So I only use Windows 10 for gaming, but curious to see if anyone has any resources for hardening Windows 10?
Privacy or security hardening?
If you're just using Windows for gaming, and you're only on game markets like Steam and maybe video/audio streaming services while gaming then you're probably pretty secure. As far as if you're just installing games, then there's not really too many inroads for malware outside of a market like Steam or the particular game company getting compromised, which would have issues regardless of which OS you're using them on. Windows 10 already has anti-virus built in and UAC so you're probably just about there already. I say this as a die hard Linux advocate: the idea that Windows is wildly insecure when compared to Linux/Mac/BSDs is incorrect as far as I know and is just a myth from back when nobody cared about writing malware for anything other than Windows.
If you're also web browsing, I'd say having a well configured browser would be good to do, and making sure you are regularly updating/auto updating Windows and other software. Also, if you play a lot of online games and end up opening up port forwarding or something similar just be conscious of it and make sure to do something like that right and limit what kind of attack surface you're opening up.
If you're thinking privacy, I did just do a blog post about Win 11 which is similar, but I have a feeling if you're on Lemmy you're already familiar with what the basics the post includes: get a decently configured browser, toggle off as many privacy invasive settings as you can, disable the telemetry service, and try to limit the bloat Microsoft likes to include during or after installation.
I'd also very carefully vet any sort of scripts, custom ISOs, and the like if you choose to use them. You'd be putting a lot of faith on whoever made them. And probably don't worry about VPNs and such, they're not going to do anything to hide the fact that you (presumably) purchased games under your name and you're using your account to play them.
I'm typing this up on the fly and by no means the leading expert in the field, but these would probably get you a good 95% there. Happy gaming
Take a look at ameliorated.io
If you don't want to put in the effort, the most time efficient way is just to install windows 10 LTSC (long term support), and slapping portmaster or adguard on it, with some telemetry-blocking DNS.
Feel free to ask for more info if you'd like to know more
You might want to check out this github link privacy.sexy. It has a bunch if scripts to do all sorts of things. It also has a GUI to customize your script the way you want. Disable telemetry, uninstall default programs like edge and skype. You can setup a task to run on interval's of your choosing.
I run Linux on all my computers but one tablet/computer and have used privacy.sexy since I bought it. It seems to work well and you can roll back your changes you make if you like or if their script brakes something you need.
You can harden and make more private Windows10, there existen even a lot of FOSS tools to do it, like https://github.com/hellzerg/optimizer (one of the best), avoid as much as possible the MS Store and less as possible proprietary apps. In this point in Windows there is a big advantage, no other OS has the amount of FOSS than Windows, not even Linux.
Install Portmaster, with this you can controll and if need also block, every byte which go out or in, in the net traffic of every app. ts also OpenSource, only if you use also it's SPN you need to pay a monthly fee (its like a VPN on steroids), but also without is a pretty good Tool to tame Windows https://safing.io.
Desactivate any Service and App which you don't use (eg. the hibernation service is a big resource hog, because create a copy of every app you open, that mean, every app use the doble of RAM, and also the index service, which, at least with an SSD isn't really needed, it only permits to find files some seconds faster in the explorer. Only with these both, yo will increase the speed of Windows 20-30% and free a lot of RAM). More if you desactivate animations, transparecies and services "to improve the user experience" crap.
Activate GodMode, with this you have access to all the settings (over 200), even the hidden ones. Its easy:
- Create a new folder anywhere you want
- Rename it to
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
(copy paste this as is)
Done. The folder has change it's icon and when you open it, you have a large list, ordered by topics, of all existing settings in Windows.
Don't forget, although the aforementioned tools are safe, easy and intuitive to use, it is always a good idea to create a restore point before messing with the guts of Windows.