Windows 10’s End of Support (EOS) marks a fair warning to all who haven’t still upgraded to Windows 11 because of software or hardware issues. While the End of Support for Windows 10 happens in October 2025, it gives enough time for everyone to upgrade to Windows 11, stick with Windows 10 or decide to switch to another operating system.
How to secure Windows 10 after End of Support
If you plan to continue with Windows 10, here are some steps you should take to harden its security.
- Evaluate Extended Security Updates (ESUs)
- Install dependable security software
- Use an additional On-demand antivirus scanner
- Use a supported web browser
- Keep all installed software updated
- Disable unnecessary services, software, and features
- Utilize Virtual Machines for risky activities
- Backup data regularly
- Use a Local Standard User Account
- Beware of what you download from the Internet and Email
- Enable Show file-extension
- Enable BitLocker
- Prescan before connecting a USB drive
- Use Secure DNS
- Use a VPN
- Isolate your device
- Use Strong Passwords or PIN.
While we recommend upgrading to Windows 11, if you wish to continue using Windows 10, read on.
1] Evaluate Extended Security Updates (ESUs)
The first and best solution is to opt for Extended Security Updates (ESUs), which Microsoft offers as a paid service for organizations that need to continue using an unsupported version of Windows.
While this service is especially beneficial for businesses running legacy applications that are incompatible with newer OS versions, Microsoft has announced for the first time, an ESU option for consumers, available for a one-year option for $30. For corporates, Extended Security Updates for Windows 10 can be purchased through the Microsoft Volume Licensing Program, at USD 61 per device for Year One.
Read: What to know about Windows 11 before upgrading from Windows 10
2] Install a dependable security software
While Microsoft Defender Antivirus is built into Windows 10, consider supplementing it with a reputable third-party antivirus or endpoint protection solution. Make sure that the security software supports Windows 10.
In time, Microsoft will stop sending out virus signature updates to Defender, and you will be open to anything that can go wrong moment.
While free antivirus and firewall software can offer basic protection, I recommend opting for a free, fully integrated Internet Security Suite that provides multi-layered defense. For premium options, BitDefender, Kaspersky, and Malwarebytes are excellent choices.
Many third-party security services will be read to support for a longer time. Find them and install them.
3] Use an additional On-demand antivirus scanner
There may be times of doubt, where you might want a second opinion. At such times you may use these on-demand antivirus scanners. In fact, make it a practice to use it once a week at least.
4] Use a supported web browser
Browsers usually take longer than anything else to drop the support. Pick one of the browsers, and stick to using it. Do not experiment with any new browser.
5] Keep all installed software updated
Although Windows 10 won’t receive updates, many third-party applications will. Regularly update your software, particularly those frequently connected to the internet, such as browsers, email clients, Office suites, and communication tools.
That said, you will still need to track which software will drop the support, and when. So, you may need an alternative or do everything possible from the browser.
6] Disable unnecessary services, software, and features
Reducing the attack surface of your system can mitigate risks. Disable unused services and software, remove bloatware and turn off features like Remote Desktop if they are not in use. If you just want to use the PC for casual browsing and nothing serious, you should be good to go.
7] Utilize Virtual Machines for risky activities
If you need to perform high-risk tasks, such as browsing questionable websites or testing software, use a virtual machine (VM) like VMWare, etc. to isolate those activities from your primary system.
Many are free to use! Install Windows using the ISO, and test anything you want.
Read: How to configure and use Windows Sandbox
8] Backup data regularly
If you aren’t getting any updates, it’s important always to have a backup. There are many backup software available for Windows that you can use to create frequent backups of important files using external drives or cloud services. This protects against data loss from malware, ransomware, or hardware failures.
9] Use a Local Standard User Account
Never use an Admin account. You should create & use a Standard User Account for your day-to-day use. In this scenario, malware may not be able to modify any system file, it will be a lot safer. If you need to change anything, switch to the admin account and make the changes.
If you want to keep using the Admin account, raise the UAC bar to maximum. You can choose to “Always notify” for maximum security.
10] Beware of what you download from the Internet and Email
It is a general warning and something you should always take care of. Do not click on download attachments or any file you are prompted to download without your concern. While you can surely download attachments you are expecting from friends, relatives, and associates, be very careful of the mail forwards you may receive even from your friends. A small rule to remember in such scenarios: If in doubt, DONT!
11] Enable Show file-extension
It is always a good idea to keep the option to show file extensions turned on. When the extensions are visible, you will quickly notice if it is not a regular format like .doc, .pdf, .txt, etc. It will help you in seeing the real extensions of the files and thus make it a bit more difficult for malware to disguise itself and get on your computer.
12] Enable BitLocker
If you have never used it before, its time to use it now. Bitlocker can encrypt drive partitions or the whole drive, including boot drive. It will generate a key which you will need to unlock data from it. So make sure it is noted somewhere.
13] Prescan before connecting a USB drive
An infected USB can infect the computer. It’s a good idea to tighten up or restrict what USB drives can do when connected. I recommend that you always first scan the drive with your antivirus software to make sure that it is clean of the latest threats and then access the files on it.
14] Use Secure DNS
It is an excellent idea to use OpenDNS or CloudFlare to prevent your computer from visiting bad malicious websites. You can easily change DNS or block adult websites. These DNS will also automatically block sites that can serve SPAM and Viruses.
15] Use VPN
Use a good VPN to stay invisible on the net.
16] Isloate your device
If you have a home or office network, isolate your Windows 10 device from other critical devices. If your system is compromised, use a guest network or VLAN to limit the potential spread.
17] Use Strong Passwords or PIN
Use strong, unique passwords for online accounts and enable multi-factor authentication (MFA) whenever possible.
If you’re a single user, you might be tempted to remove the password from your account to save time. However, this makes it easier for others to access your system and potentially steal your data. Always use strong passwords for your user account and online activities to secure your Windows PC. Additionally, remember to lock your computer whenever you step away. You can do this quickly by pressing WinKey + L.
Read: How to generate or create strong Passwords
Using an unsupported operating system carries inherent risks. By following these steps, you can significantly reduce vulnerabilities and continue using Windows 10. However, transitioning to Windows 11 should remain your ultimate goal for optimal security and functionality.
