It’s often said that Windows has become bloated and full of unnecessary things over the years, but many of the things that have been added to the operating system do play a vital role. Specifically, a lot of capabilities have been added that help keep your PC safe in one way or another. It’s easy to forget how much Windows 11 tries to do to keep users safe, so let’s taker a look at some of the features included that help keep your computer and data out of harm’s way.
10 Microsoft Defender firewall and antivirus
The basics
Starting with the most obvious thing right out of the gate, we have Microsoft Defender, which used to be called WIndows Defender. Back in the day, Windows Defender was just a firewall, and it had a pretty poor reputation, but these days, if your internet usage is relatively cautious, this is really all you need in terms of an antivirus solution.
The firewall is a piece of software that block potentially unsafe connections so you don’t get attacked by potential bad actors. Meanwhile, the antivirus is responsible for detecting and eliminating threats already on your computer. Both provide real-time protection against major threats, but you can also run manual scans at any time to make sure nothing has found its way into your PC.
9 Secure Boot
Prevent malware at startup
Secure Boot is a security feature that isn’t necessarily exclusive to Windows (in fact, it’s not really part of Windows), but it’s most often associated with Microsoft’s OS, and it’s a controversial one depending on the kind of user you are. Secure Boot essentially ensures that only trusted software can start with the system, so any program that attempts to boot with the computer needs to be on an approved list.
This helps ensure malware can’t be deep-rooted into your system, but that comes at the cost of a lot of non-Windows software potentially not being allowed. Specifically, Secure Boot isn’t compatible with a lot of Linux distributions, because many of them aren’t on the list of allowed software that Secure Boot checks against. Thus, dual-booting certain Linux distributions may require you to turn Secure Boot off, which can put you at risk if you’re not careful.
8 Reputation-based protection
Only install trustworthy apps
Reputation-based protection is a subset of Windows Security, much like Microsoft Defender, and this set of features focuses on protecting your PC from potentially untrusted software. One feature you may have heard of is SmartScreen, which often pops up when you try to run an executable file you downloaded. SMartScreen checks whether a given app is recognized as trustworthy and warns you if there’s a chance that it may not be.
Otherwise, reputation-based protection can also protect you against phishing attacks in Windows. If a malicious website tries to disguise itself as a familiar platform, such as a Microsoft sign-in page, Windows can warn you that your data isn’t being sent to the location you may expect, preventing potential identity theft attacks.
7 Core isolation
The Windows kernel is safe
Core isolation is another important security feature in Windows that tries to protect the integrity of the operating system. Most of what this does isn’t visible to the user, but essentially, this feature isolates the Windows kernel so that any potentially malicious attackers can’t compromise the integrity of the system and cause you to lose all your data. It relies on virtualization technology to create a sandbox for the Windows kernel, similar to how a virtual machine is isolated from the host system.
6 Smart App Control
Only trusted apps can go through
Similar to reputation-based protection, Smart App Control tries to protect your PC based on whether a given app should be trusted by the user. Smart App Control uses a continuously updates mix of signals to determine whether a given app is trustworthy, and if it’s not, that app is blocked.
This feature is actually adaptive, in that when you initially set up your computer, it will monitor your general app usage to determine whether certain apps should be blocked, or if it’s best to turn off app control so users can use their PC more freely. Once it’s turned off, though, Smart App Control can’t be turned back on without resetting your PC.
5 Find my device
Less worrying about losing your PC
Few feelings are worse than realizing you’ve left your valuable laptop somewhere else and you now have no way to retrieve it or any idea where it even is. Thankfully, Find my device can help with that last part. This allows your computer to report its location to the internet, so that if you forget the laptop somewhere after using it or someone snags it, you can sign in to your Microsoft account on a different PC and check where the laptop was last seen.
This isn’t as useful on a computer as it would be on a phone since it requires an internet connection, but if your PC has cellular connectivity, then this can be especially useful.
4 Windows Hello
Secure and convenient
Biometric authentication in laptops wasn’t new when Microsoft introduced Windows Hello with the launch of Windows 10, but this feature completely changed the game for Windows PCs. Before, this was a premium feature only available on a select few laptops, and the implementations weren’t consistent. Windows Hello forced a unified standard and UI that made it easier for everyone to secure their PC.
Windows Hello allows you ti unlock your PC more conveniently than using a password. The basic method is using a simple PIN, which is already more secure than using your Microsoft account password, since this way you can only compromise a single device rather than the entire account. But you can also use a fingerprint reader or an infrared camera to scan your biometric data and unlock your PC only when you’re the one trying to use it. It even supports using USB security keys if you prefer that. It’s a great combination of security and convenience.
3 Presence sensing
Keep strangers out of your computer
Source: Microsoft
A relatively new feature in Windows, presence sensing is another way in which your computer can prevent others from accessing your data. By detecting whether you’re in front of the computer, Windows can automatically lock the operating system right away, so no one can come in after you and try to access your data when you’re not looking.
Presence sensing requires dedicated hardware, though, and not many laptops offer this options just yet. However, you’ll probably see this become more common in the coming years.
2 Windows Sandbox
A safe environment to play around in
As much as you might want your computer to be safe, sometimes it’s hard not to resist the temptation to try an app you might not be familiar with or that comes with some serious risks (such as apps early in development). Windows Sandbox is a feature in Windows 11 Pro that essentially creates a temporary virtual machine based on your current version of Windows, and it allows you to do anything you want. Windows Sandbox mostly functions like a normal VM, but it’s much faster to set up, and its contents are deleted automatically when you close it.
This makes Windows Sandbox the perfect playground for testing apps that you’re not sure are reliable. Open the sandbox, try what you need to, and see if anything bad happens. You can leave it at that, or if you find the app you’re trying to be safe, you can then use it on your host PC.
1 BitLocker
Your data is encrypted now
Back in the day, even if you had a password on your computer, accessing the data on your drive would still be relatively trivial by connecting the hard drive to a different computer, because this data was never really encrypted by default. BitLocker was introduced with Windows Vista (at the time only for the higher-end tiers of the OS), and it encrypts all the data on your drives, so that it can only be accessed by someone with the decryption key.
In normal situation, that decryption is handled by simply logging into your Windows account, but if someone tries to connect the drive to a different computer, they’ll need a specific BitLocker recovery key. This is automatically backed up to your Microsoft account but you can also store the key somewhere else if you want to keep it safe yourself.
In the worst case scenario when someone actively steals your computer and tries to access your precious data, BitLocker offers a last line of defense that ensures it doesn’t fall into the wrong hands, even if you’ve lost access to it yourself.
Windows security is extremely important
All of this goes to show that Microsoft takes security on Windows fairly seriously, even if the company is involved in some controversies here and there, like the Recall fiasco that stored all your activity unencrypted in preview versions of Windows. Thankfully that never made it to the general public, though, so we’re hoping the company will keep doing its best to keep Windows users safe.
