user education – What are the most tolerable options for a more general public type not to be victimized by malware?


I’ve talked with a new friend who is fairly bright and who can do some interesting things programming Office applications, but whose technical abilities omit infosec. And he got bitten by nasty malware.

I’m wondering what options might be most productive to offer to him. I’m not sure it’s realistic to repel all dedicated assault, but cybercriminals often look for someone who would be an easy kill, and (perhaps showing my ignorance here), I think it could be realistic to make a system that’s hardened enough not to be an easy kill.

Possibilities I’ve thought of include:

  1. Windows 10 with screws turned down (how, if that is possible?).

  2. Mint or another Linux host OS for what can be done under Linux, and a VMware or VirtualBox VM that is used for compatibility and may be restorable if the machine is trashed.

  3. Migrating to a used or new Mac, possibly with a Windows Virtual Machine, but most people using Macs don’t complain they are missing things.

  4. Perhaps with one of the technical situation, point my friend to user education saying things like “Don’t download software that you hadn’t set out to get. The price of Marine Aquarium of $20 up front is dwarfed by the hidden price tags of adware and spyware offering a free aquarium screensaver.”

This is not an exhaustive list, although it’s what I can think of now. I’ve had a pretty good track record for not engaging malicious software, and I think it can be learned (and that documentation for online safety would be taken very, very seriously).

What can I suggest to my friend for online safety?