Security setup for my parents
- Thread starter Pixel_
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
F
ForgottenSeer 97327
My parents and wife's parents setup. Works like a charm for a few years now with zero assistance calls and zero infections.
1. Running Basic User plus setting UAC to deny unsigned processes to elevate (it is an option of SWH)
2. Don't give them the password of the admin account
3. Microsoft Defender + Configure Defender on HIGH (protected folders disabled) + SimpleWindowsHardening + Enable smartscreen for Explorer and Edge
4. Microsoft Office (buy a digital one-time license for cheap)
5. Run Edge and harden registry with regedit in HKCU (they can't change settings in Edge) and use BALANCED settings with just 1 extension MalwareBytes Browser Guard
6. Create a NEXT DNS profile for them, enabling all security features and no privacy filters (you have BrowserGuard for that)
7. Buy a large USB-disk for data backup (start the backup when you visit your parents and keep USB disk with you. so it is offline all the time) and install Syncback Free
8. Harden Explorer, Edge and Office with Microsoft Defender Exploit protection (default plus)
a) block images of low integrity
b) block external images
c) enable code integrity guard
d) disable extension points
e) enable hardware enforced stack protection
f) validate image dependency integrity
9) Disable CMD and MSHTA by enabling all protections in MD exploit protection for these two obsolete programs.
10) Disable remote stuff (support etc) by disabling these services or settings as admin.
11) Install a password manager for them
12) Use build-in mail (safer than outlook) and add their mobile account (probably gmail) to mail and agenda for syncing and install MS Outlook App on their Android device.
Don't be smart with 3rd party software or multi layered combo's, just sell your soul to Microsoft and use Andy Full's utilities to raise home user security to business level protection. When you use Microsoft Office there is no better AV than MD. Use Edge pass
1. Running Basic User plus setting UAC to deny unsigned processes to elevate (it is an option of SWH)
2. Don't give them the password of the admin account
3. Microsoft Defender + Configure Defender on HIGH (protected folders disabled) + SimpleWindowsHardening + Enable smartscreen for Explorer and Edge
4. Microsoft Office (buy a digital one-time license for cheap)
5. Run Edge and harden registry with regedit in HKCU (they can't change settings in Edge) and use BALANCED settings with just 1 extension MalwareBytes Browser Guard
6. Create a NEXT DNS profile for them, enabling all security features and no privacy filters (you have BrowserGuard for that)
7. Buy a large USB-disk for data backup (start the backup when you visit your parents and keep USB disk with you. so it is offline all the time) and install Syncback Free
8. Harden Explorer, Edge and Office with Microsoft Defender Exploit protection (default plus)
a) block images of low integrity
b) block external images
c) enable code integrity guard
d) disable extension points
e) enable hardware enforced stack protection
f) validate image dependency integrity
9) Disable CMD and MSHTA by enabling all protections in MD exploit protection for these two obsolete programs.
10) Disable remote stuff (support etc) by disabling these services or settings as admin.
11) Install a password manager for them
12) Use build-in mail (safer than outlook) and add their mobile account (probably gmail) to mail and agenda for syncing and install MS Outlook App on their Android device.
Don't be smart with 3rd party software or multi layered combo's, just sell your soul to Microsoft and use Andy Full's utilities to raise home user security to business level protection. When you use Microsoft Office there is no better AV than MD. Use Edge pass
Last edited by a moderator:
Is Windows the only option?
If they only use the pc for web browsing, FB, email, etc. the best option is Chrome OS Flex. This is my set it and forget it solution for elders.
If they only use the pc for web browsing, FB, email, etc. the best option is Chrome OS Flex. This is my set it and forget it solution for elders.
That is something to consider for those who do not need that extra ad blocking, thank you for sharing that; I would recommend Quad9 DNS or CleanBrowsing DNS over those other two for malicious website blocking for a completely free DNS without the limitations and no sign-up required.
I'd stray away from Teamviewer, as it in itself can be an attack vector. If you have an unrelated security incident yeah Teamviewer might be nice. But in theory for most events you could simply walk them through unplugging their router until you get there (if you live nearby.) And that way you get free food.
I think that's the most important thing. The kindness of those with knowledge tends to complicate things at times.
As for the specific software, various suggestions have already been posted, so I will omit it, but I recommend the bare minimum configuration.
Or simply use the portable version that doesn't add up to your attack-surface.
Last edited:
Hey everyone, I came back.
Installed KSCFree, HC hardening tools, SWH, Adguard windows with quad 9 dns, ccleaner (offline) with autocleanup for system and browser once every week, and some minor windows tweaks.
No confusing pop ups were showing up, yay!
I know I could have experimented much more, but for now I wanted to have more time with them than with the computer
Thank you all for the great solutions!
Installed KSCFree, HC hardening tools, SWH, Adguard windows with quad 9 dns, ccleaner (offline) with autocleanup for system and browser once every week, and some minor windows tweaks.
No confusing pop ups were showing up, yay!
I know I could have experimented much more, but for now I wanted to have more time with them than with the computer
Thank you all for the great solutions!
F
ForgottenSeer 97327
HC Tools, you mean Hard Configurator and SimpleWindowsHardening together?
Avast Free with Do Not Disturb Mode, with notifications turned off, and all options in the mode turned on
Firefox tweaked for privacy with uBlock Origin in default mode
Firefox tweaked for privacy with uBlock Origin in default mode
Keep in mind that SRP will soon not be working on future Windows 11 builds. Are you using Windows 10?
There's no performance gain from deleting cookies, caches or history. I would avoid deleting browser data for this reason.
You may also like...
-
Help: Comodo 2025 - cmdguard.sys - boot fail with newer Nvidia drivers- Started by Something-x2
- Replies: 33
-
-
A Habit based Guide for Mobile Security- Started by Divergent
- Replies: 14
-
Data Collection Core Principles (Security Software)- Started by Trident
- Replies: 7
-