Lowest overhead, cheapest security for the average/beginner user with entry level PC/laptop

[Amelith Nargothrond]

This is my recommendation for the general user, with minimum/below average knowledge, with a good low-cost and easy to use security, that usually buys entry level PCs:

OS: Windows 10 Pro Creators Update (buy a license if your laptop was not shipped with an OS)
AV: Windows Defender (good enough, really)
FW: Windows Firewall
Browser: Edge
Windows Updates: ON (and auto-install)
Windows Smartscreen: ON
UAC: maximum
Microsoft Account: yes
OneDrive (for cloud): yes
Autoplay: OFF

Extra layer of security: TEMASOFT Ranstop (for a dedicated anti ransomware solution but mostly for their very good automatic, no user input, versioned and protected backup system - this type of user will not create and/or maintain macrium images)

And these guidelines (I mentioned them on another thread):

• don't open email links and attachments coming from unknown sources or which smell funny (even if coming from known sources)
• pay attention to what you install and how (try to get used to custom installs and avoid express ones)
• be extra careful while browsing social media, many attacks come from these platforms; they are like a crowded shopping malls for airborne viruses that get in the ventilation system
• always update/upgrade your OS/software
• use two-factor authentication wherever possible (literally everywhere), but don't lose your phone, learn how to backup the 2FA software db, don't rely on "i will get my accounts back after i reinstall the software on the new phone"
• learn that complex passwords are mandatory (you can use Password Generator For A Strong Secure Memorable Password - SafePasswd.com to generate easy to remember complex passwords)
• use common sense and avoid human error as much as possible

 

[Deleted member 178]

UAC: default level at the minimum

no way, so many malware will bypass it at that level.

My addition with this kind of setup (because it is similar to how i set my systems after a clean install) ,

1- i highly recommend using SUA with UAC at max. Then this setup is viable with the safe habits mentioned above.
2- go to Setting (in admin account) > Apps > select "Warn me before installing apps from outside the Store".

 

[Amelith Nargothrond]

no way, so many malware will bypass it at that level.

My addition with this kind of setup (because it is similar to how i set my systems after a clean install) , is that i highly recommend using SUA with UAC at max. Then this setup is viable with the safe habits mentioned above.

You're right. I will modify it.

 

[reboot]

no way, so many malware will bypass it at that level.

My addition with this kind of setup (because it is similar to how i set my systems after a clean install) ,

1- i highly recommend using SUA with UAC at max. Then this setup is viable with the safe habits mentioned above.
2- go to Setting (in admin account) > Apps > select (warn when selecting Apps from everywhere; or something like that).

That was impressive to do off the top of your head... "Warn me before installing apps from outside the Store" is the exact wording.

 

[Deleted member 178]

That was impressive to do off the top of your head... "Warn me before installing apps from outside the Store" is the exact wording.

Thanks, i corrected. I was lazy to sign-in in admin account

 

[Handsome Recluse]

Do Ranstop/Appcheck allow you to backup your files elsewhere to another drive?
Why Pro Creators Update?

 

[Deleted member 178]

Why Pro Creators Update?

Appplocker and Group Policy

 

[Amelith Nargothrond]

Do Ranstop/Appcheck allow you to backup your files elsewhere to another drive?

Don't know about AppCheck as I don't have the Pro (no trials).
But Ranstop backs up everything from the very beginning, right after the installation it scans your PC for files to backup, not just when attacked by ransomware, and also keeps versions. So it's a 2 in 1 product, very good if you accidentally shift-delete your documents folder
That's the point, if the backups are stored locally, they can be protected and no other external something is needed, they are available in case of disaster immediately. I don't think they can be stored elsewhere, just checked, no options for this.

Why Pro Creators Update?

Exactly what @Umbra said, it has more security features basically.

 

[reboot]

Would you add outbound firewall rules to the list as well?

 

[Amelith Nargothrond]

Would you add outbound firewall rules to the list as well?

I would normally, and extend this to outbound connections to be blocked if they don't match an existing rule. This is how it makes the most sense. But not for the beginner user. He/she would be overwhelmed even with advanced notifications powered by something like Windows Firewall Control. So for the beginner user, no.

 

[reboot]

I would normally, and extend this to outbound connections to be blocked if they don't match an existing rule. This is how it makes the most sense. But not for the beginner user. He/she would be overwhelmed even with advanced notifications powered by something like Windows Firewall Control. So for the beginner user, no.

Yes that makes sense. What would your workaround for beginners be?

 

[Amelith Nargothrond]

Yes that makes sense. What would your workaround for beginners be?

Use Windows firewall with default settings, actually use the entire security related stuff from the first thread as is, with one catch, stick to the guidelines. 99% of times you will be just fine. Can't edit the thread anymore, but I would also disable autorun (from settings -> devices -> autoplay) (I forgot about it, sorry). Maybe @Umbra or @Exterminator or @BoraMurdar can help with the edit. Thank you.

 

[Deleted member 178]

Windows Firewall with Advanced Setting is quite difficult for beginners for several reasons:

1- you need to know the basic of networking
2- you need to know your system
3- you need to know how every apps you use connect to the net.

If you set the profiles to block outbounds connections , you have to build several rules for each programs.

for those who still want to learn about WF , i suggest them to donate some $$$ to get the paid version of Binisoft Windows Firewall Control, you will still use WF but you will have control over it like a 3rd party FW; then study the rules , and start learning.

 

[Amelith Nargothrond]

I'm seeing someone who voted with "no". It's not helpful if you don't explain why...

 

[RoboMan]

Really cool guide, thanks for sharing. I think password managers are easy to understand and use (and free!). I'd point new/begginner users to use one to make sure they do not use "memorized passwords". They are likely to use this kind of passwords than remembering the random high-level generated passwords. Maybe this will encourage them to use them.

 

[Amelith Nargothrond]

The reason I didn't add a password manager is because this kind of software tends to be dropped very soon by the beginner user, and mainly because all of them log into their account on all possible and impossible devices, needing to install extensions or other apps locally wherever they log in, or on their phone etc. Which is difficult to do when they want to login somewhere else.

I found that these users will use the same password everywhere no matter what you tell them, it's in their nature. It's not fine, but they can at least memorize an easier complex password and use one other app for 2FA which is always on their phone. This is the mixture of passwords/logins they adopted in the end with more ease. And, 2FA is safer than just a password and password manager (unless someone hacks directly into one system to get the stuff protected by the authentication, using other means to get there).

So with this method, they have a complex password and an app on their phone which generates a number. It's that easy. Adding another app would mean using two in total, which they will drop and call you a paranoid geek And believe me, I met hundreds of these type of users

 

[Handsome Recluse]

What are the security upgrades Pro gives that beginner users can use. Also wouldn't the constant changes and updates in Creator's cause problems for them?

 

[Ink]

Why did you originally suggest placing UAC on minimum?

 

[Amelith Nargothrond]

Why did you originally suggest placing UAC on minimum?

Not the lowest level of UAC, my English got drunk that night, I was referring to "your minimum UAC level should be the default UAC setting", which is "Notify me only when apps try to make changes to my Computer", sorry for the wrong mixture of words. If this is the minimum level you should use, the next step would be the maximum UAC settings, which indeed it is the best.

 

[Amelith Nargothrond]

What are the security upgrades Pro gives that beginner users can use. Also wouldn't the constant changes and updates in Creator's cause problems for them?

It is a good point, why Pro for beginners. Well... my hopes for the beginner user is that it will evolve and it should have the necessary future proof environment to do that and to make use of those security enhancements, like Bitlocker or Remote Desktop (there are many other features and truly advanced enhancements of course).
Why Creators? Because it's the latest major version of Windows. Updates/upgrades are mandatory IMO, I surely force them wherever I can (of course after testing them out).