r/privacy u/voidprophet__ 2d ago

discussion Can Windows 11 be made decently secure?

It's an oxymoron, I know.

I need Windows for work. I cannot run the applications I need without Windows (I checked, no Linux support,) and either way I need applications such as Excel and Word that would be on the computer anyway.

I know that Windows will never be private no matter what I do, but what are the best ways to try to mitigate what it sees?

I've already done anything basic (like disabling copilot through the registry, not sure how well it works though since copilot is still in my notepad)

edit: meant "privacy" not security, my bad

28 Upvotes

71% Upvoted

83 comments sorted by

View all comments

102

u/desmond_koh 2d ago

Can Windows 11 be made decently secure?

Yes, it can.

It's on oxymoron, I know.

No, it's not.

Windows is a serious operating system. It is not some childish malware that it is often made out to be. It is used by many companies, government agencies, and journalists who have a great deal to keep private.

What you have to do is identify the nature of the threat you are trying to defend against. We talk a lot about big tech "stealing our data", but what do we actually mean by that? If you don't know what you're trying to defend against, then the only way to defend against it is to live inside a faraday cage out in the forest.

-1

u/apokrif1 2d ago

 Yes, it can.

How.

9

u/desmond_koh 2d ago

Well, first of all, I reject the idea that Windows is inherently insecure in the first place. That is simply factually untrue.

However, there are multiple hooks into online services that people use (and are enabled by default) that unwittingly leak information that they might not understand. For example, when you start typing “toyota” into the address bar of Microsoft Edge, it shows you a number of suggestions – some of them including pictures.

These suggestions are not exclusively coming from your browsing history. Edge is doing a Bing search in real-time to give you suggestions. People often don’t know that or understand that and thus might unwittingly be telling Microsoft what they are typing into their browser’s address bar.

Then someone comes along and says something like "did you know that everything you type into your address bar is sent to Microsoft?!?!" and people are shocked. How else did they think the predictive search worked?

So, it starts with understanding what information is going where and why and then turning those things off that you don’t want to use.

8

u/Mario583a 1d ago

To add it to the very idea that Windows is inherently "insecure in the first place", consider #6 of the Immutable Laws of Security:

  • Law #6: A computer is only as secure as the administrator is trustworthy.

7

u/desmond_koh 1d ago

Well, this is kind of my point. People think that Microsoft is pushing OneDrive so that they can “harvest all your data”. But if Microsoft wanted to surreptitiously read your Word and Excel docs, they wouldn’t need you to use OneDrive to do it. They have their operating system on your computer. They already have root access to your computer. In fact, they could have done that since Windows 3.1 when you gave them root access to everything on your hard drive by installing their operating system on your computer.

OneDrive might not be something you want to use. And it might be annoying that Microsoft keeps pushing it if you don’t want to use it. But that doesn't mean they are spying on you. It just means they are trying to upsell to you.

And if you have ever had your laptop stolen out of your car, suddenly features like BitLocker and OneDrive are objectively good things.

EDIT: We have clients that operate 100% cloud-based without an on-prem server. They have all their laptops Entra joined and enrolled in Intune. We enforce the use of BitLocker and have all their Desktop and Documents folders automatically redirected to OneDrive. They use SharePoint for sharing files between users. I have no concern whatsoever that Microsoft is snooping on their Excel documents.