I used Bit 2016 for 1 year and tested 2017 for some weeks.if they activated ransom protection on default, there would be too many FPs, and your grandmother would freak out.
Never had a FP from ransom protection..
If it really had many or even some FP something would be wrong and should be fixed...but ransom protection nowadays is a must and should be enabled on default.
Same for protection at boot to avoid bad ("mbr") surprises...unless it's not ready yet (in this case this should be highlighted in the settings).
P.s.My grandmother would not have freaked out since she would have had a good security training "in house".