I'm setting up a new machine with Windows on it for a family member. Since I've personally not used Windows in over a decade, I'm a little disconnected from its current best practices.<p>I remember setting up an antivirus back in those days. The recent article on Avast let me know that AV software is apparently not a popular thing anymore. So what should I be doing? This machine is for the exclusive use of my parents (50+). They're kind of good at detecting scams and stuff, I haven't really needed to give support for the old machine in 5-7 years.<p>What are the current recommendations for setting up a machine with some security?
Can you make them a standard (non admin) user account and then either keep the admin account to yourself (with remote desktop, probably) or at least call it something really clear like "this is dangerous" with a hard to type password, so they really have to think twice before using it?<p>It makes it harder for them to accidentally install rootkits and certain kinds of spyware and ransomware. It also makes it harder to install some software globally, but that's the point.<p>If you want to go a step further you can try to set it up in some kind of kiosk mode, but that's probably too restrictive for day to day use.<p>Of course you should explain why it's set up this way. Something like "In day to day use, your standard user account lets you run the programs you already have, create new documents, send emails, etc. All the day to day stuff is taken care of and should work the same as always have. And it protects from you bad software and people trying to hack your machine. In the rare cases you need to install some new program, you should double check to make sure it's safe and legit first, like Googling for its official source and calling me if you're not sure. Then if you're it's safe, you use this other special account I left on this post it under your desk. Use it sparingly and only when you absolutely need to!"
Set up a backblaze backup, and check the default excludes carefully, or some important home movies and things might not be backed up.<p>It's saved my bacon more than once.
Windows out the box is pretty secure. Make sure they are behind a NAT router and sll incoming connections are blocked.<p>AV is built in and works well.<p>Of course it's not Windows you should be worried about. It's about programs that they download and run, or come via email. That's best solved with education, and frankly applies to phones as well as desktop.<p>A healthy amount of fear when it comes to new software, or opening docs is no bad thing.<p>And please don't foister things like Libre Office on them. They are a poor solution to those used to Office. It sounds like you've tried that before :)<p>Only techies care about mundane things like license and freedoms etc. Regular people just want working software, that they are used to, which just works. These days that means Windows or Mac, or whatever they had before.