trusted.

The same can be said for making personal information available, like your birth date, location, phone number, social security number, and so on. This is because it can be used to gain unauthorized access. And many times when something does occur the biggest part of the headaches is in how that access is to your linked Microsoft account and other services. You should also be sure to not store certain kinds of sensitive information in a non-encrypted file (e.g., Word doc) or share it via non-encrypted forms of communication – email or text message.


  1. Viruses and malware

Malware can be a major source of problems for devices run on Windows 11, and the truth here is that the best defense against those threats is to be careful with your daily routine. But you will still need quality antivirus software for Windows 11, and Windows Security is functional enough as Microsoft’s packaged solution coming with the operating system. For basic internet security it’s fine, but for anyone who’s usage needs or inclinations have them more exposed to threats it is just not sufficient enough.

Choosing to install 3rd-party software is an option, but you may not need to assume that expense. Some people choose to augment Windows Security with a more malware-specific program that provides a little more protection. Don’t go overboard with layering them though, as they can end up conflicting with each other and being less effective as a result.

  1. Open Incoming Ports

With Windows 11 the user will need to keep access to incoming ports blocked in order to prevent being exploited through them. But going with no firewall on your PC is the same as leaving a house with all of its doors not only unlocked, but actually wide open. When incoming ports are left completely exposed anyone on the internet can then attempt to exploit services on your computer available through those ports. When that happens successfully, you’re going too have problems.

The firewall will close them up and many home routers have a built-in hardware firewall. However, you can’t fully rely on them and individual device protection is needed to go along with network-oriented protection. Windows 11 provides sufficient built-in firewall protection, but you need to make sure it is turned on in the Windows Security app.

  1. Data Leaks

It is actually impossible to entirely stop data from being leaked onto the web, and the reality is breaches and leaks are an unavoidable part of life. Windows 11 may have an acceptable level of security, but if the password you have for your linked Microsoft account is the same one used for other services then the basic protections that come with the OS aren’t going to save you from unauthorized account access.

Piece of advice #1 here is not to reuse passwords. And when creating them you should come up with a strong, random, and unique password for every service and website used, plus immediately changing your password for any location where there’s been a breach or leak. Password managers are a good choice – they can keep track of all of those random character strings in a way that’s safe and you don’t need to remember them individually.

Two-factor authentication is also good for beefing up defenses against data leaks. It may be the second step to the login process is what ends up thwarting attempts to access your account. The most secure method is a hardware dongle, but most of you will determine using a mobile app that generates a code provides an ideal balance between security and convenience.

  1. Spying on your Internet Traffic

Every network will have the data being requested and sent to individual devices on display if the individual knows where to look (packet sniffing). When a network is more open it is easier for this to happen. Public Wi-Fi networks are the worst for this risk, and particularly when data in not encrypted. In that scenario the exact information you’re transmitting may be visible too and that can be a big problem obviously.

If data being transmitted is sensitive, then a VPN is the best choice. It will create a secure tunnel that your traffic is funneled through. Use a VPN on your devices when on public Wi-Fi networks and you’ll be MUCH better protected.

Post Navigation