Not Windows specific, but addressing the security questions, first learn and understand
the 10 immutable laws of security:
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn’t practically achievable, online or offline.
Law #10: Technology is not a panacea.
Many skiddies get a live cd and "hack" a computer with unrestricted physical access. If I have physical access to your computer, I will do everything up to and including installing a hardware keylogger in
the machine. Even if you have a fully encrypted drive, I'll have your passphrase. "Cracking" a computer to which you have full access isn't cracking, it's administration/maintenance.https://technet.microsoft.com/en-us/library/hh278941.aspx
Second thing, be wary of people peddling security-through-obscurity snake oil. It might buy some very temporary safety, but it's more
likely to obscure weaknesses from your own
evaluation than deter anyone who actually wants into your machine (which is why it is not a good "layer" for security—it frequently results in "hiding" your vulnerabilities from scanning tools, for example. We had someone who regularly switched ports of services such that our own vulnerability scanners missed his server. We ended up with a reportable security incident because his machine didn't get an emergency patch.https://en.wikipedia.org/wiki/Security_through_obscurity
Infosec expert Bruce Schneier sums it well:I used to decry secret security systems as "security by obscurity." I now say it more strongly: "obscurity means insecurity."https://www.schneier.com/blog/archives/2014/02/the_insecurity_2.html