Advice Request Security setup for my parents

Please provide comments and solutions that are helpful to the author of this topic.

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
F

ForgottenSeer 97327

My parents and wife's parents setup. Works like a charm for a few years now with zero assistance calls and zero infections.

1. Running Basic User plus setting UAC to deny unsigned processes to elevate (it is an option of SWH)
2. Don't give them the password of the admin account
3. Microsoft Defender + Configure Defender on HIGH (protected folders disabled) + SimpleWindowsHardening + Enable smartscreen for Explorer and Edge
4. Microsoft Office (buy a digital one-time license for cheap)
5. Run Edge and harden registry with regedit in HKCU (they can't change settings in Edge) and use BALANCED settings with just 1 extension MalwareBytes Browser Guard
6. Create a NEXT DNS profile for them, enabling all security features and no privacy filters (you have BrowserGuard for that)
7. Buy a large USB-disk for data backup (start the backup when you visit your parents and keep USB disk with you. so it is offline all the time) and install Syncback Free
8. Harden Explorer, Edge and Office with Microsoft Defender Exploit protection (default plus)
a) block images of low integrity
b) block external images
c) enable code integrity guard
d) disable extension points
e) enable hardware enforced stack protection
f) validate image dependency integrity
9) Disable CMD and MSHTA by enabling all protections in MD exploit protection for these two obsolete programs.
10) Disable remote stuff (support etc) by disabling these services or settings as admin.
11) Install a password manager for them
12) Use build-in mail (safer than outlook) and add their mobile account (probably gmail) to mail and agenda for syncing and install MS Outlook App on their Android device.

Don't be smart with 3rd party software or multi layered combo's, just sell your soul to Microsoft and use Andy Full's utilities to raise home user security to business level protection. When you use Microsoft Office there is no better AV than MD. Use Edge pass
 
Last edited by a moderator:

goodjohnjr

Level 5
Verified
Jul 11, 2018
227
On the topic of DNS server it probably better to just use one that got malware protection Quad9 or Cloudflare security or possibly nextdns and keeping the ad blocking list to a minimum, the reason is DNS level ad blocking is more risky for site breakage, since browser extensions or whole pc filtering like Adguard app is able to filter ads/trackers a few ways based on domain/URL/Div on page where DNS level just block the whole domain where the extension might only block certain URL for a domain where DNS would block the whole domain.

Also if you already got ad blocking setup on the browser it's kind of redundant blocking it at DNS level as well, if you do use DNS for ad/tracking use Nextdns and keep the number on of lists to a minimum.
That is something to consider for those who do not need that extra ad blocking, thank you for sharing that; I would recommend Quad9 DNS or CleanBrowsing DNS over those other two for malicious website blocking for a completely free DNS without the limitations and no sign-up required.
 

Stenographers

Level 2
Nov 11, 2022
48
Windows Defender, Adguard (family license $16 on stacksocial with code) or NextDns, and make sure the default browser is a Chromium variant either MS Edge, Brave or Chrome that automatically updates with no user interaction. You can add TeamViewer if you want to go down that remote route if anything happens to the computer and they need you to fix it. Anything more complicated and you're going to get many phone calls from the parents asking about a popup or setting being blocked.
I'd stray away from Teamviewer, as it in itself can be an attack vector. If you have an unrelated security incident yeah Teamviewer might be nice. But in theory for most events you could simply walk them through unplugging their router until you get there (if you live nearby.) And that way you get free food.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,532
I'd stray away from Teamviewer, as it in itself can be an attack vector. If you have an unrelated security incident yeah Teamviewer might be nice. But in theory for most events you could simply walk them through unplugging their router until you get there (if you live nearby.) And that way you get free food.
Or simply use the portable version that doesn't add up to your attack-surface.
 
Last edited:

Pixelman

Level 4
Thread author
Verified
Well-known
Jun 7, 2022
150
Hey everyone, I came back.

Installed KSCFree, HC hardening tools, SWH, Adguard windows with quad 9 dns, ccleaner (offline) with autocleanup for system and browser once every week, and some minor windows tweaks.

No confusing pop ups were showing up, yay!

I know I could have experimented much more, but for now I wanted to have more time with them than with the computer :)

Thank you all for the great solutions! :emoji_beer:
 

monkeylove

Level 12
Verified
Top Poster
Well-known
Mar 9, 2014
555
Avast Free with Do Not Disturb Mode, with notifications turned off, and all options in the mode turned on

Firefox tweaked for privacy with uBlock Origin in default mode
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top