What are the security benefits of logging out of Windows 10?
There are several things you need to know before:
- Lock: It will lock the computer, but all the user's program will keep running. Lock can be triggered with Windows Key+L or CTRL+ALT+DEL > Lock.
- Disconnect session: It is simillar to lock, will lock the computer and keep User programs running and let other users log in using Remote desktop or physically. It is similar to Switch User when done physically.
- Log out: Close all programs of the user and log out. It is different from disconnecting session, because this will not allow users to connect session from Remote dekstop, only physically another user will log in.
- Turn off/Shut down: Will close all running programs of current user, if another user is logged in then prompt to turn them off also. Then the computer will switched off and offline.
- Power off: Cutting down the power supply when computer is active. It is dangerous, you will lose your unsaved data or files may get corrupted.
When you lock workstation, it will keep all programs running, and if any kinds of virus/trojans are running they will function as is.
And if you log out and before save all of your work, you are safe because no program can run then and none can remotely connect to your account, without credentials.
Note: If you log out, services or scheduled tasks may continue to run as @jcaron said. But many programs can run as services, so you have to look on which services are running and stop which you are suspecting. They can also run as scheduled tasks.
The primary benefit is that any data associated with your user session that's in memory will be unloaded from memory when you log out.
This sounds kind of stupid, until you consider that by default Windows caches credentials secured by your account password in memory on first use and does not tend to drop that cache until you log out. Such credentials include, but are not necessarily limited to: stuff like the master encryption key used to protect the encryption keys used for the native transparent file encryption support built into Windows and login credentials for any network shares you have accessed (including both mapped drives and regular UNC share access, you can explicitly drop these by manually disconnecting from the drives/shares in either CMD or PowerShell using the net use
command).
To further specify your question, correct me if I'm wrong:
Assuming you let a machine sit idle after using it, is there an additional security benefit to logging off, in terms of network attacks?
The theoretical answer is "yes". Software that is running when you are logged in can pose a security threat by receiving network traffic that exploits vulnerabilities in said software. When that software is running in your user space, that vulnerability goes away when you log off.
For example, you can infect your machine by visiting a malicious site with your browser. This site triggers some vulnerability in your browser and compromises your system. Leaving the browser open overnight does have the same risk: a site that you have opened could load new content using JavaScript or other means that exploits a vulnerability in your browser.
That's for outgoing connections, but incoming connections can pose the same threat. That is, if your router and firewall (if any, and enabled) allow them to even reach your machine and get sent to the listening application.
There are countless of other programs that could be running after you've used the machine, each of which could have networking functionality (either listening for traffic or actively communicating with other servers) that could contain vulnerabilities.
Even if you kill all visible applications, there is always something extra running that could theoretically get attacked while you are logged on.
Logging off stops these programs.
Logging off also sets the baseline: when your machine displays the login screen, countless of background programs (services) are running, a lot of which can still invoke network traffic and get attacked.
And if your machine is idle and nobody will be using it for hours anyway, why not turn it off completely?