How to Use Windows Firewall With User Account Control (UAC)

Keeping Windows 8.1

safe and secure

IN THIS CHAPTER, YOU WILL LEARN HOW TO

▪

Work with the User Account Control.

▪

Use Windows Firewall.

▪

Use Windows Defender.

▪

Enhance the security of your passwords.

Security is very important in the modern era of computers and devices. Microsoft has spent quite a bit of effort to enhance the security provided by Windows 8.1. This operating system offers improved versions of all its main security tools: User Account Control (UAC), Windows Firewall, and Windows Defender.

In this chapter, you’ll learn how the UAC works, how to tweak it, and why you should never turn it off. In addition, you’ll learn the basics of working with Windows Firewall to secure your network and Internet traffic and about the new and improved Windows Defender and how to use it to keep your system safe from viruses and spyware. Finally, you’ll learn how to improve your passwords to make it more difficult for unwanted people to use the Internet to access your Microsoft account, your email, and other important accounts.

PRACTICE FILES You don’t need any practice files to complete the exercises in this chapter. For more information about practice file requirements, see the section “Using the practice files” In the Introduction of this book.

14

Understanding the UAC

The UAC is a security feature that was introduced in Windows Vista and improved in all subsequent versions of Windows. It is present in Windows 8.1, as well, and it helps prevent unauthorized changes to your computer. These changes can be initiated by users, apps, viruses, or other types of malware. UAC ensures that these changes are made only with ap-proval from the administrator of the computer. If these changes are not approved by the administrator, they will never be executed, and the system will remain unchanged. Unlike in Windows XP, desktop apps in Windows 8.1 do not run with administrator per-missions and consequently cannot make any automatic changes to the operating system. When a desktop app wants to make system changes such as modifications that affect other user accounts, modifications of system files and folders, or installation of new software, UAC prompts the user to ask for permission.

To illustrate this process, the UAC algorithm is explained in the following diagram.

Many changes require administrator privileges and, depending on how UAC is configured on your computer, they can cause a UAC prompt to ask for permissions. Here are those changes:

▪

Running a desktop app as an administrator

▪

Changes to system-wide settings or to files in the Windows and Program Files folders

▪

Installing and uninstalling drivers and desktop apps

▪

Installing ActiveX controls

▪

Changing settings to Windows Firewall

▪

Changing UAC settings

▪

Configuring Windows Update

▪

Adding or removing user accounts

14

▪

Changing a user’s account type

▪

Configuring parental controls

▪

Running the Task Scheduler

▪

Restoring backed-up system files

▪

Viewing or changing the folders and files of another user account

▪

Changing the system date and time

If UAC is turned off, any user and any desktop app can make any of these changes without a prompt for permissions. This would make it possible viruses and other forms of malware to infect and take control of your system more easily than when UAC is turned on.

When using Windows Store apps, UAC is never triggered because, by design, these apps cannot modify any system settings or files. Therefore, UAC prompts are displayed only when working with desktop apps.

Windows 8.1 has four UAC levels from which to choose. The differences between them are described in the following.

▪

Always Notify At this level, you are notified before desktop apps make changes that require administrator permissions or before you or another user changes Win-dows settings. When a UAC prompt appears, your desktop is dimmed, and you must choose Yes or No before you can do anything else on your computer.

Security Impact: This is the most secure setting but also the most annoying. If you do not like the UAC implementation from Windows Vista, you won’t like this level either.

▪

Notify Me Only When Apps Try To Make Changes To My Computer (Default) This is the default level; it only notifies you before desktop apps make changes to your computer that require administrator permissions. If you manually make changes to Windows, UAC doesn’t notify you. This level is less annoying because it doesn’t stop the user from making changes to the system; it only shows prompts if an app wants to make changes. When a UAC prompt appears, the desktop is dimmed, and you must choose Yes or No before you can do anything else on your computer.

▪

Notify Me Only When Apps Try To Make Changes To My Computer (Do Not Dim My Desktop) This level is identical to the preceding one except that when a UAC prompt appears, the desktop is not dimmed and other apps might be able to interfere with the UAC dialog box.

Security Impact: This level is even less secure because it is easier for malicious desk-top apps to simulate keystrokes or mouse moves that interfere with the UAC prompt. Again, a good security solution can compensate for the slight decrease in security.

▪

Never Notify At this level, UAC is turned off and offers no protection against

unau-thorized system changes. Any user or desktop app can make system changes without any prompts for permission.

Security Impact: If you don’t have a good security solution, you are very likely to have security problems. With UAC turned off, it is easier for malicious desktop apps to infect your computer and take control of it and its settings.

IMPORTANT If you do not have administrator access, you can’t set any exceptions, and the programs that do not comply with the standard set of rules are automatically blocked.

Changing the UAC level

Now that you know what this feature does and how it works, you’ll learn how to configure it to offer the level of security you desire. In this exercise, you’ll learn how to change the UAC level.

IMPORTANT Before changing the UAC level, review the previous section in this chapter. It is very important to understand the differences among the levels before making any changes.

SET UP

Open Control Panel .

1

Click System And Security.

The System And Security window opens.

2

In the Action Center section, click Change User Account Control Settings.

14

4

Click OK.

5

Depending on the UAC level set before making the change, you might receive a UAC prompt. Click Yes if you do.

+

_{CLEAN UP}

Close the System And Security window .

The UAC is set to the level you selected and will provide you with the appropriate security level according to that choice.

14

Should I turn off UAC when I install my apps and

turn it on afterward?

The biggest annoyance UAC causes is when you install all your daily desktop apps. At this time, you can receive many UAC prompts (one for each app you install). You might be tempted to turn off UAC temporarily while you install your desktop apps and turn it on again when you’re finished. In some scenarios, this can be a bad idea. Certain desktop apps, which make many system changes, can fail to work if you turn on UAC after their installation even though they work if you install them with UAC turned on. These failures happen because when UAC is turned off, the virtualization techniques UAC uses for all apps are inactive. This causes certain user settings and files to be installed to a different place and no longer work when UAC is turned back on. To avoid these problems, it is better to leave UAC turned on at all times.

Using the Windows Firewall

Windows Firewall is a security desktop app built in to Windows that helps block unauthor-ized access to your computer while permitting authorunauthor-ized communications to and from your computer. It has been improved in each new version of Windows.

With Windows 8.1, this tool can filter both inbound and outbound traffic or set rules and exceptions, depending on the type of network to which you’re connected. If you aren’t us-ing a third-party security suite that includes a firewall, it is highly recommended that you use Windows Firewall because it provides a good level of security.

SEE ALSO For more information about network profiles, see Chapter 11, “Connecting to a network and the Internet.”

Most apps you install on your computer automatically add an exception to Windows Firewall so that they receive network and Internet access as soon as you start them. However, if they don’t add such an exception, Windows Firewall asks if you want to allow them access to the network. At this point, you receive a security alert similar to the follow-ing one, in which you are asked to select the network profiles to which you allow access for the app: private networks (such as home and work networks) or public networks (such as those in airports, coffee shops, and so on).

By default, Windows Firewall selects the check box relevant to the network you are cur-rently using. However, you can select either of the options or both, depending on what you want to do. When you’ve decided, click Allow Access, and the desktop app is allowed to communicate on the selected type(s) of network. To block access, just click Cancel.

IMPORTANT If you do not have administrator access, you can’t set any exceptions, and the apps that do not comply with the standard set of rules are automatically blocked.

14

Click Windows Firewall to open the Windows Firewall desktop app. In the center of its window, you can see information about the status of your network connections and how Windows Firewall is set for each type of connection.

In the left column are links to different configuration options for Windows Firewall and other tools such as the Action Center.

14

Turning Windows Firewall off or on

By default, Windows Firewall is turned on for both types of network profiles, Private and Public. You can turn it on or off for one or both the network locations in the Customize Settings window.

If you choose to install a third-party security app, such as a complete Internet security suite or another firewall, it is best to disable Windows Firewall so that it doesn’t create conflicts and problems.

In this exercise, you’ll learn how to turn off Windows Firewall.

SET UP

Log on by using a user account that has administrator rights and then open Windows Firewall .

1

In the left column, click Turn Windows Firewall On Or Off.

The Customize Settings window, which shows whether the Windows Firewall is turned on, opens.

2

Select Turn Off Windows Firewall (Not Recommended) for both Private Network Settings and Public Network Settings.

3

To apply your settings, click OK.

+

_{CLEAN UP}

Close the Windows Firewall window .

To turn Windows Firewall on, perform the same steps. However, in step 2, you select Turn

On Windows Firewall for both Private Network Settings and Public Network Settings.

14

Customizing the list of allowed apps

The Allowed Apps window contains all the apps that are allowed to go through Windows Firewall. By default, you cannot edit the list. Click the Change Settings button to edit the list of allowed apps. The button will then be dimmed, and you will be able to edit the list of al-lowed apps, programs, and features.

With Windows Firewall, you can edit its communication rules so that you can permit or deny network access for certain apps or services. In this exercise, you’ll learn how to cus-tomize the list of allowed apps.

SET UP

Log on by using a user account that has administrator rights and then open Windows Firewall .

1

In the left column, click Allow An App Or Feature Through Windows Firewall. The Allowed Apps window opens.

2

Click Change Settings.

3

Select the app whose permissions you want to change.

14

4

Click Details.

A window displaying the apps properties opens.

5

Read the information to confirm that this is the app whose permissions you want changed and then click OK.

6

Clear the Private and Public check boxes for the app to block its access to both net-work profiles, and then click OK.

+

_{CLEAN UP}

Close the Windows Firewall window .

The changes you made for the selected app are now applied.

TIP For the Windows apps that are bundled with the operating system (for example, Bing Food & Drink, Music, Mail, Maps, and so on), the Details button is not available and you cannot view more infomation about these apps. But, you can edit the rules applied for them.

Adding new apps to the allowed list

You can easily add new apps to the list of apps allowed through Windows Firewall. In this exercise, you’ll learn how to add new apps to the allowed list.

SET UP

1

In the left column, click the Allow An App Or Feature Through Windows Firewall. The Allowed Apps window opens.

2

Click Change Settings if required.

3

Click Allow Another App.

The Add An App window opens.

4

Select the app that you want to add and then then click Network Types. The Choose Network Types window opens.

NOTE If you don’t find the app you want to add in the Add An App list, click Browse to locate it. Select it and then continue with the instructions in this exercise.

5

Select the network locations through which you want to allow the app to communi-cate, and then click OK.

14

6

In the Add An App window, click Add.

You return to the Allowed Apps window, in which you can see the newly added app on the list.

7

Click OK.

+

_{CLEAN UP}

Repeat this procedure for all the apps you want to add and then close the Windows Firewall window .

Removing apps from the allowed list

Removing apps from the list of allowed apps through Windows Firewall or disabling access to certain types of networks is easy. Both tasks are done from the Allowed Apps window. If you want to disable a rule allowing access to a certain app or feature, simply clear the check box to the left side of its name. Windows Firewall will no longer use it.

If you only want to disable network and Internet access for an app when connected to a certain type of network profile, clear the check box in the column of that network profile. For example, if you want to prevent an app from receiving network and Internet access when you are connected to a public network, clear the check box in the Public column. If the Private column is selected for that app, it will only have access to private networks. When removing entries from the allowed list, keep in mind that you can remove only apps and entries that were not included with Windows 8.1. For example, you cannot remove an entry about Windows Media Player because it is part of Windows 8.1, although you can re-move an entry about a third-party app you installed, such as Steam or uTorrent. The entries that are included in the default configuration of Windows Firewall can only be disabled, not removed.

In this exercise, you’ll learn how to remove an app from the allowed list.

SET UP

Log on by using a user account that has administrator rights and then open Windows Firewall .

1

In the left column, click the Allow An App Or Feature Through Windows Firewall. The Allowed Apps window opens.

2

Click Change Settings, if required.

3

Select the app or feature that you want to remove, and then click Remove.

14

4

Click Remove.

You are asked to confirm the removal.

5

Click Yes.

You return to the Allowed Apps window.

6

Click OK.

+

_{CLEAN UP}

Close the Windows Firewall window .

Restoring the Windows Firewall default

settings

If you have used this tool for a long time and you have made many changes to its settings, the chances are good that some things might stop working. In such cases, it is best to reset all rules to the default settings and values created by Microsoft. Then, you can start from the beginning, defining the rules that you want to apply to your apps so that everything works as it should.

In this exercise, you’ll learn how to restore the default settings of Windows Firewall.

SET UP

Log on by using a user account that has administrator rights and then open Windows Firewall .

1

In the left column, click Restore Defaults. The Restore Defaults window opens.

14

2

Read the information shown and then click Restore Defaults. You are asked to confirm your choice.

3

Click Yes.

You are returned to the Windows Firewall window.

+

_{CLEAN UP}

Close the Windows Firewall window .

All the Windows Firewall settings you created are deleted. Everything is now reset to the initial settings and values as they were when Windows 8.1 was installed on your computer.

Using Windows Defender

Windows Defender was originally a tool that provided protection only against spyware threats. Then Microsoft introduced Microsoft Security Essentials, a product that added an-tivirus protection. It quickly became one of the most popular free anti-malware products among Windows users. With Windows 8, Microsoft has decided to include the features ini-tially released in Microsoft Security Essentials in the earlier Windows Defender product. In Windows 8.1, further improvements have been made to this product.

The Windows Defender interface is simple and easy to use. At the top of the window, four tabs are available:

▪

Home This tab shows an overview of Windows Defender: whether any threats and problems were detected, whether the real-time protection is turned on, and whether the virus and spyware definitions are up to date. On the right side, you can start a manual scan for malware; on the bottom, you can view when the last scan was made.

14

▪

History This tab is for viewing details about the threats Windows Defender has de-tected. You can view the items that were quarantined, the items that you allowed to run despite the recommendations received from Windows Defender, and all the items that were detected as malicious.

14

▪

Settings On this tab, you can customize how Windows Defender runs. You can turn on or off its real-time protection engine; exclude files, locations, or processes from being scanned; tweak more advanced settings; choose whether you want to join the Microsoft Active Protection Service; or completely disable Windows Defender.

Removing quarantined files

Detected threats are automatically isolated and placed into quarantine. You can only access the items that were quarantined from Windows Defender and decide whether you want to remove them completely from your system or keep them and set Windows Defender to allow them. However, to remove them or keep them you need to have administrator permissions.

In this exercise, you’ll learn how to access the items that were detected as malicious by Windows Defender and remove them from your computer.

SET UP

Log on by using a user account that has administrator rights and then open Windows Defender .

1

Click the History tab.

2

Choose All Detected Items.

3

Click View Details to see all the items that were detected as malware.

14

4

Scroll through the infected items that were detected and read the information being displayed, to learn more about them.

5

Click Remove All.

+

_{CLEAN UP}

Close Windows Defender .

Don’t ignore the warnings and recommendations

from SmartScreen filter

In Chapter 5, the section “Understanding the SmartScreen filter in Internet Explorer” covers in detail how the SmartScreen feature included in Internet Explorer and Windows 8.1 can help prevent security problems with your computer or device. This chapter reinforces that recommendation to consider the warning messages from SmartScreen filter.

In Windows 8.1, File Explorer also uses this feature to scan the files you are running. If you see a warning similar to the illustration that follows when trying to start a file, make sure to scan that file with Windows Defender or any other security product you have installed prior to starting it.

Following this recommendation will help keep your Windows system safe and secure.

14

Improving your password habits

No matter how good the security products you are using are, you are still vulnerable to many security problems if your habits related to password use are poor. Many people tend to use the same one-two-three passwords everywhere. This is a sure recipe for se-curity problems, including sese-curity problems with your Microsoft account, your Facebook and Google accounts, and any other accounts. If you use the same password everywhere, a malicious user might break into a forum or social website you are using and steal your password from there. That user can then use the same password and the email address with which you registered to access more of your personal data and information from your Inbox, accounts on social networks, and so on.

To make sure it is much more difficult for unwanted parties to access your Windows-based computer, your Microsoft account, your email inbox, and any online services you are using, consider the following recommendations regarding password use.

▪

Do not use passwords with fewer than six characters. They are especially easy to break.

▪

Ideally, your passwords should be at least eight characters long and include letters, numbers, and special characters such as +, #, $, and so on.

▪

Do not use the same password twice or more.

Reasons to consider commercial security

solutions

Windows Defender together with Windows Firewall and Internet Explorer can provide a good level of security. If you are not willing or able to invest in security software, they are the best free security tools available for Windows 8.1, and you won’t need to install other free products.

However, if you want the maximum level of security possible and premium features such as anti-spam, ad blockers for your Internet browser, remote location of your computers and devices if they are stolen, the possibility to command a remote wipe of your data (if your computers and devices are stolen), and more advanced malware detection algorithms and other features, it is best to consider purchasing and installing security products provided by specialized vendors. The best way to be fully protected is to use a complete security package, generally called an Internet Security Suite. These packages include antivirus, anti-spyware, and firewall protection plus other security modules such as the ones previously mentioned.

Before making a choice, it is best to understand which options are available. To make an in-formed decision, it is recommend that you check the following Internet sources.

▪

Antimalware apps for Windows (http://bit.ly/15Q3xQU) The Compatibility Center also lists the security software providers that offer solutions compatible with Windows. Search for the security product you are interested in, and you can easily view whether it is compatible with Windows 8.1.

▪

Security for Everyone at 7 Tutorials (http://bit.ly/12jjvrs) The 7 Tutorials website provides a series of reviews for Internet security suites. The team from the website regularly tests the latest offerings from both a security and a usability perspective. The aim of the team is to highlight solutions that provide the best mix of effective security and user friendliness.

14

▪

AV Comparatives (http://av-comparatives.org) This is the website of an inde-pendent security organization that regularly tests the quality of security provided by antivirus products. Its tests are very professional and evaluate all the important secu-rity aspects for an antivirus solution. If you want to know which secusecu-rity company has the best detection engine for viruses, this website is the place to visit.

Key points

▪

Never turn off UAC; it’s a key feature that contributes to a good level of security on your system.

▪

Windows Firewall filters both inbound and outbound traffic depending on the type of network to which you are connected. It is an important tool in securing your network and Internet traffic.

▪

Windows Defender now includes both antivirus and anti-spyware protection.

▪

Improving your password habits is a key component of a secure computing

experience.

14

Chapter at a glance

Check

Check for Windows updates, page 446

Learn

Learn File History and how to use it, page 451

Restore

Restore your system to a previous state with System Restore, page 465

Use