Lowest overhead, cheapest security for the average/beginner user with entry level PC/laptop

[MSDOS8bit]

That's a good basic config and the advise you gave are pretty good for beginners. Still, i don't think it's that great. Here's why:

1: why Windows 10 Pro ? Almost every new computers are delivered with Windows 10 Home, and i don't think the Pro version is worth the extra money for the average or beginner users, whatever it's a full license or an upgrade to Pro. Home version is more than enough.
2: while Windows firewall is enough, why use Defender when there are so many better free alternatives ? Avast and Avira offer rock solid protection, while Sophos Home and Bitdefender Free don't even bother you with ads (or very little).
3: for browsing, i think Google Chrome is a better alternative. At least as secure and light as edge, but with better compatibility and more user friendly.
4: browser extensions offer a great layer of protection and for free. Avira Browser Safety and uBlock Origin are among the best.
5: i think Malwarebytes Free is great. It finds stuff that antiviruses missed, and even beginners can easily do a scan if they suspect anything wrong or once in a while.

Anyway that's the setup i would recommend for the average users.

 

[Amelith Nargothrond]

I found that beginner users have difficulty with accommodating with third party apps, let alone make them understand why they need them, and here's why:

• many of them have attended some sorts of IT classes, where they were taught how to use the basics: Internet Explorer, Windows Explorer, some Office products, emails, stuff like that. Now imagine telling this user:
  • you have to install a third-party AV and learn to maintain it (upgrade it regularly, ignore the ads, etc.); with the Defender, they have to do... well nothing, it's a good AV, gets updated with Windows, easy to use, already know about it
  • tell them that the browser they got used to it's not good and they should install another one; btw, why Chrome? Why not Firefox, or Opera? I found it it's more healthy for the beginner user to find another browser (if he feels the need for one) by himself
  • Edge is particularly secure, maybe a tiny bit more than Chrome with its sandboxing features, SmartScreen is excellent and very well maintained; my second option after Chromium
  • tell them that the browser they should install also needs even more stuff called extensions (and why)
• Chrome is more compatible with what exactly? I don't understand this, please detail. You mean compatibility across platforms? This is very true, but this user will hardly use these cross-platform features, if at all, and when he will understand them, he will probably switch to something else like the Google ecosystem, as it is the best from this point of view. But that takes time. He should first learn to use the OS IMO
• as for why Pro, I already answered a little bit above your post; it's worth the extra money IMO, I can't and I will not advise users to stick to Home. It's like the example from above with Edge and Chrome, but paid. In the future, he will understand why Pro is better, learn how to use Bitlocker to secure his USB flash drives etc. He can't do that with the Home...

I have to deal with these people daily, and it's a constant struggle to teach them new features of the software they already are using, let alone teach them another one from scratch... This is why I will not add another third party software to the config, one is more than enough, it's something they hopefully can handle...


Nevertheless, thank you for your detailed feedback @MSDOS8bit , appreciate it

 

[Deleted member 178]

I have to deal with these people daily, and it's a constant struggle to teach them new features of the software they already are using, let alone teach them another one from scratch... This is why I will not add another third party software to the config, one is more than enough, it's something they hopefully can handle...

Exactly, i observed the same too and from what i know dealing with noobs :

2: while Windows firewall is enough, why use Defender when there are so many better free alternatives ? Avast and Avira offer rock solid protection, while Sophos Home and Bitdefender Free don't even bother you with ads (or very little).

Most won't understand even the simplest alerts. WinDef is actually the best AV for noobs, no interactions needed or FPs.

3: for browsing, i think Google Chrome is a better alternative. At least as secure and light as edge, but with better compatibility and more user friendly.

Indeed , but Edge is built-in and very safe via Appcontainer and Smartscreen. No need more unless they want.

4: browser extensions offer a great layer of protection and for free. Avira Browser Safety and uBlock Origin are among the best.

They aren't even aware of those. they will just use a browser barebone. 99% of noobs i met , don't even put an ye on the settings.

5: i think Malwarebytes Free is great. It finds stuff that antiviruses missed, and even beginners can easily do a scan if they suspect anything wrong or once in a while.

MBAM suxx plenty those days, and they won't care using it, noobs need automated solutions, that do everything for them without their interactions.

 

[Amelith Nargothrond]

They will get there, some of them.
They need time, but first, we need to make them understand they need to learn, why, and most importantly how.
I tried everything, I even had to learn how to teach them how to learn. It's rather interesting, the uneducated human mind.

I tried to tell them exactly, step by step, what to do. Didn't work, the first time they needed to change one tiny little bit of information from the instructions I gave them, they were lost, because by telling them on a step by step basis everything, I skipped the part where they needed to understand for themselves why those steps were necessary and not others. Let alone change them, to adjust to stuff.
I tried to just give them just some clues on how to do their tasks. That didn't work either because they found too many information, they had to process too many data at the same time, and... they were lost again.

I found that by pointing them to the right path, explaining little things in baby steps, but not too much information, using simple words, to give them the time and means to explore stuff, teach them to search for information and not to ask everytime for help at every bump they hit, use only the right amount of information not to overwhelm them, combine theory with real world practice, they will, in the end, understand why this path is better than any other. This takes time, nerves, patience on both sides.

It's an art, really. For the first time, I got in the shoes of my old teachers. It's a damn hard thing to do, work with people, teach people and expect good results. Imagine these people to be teenagers (I mean us when we were young(er)).

Anyway, it's called evolution, but it has to be on both sides, teachers and "pupils" for things to work out.

 

[Amelith Nargothrond]

Thank you whoever added "autoplay: off" to my first post

 

[MSDOS8bit]

Thanks for your answers @Amelith Nargothrond and @Umbra. While i respect your opinions, i disagree with some of them.

Around 10 years ago, i used to fix computers to make some extra money, so I've met noobs and average users and seen what they did and what happened to their computers.

Almost anybody knows how to use the very basics of a computer nowadays, if you exclude the elderly. If a user doesn't even know how to install a web browser or an antivirus and use the most basic functions of Windows, he is doomed to see his computer being wrecked, whatever by a virus, data loss or a mistake, and he should definitely stick to use only smartphones and tablets.

Even noobs have friends that can guide them and knows how to use Google. Are you saying it would be difficult for them to search "google chrome" or "firefox" and install a browser ? The install even makes it so you can import your favorites and passwords. There's literally nothing to do on the user end.

Also antiviruses don't require "maintenance" and are mostly fully automated. The scans, the updates and the threats are handled automatically most of the time. The only thing that could confuse the users are those ads on Avast, AVG or Avira that could lead them to think they are unprotected while they're not. That would never happen with Sophos Home or a paid antivirus.

I understand what you mean and i respect your opinions. I also think that what you're trying for noobs and average users by setting a basic standard is a great idea.

But unfortunately, in the end, these kind of users will face repeated problems. If their level of knowledge is so low, they will get infected by a virus, turn the OS into a mess by messing with the settings or lost their data because they don't know or even care to make backups. And they will encounter problems with their online activities as well. They will get hacked because their passwords are too weak, they will get locked out of their account because they forgot to write down their password or set a recovery phone or email, they will fall for the phishing emails or the dishonest ads. And they will lost a lot of money on computer repair shops and online help that are mostly overpriced and trying to rip you off into paying extra or buying stuff you don't need.

Except if they're old or farmers or something, there is no excuse for people being so ignorant in our digital world. Noobs are mostly people that dislike high-tech and are too lazy to even want to learn. As for the average users, there is hope for them thanks to guys like you and websites like MalwareTips

 

[DJ Panda]

I'd honestly keep Windows at a barebones. I use Edge all the time with practically no security extensions. Although I use Avast, Windows Defender is perfectly fine to use. Chrome is ok but to keep things simple just use Edge. I would however add an on demand scanner like Zemana, though that might not be too UI..

 

[Handsome Recluse]

The time it takes for them to learn the OS and its minutia would be really slow since they probably care more about the apps like Microsoft Word and browsers rather than the platform they're in. Things like Bitlocker and the chance unimmediate potential boost it gives is probably not more important to them anyway as they will focus on the immediate productivity these apps give them.
Chrome is also wildly more popular than IE+Edge+Safari default browser combo. It would be weird if the average doesn't touch Chrome. Of course it could be because Chrome is already installed in their system when it was bought but the updated Chrome is the more popular so Google does a good job at automating updates.
Antivirii also automate updates. Just gonna find someone who upgrades to the next version automatically but secondary scanners are manual. They might not see the immediate benefits or importance or worse, might not know how to handle the thing or won't even open it
@Amelith Nargothrond @MSDOS8bit What do you teach them and what country did those people come from? The difference in info and the demographics might explain the seeming difference in your experiences.

 

[Deleted member 178]

Around 10 years ago, i used to fix computers to make some extra money, so I've met noobs and average users and seen what they did and what happened to their computers.

so i did too.

Also antiviruses don't require "maintenance" and are mostly fully automated. The scans, the updates and the threats are handled automatically most of the time. The only thing that could confuse the users are those ads on Avast, AVG or Avira that could lead them to think they are unprotected while they're not. That would never happen with Sophos Home or a paid antivirus.

You want to know how many computer with outdated AVs i saw , because the user don't even care to update it to the new version...

Except if they're old or farmers or something, there is no excuse for people being so ignorant in our digital world. Noobs are mostly people that dislike high-tech and are too lazy to even want to learn. As for the average users, there is hope for them thanks to guys like you and websites like MalwareTips

they are indeed doomed because they spend what, 1h a day on their computer, unlike us , they don't have time to learn how to deal with it , they just want go internet do some quick googling, or watch some videos. Asking them about security and good practices are above their head and they won't even care.

What do you teach them and what country did those people come from? The difference in info and the demographics might explain the seeming difference in your experiences.

Good point, personally i'm an expat living in Vietnam , i teach my friends (at least those who care to learn) the basic safe habits of security and the minimum required to maintain a computer, i put the simplest tools possible , and im very happy that MS includes Win Def because now i don't need teach them to install an AV, update it, react to popups from a BB, etc...all intergrated tools in Win8/10 made their life easier with their machine. Once i explain them how to react to UAC & smartscreen. i barely get their call asking me to fix their system unlike when they were in Win7.
Here only people working in companies or youngsters knows how to use properly a computer (if they can afford one..) . That is why smartphones and tablets are way more popular than computers, because it is easy , cheaper, and the learning curve is minimal and almost all is automated; unlike a laptop or desktop PC.

 

[Amelith Nargothrond]

Many good points were taken here, nice

My target (point of this thread) is the beginner user, age or demographics doesn't matter. I will define the beginner user, since I didn't:

• a user which didn't work with computers before (or just occasionally)
• a user who worked with computers at a basic level his whole life and didn't bother to evolve; these users also need security
• a user who worked with computers his whole life and didn't even knew about basic security best practices (like photographers, graphic designers, dental technicians, doctors, etc.); these kind of users know what a browser means, work with Photoshop and other specialized apps, but from a security point of view, they know close to nothing, let alone understand something like UAC, sandboxes etc.

The point of the thread is to accommodate them with the term "computer security", vital components part of computer security, breach points, basic and easy to understand OS features etc. which will help them secure their environment without adding a heavy overhead so they can keep focusing on what they usually do, or let the complete noobs know that they have to first do some stuff before which won't complicate their life that much.

I grew up with computers, I was fortunate enough to have everything I need to evolve in this direction, but there are many users who work with computers and don't even realize what security means. This thread is also for them. When I was 18, my first "official" job was computer repairs in the biggest computer shop in one of the biggest cities in Romania, and boy, I met noobs there. I didn't even knew they were so many up until working there. I'm over 30, closer to 35, And I still have to occasionally work with people. Not that much anymore. But, noobs are still everywhere, 15 something years later, even if computer shops and software houses are at every corner. I'm not joking, we have more software houses then churches probably. Even in such environments, there are noobs, many noobs, everywhere.

If you don't work in IT, you don't really know much about UAC, why there are so many AVs, browsers, the importance of backups etc. They are confused to the point they make basic mistakes even if working with computers their entire life. We do know all these because we have experience, we have the experience of other people's failures and of our own, they don't, they can't have it and probably will never have. But they all have to start from somewhere, listen to somebody, and begin their learning curve listening to someone, exactly because the IT can be so confusing, exactly because of the variety of products nowadays out there.

 

[Amelith Nargothrond]

They don't have questions like "which AV is better, which browser should I install", they have questions like "why do I need another AV, why is this better because I saw an ad with another one which said they are the best". This is why I think it's important, to let them know that there are many choices to make, but some basic stuff simply work good enough, like Edge or Windows Defender, so that they don't have to worry about "the choosing" part, yet. It's a choice they can later make, of course. Internet Explorer had the functionality of a browser, but I couldn't recommend it, not in my worst nightmares. Edge is completely different though, I can sleep extremely well if the user really uses it. No headaches, secure, gets updated. Same goes to Windows Defender.

 

[Handsome Recluse]

https://iq-research.info/en/page/average-iq-by-country Unfortunately, averages are different for different countries.

 

[Amelith Nargothrond]

https://iq-research.info/en/page/average-iq-by-country Unfortunately, averages are different for different countries.

Are doctors idiots? Not in general, specially if medical stuff is involved. Do they have the time to learn about IT? No. Are they IT idiots? Yes, most of them. Are they smart? They are, you don't get to be a doctor otherwise.

So you see, IQ is measured in a way that doesn't apply to our topic (specialized IT topic, "security").

Update:
Think the other way around: when you get sick, lets say something like the flu, you know that there are easy to get medicine for flu in the pharmacy. But there are so many, you don't really know which one to buy in the end. Doctors have access to medicine studies and tests, even for the basic flu. We don't, we don't care up until the point we have it. Same thing here, with our IT security topic. It doesn't lower our IQ because we don't know of the newly released "SuperAntiFluWith15LayersOfVirusAttack" pills. They do know about it, and will recommend or prescribe it if they think it will help you. OR, because we saw an ad with it, we go to the doctor and ask about it, and the doctor says: "stick with the classic paracetamol, as it will have the same beneficent effects with close to 0 adverse effects, if you take them as I say you should. And it's also cheaper."

 

[Handsome Recluse]

How does UAC Deny Unsigned registry hack interact with pirated games/installers?

 

[Amelith Nargothrond]

How does UAC Deny Unsigned registry hack interact with pirated games/installers?

I don't completely understand your question... You mean UAC tempering via the registry?

 

[Handsome Recluse]

I don't completely understand your question... You mean UAC tempering via the registry?

The registry hack that denies elevation of unsigned apps.

 

[Amelith Nargothrond]

The registry hack that denies elevation of unsigned apps.

I'm aware of many UAC hacks, registry or by other means, but i can't particularly say how these interact with games, as the last time i played was many years ago. Games are apps, can't really say why these are different than any other app, it should not matter from an UAC perspective...
This is why I don't really understand your question Help me out please.

 

[509322]

Users with typical home user understanding + AppLocker = some smashed systems. It's absolutely true.

Unless Microsoft completely "idiot-proofed" AppLocker, I can guarantee that some people out there would do something like block execution of winlogon.exe or lsass.exe. I've seen worse.

I watched someone install SEP and immediately enable Application and Device Control without creating a single Allow rule => immediate Black Screen.

Anyway... AppLocker no longer ships with Pro; it is only available in Education & Enterprise.

Group Policy... it will mess with their heads too. Not a good idea.

 

[Deleted member 178]

How does UAC Deny Unsigned registry hack interact with pirated games/installers?

If the pirated exe is unsigned and ask elevation = block
if signed = no block

Simple

 

[jamescv7]

It takes a little time that the user should understand how the security works as protection side.

Browsing problems? Add like Sandboxie and provide an easy yet understandable explanation on when to use such kind of tool.

Any browsers will do as long add security extension that blocks suspicious webpages.

Turn off autoplay to save almost majority of autorun attacks from flashdrives and external HDD.

----------------------------

Honestly any beginner/novice/average users should not limit itself to Windows Defender since protection capabilities are still basic and not enough for recent treats.

A) Avira Free
B) AVG Free
C) Avast Free

--------------------------

Configuration has no proper formula, considering that different users have different understanding.

The OP provided vital components but it can adjust by per users.