How to make it difficult for family members to fall victim to malware, scam, phishing, etc

I would say that Proton Mail would be very useful from the perspective of practically eliminating Spam, and Spoofing, thus Phishing as an extension.

Hotmail, I had 10-15 phishing emails in my junk folder daily …
Switched to Proton, had 3 in 9 months ! AND they were highlighted as possible scams as well !

Much less stressful for all, I would say.

Kaspersky is also in my stable and along with UBlock Origin, and Firefox blocking, tracking is also markedly reduced.
Not unusual to have had multiple 2 week reports showing web camera access attempts to the tune of 300 or more in 2 weeks !

going back to what OP said and this is my thoughts as I have actual experience with this:

This is often not a technical problem.

What I have done in some cases is used GrapheneOS with just the necessary and minimum things that person needs. Suggesting 100 other different tools is not necessary and will often complicate things particularly for the elderly.

Why GrapheneOS? Well it’s reasonably secure, but the main reason is I can reduce the clutter on that person’s device to just the few related things they need.

A lot of these scams are phone call related, and that requires education, eg nobody is gonna call you and ask for X, Y, Z, A, B C.

The less stuff you give an old person to worry about, the more likely they will identify scam/malicious activity. The reason for this is because things out of the ordinary that are not what they are used to will “stick out”.

Just know any decisions you make, you’ll have to support.

And yes, suggesting random Linux distributions like mint is not helpful. Not only is Mint nothing like current day operating systems it’s not secure in any way special.

If I was choosing a desktop distribution for aged person I would pick something probably GNOME based because it is most similar to their phone. Also GNOME tends to have better QA and testing/and resources than Cinnamon ever will. Failing that I’d select KDE, which again is about the same in terms of testing and QA as GNOME. Yes people don’t work for free so a funded community GNOME/KDE is always going to have more developers and vibrant community.

Likewise country avoidance is not going to help here either to address any of the concerns that OP mentioned.

If you do use uBlock, you’re going to want to use it in easy mode, and probably follow the recommended instructions we provide on the site, ETP strict etc.

The other recommendation would get them to use a password manager. In some cases like this the aged people I set this up for (in their 70s) were still running a business and shared data with their son, so we used 1Password as it had a clean UI, very good on Apple devices as well. While I like Bitwarden myself, I wasn’t as happy using that on their iPad, iPhones etc.

If you’re setting up a windows machine, no reason that windows defender isn’t sufficient. If you look at testing you’ll see that it is about as good. Once again a lot of modern day virus scanners are basically nagware because they want to look like they are doing something.

TLDR:

• old pc = fedora workstation gnome/kde
• newish pc (as in capable of windows 11) = leave it with windows on there
• mac okay leave it as mac

Thanks for your response, I am unaware about anything related to Linux, however, I will look into what the terms you used mean.

I ended up giving them Chrome OS, which is amazingly fast compared to Windows as all operating systems should be (fast and environmentally friendly).

Chrome OS is perfectly compatible with their netbook, as all key binds were mapped perfectly, secure boot and other features provided by the OEM seemed to be operational and utilised by Chrome OS, although I have no idea how to tell.

Chrome OS is exceptionally simple, making it easy for them to use.

Since you can’t download apps on Chrome OS and all applications are sand boxed (where they can only access a few and only necessary permissions) it is hard (or impossible?) to get a virus.

uBO took care of phishing via content blocking, and it probably has other security features I have missed here.

I made the family member use Gmail (which also blocks phishing emails automatically) and changed most of their passwords for most of their online accounts, especially since they used the same, compromised (on the “deep web” [whatever this is, probably a fear mongering buzzword for encrypted Tor websites where the website owners are protected]) password everywhere.

I told them not to give their information online at all, except where entirely necessary, and to consult me for help with this.

Initially, they were enraged due to their age with this new change, and it took it’s emotional toll on me, but eventually they thanked me for making their computer a lot better.

I believe the most difficult part about ensuring family members and close friends to not fall for victim to the dangerous part of the internet is adaptability.

They’re either dead set on the product for whatever reason, or can’t be bothered to adapt to a new environment. From web browsers, habits to simple things like email.

It gets quite concerning and at times frustrating.

Switching to ProtonMail was life-changing enough. I wish they could do the same.

Though, I understand the sentiments of those who don’t switch from Google because of how Google products are connected to almost every important aspect of the world. A prime example would be Google Maps.

Initially I was yelled at aggressively by my dad, who demanded I switch back everything including his Windows OS which ChromeOS deleted. However, he said if I got him Bing on ChromeOS he would compromise. For some reason he was absolutely dead set on reading the news strictly from Edge’s start page no where else, not even using Edge to access the MSN news website, it had to be exactly as he knew. I think it’s cause they are old and do what works for them, and they do not want to learn new methods. Which I get, I can’t be asked to learn to use Linux, program …

You can install a minimal linux distro that autoupdates, then install a minimal window manager and panel. Then you make custom bar CSS that only has 3 buttons: one to launch a web browser, one to launch a document editor, and one for poweroff (an argument could be made that a file manager would also be a good idea, but not necessarily required). Both applications should be autostarted with the WM/compositor, but the buttons should be there in case the applications happen to crash. Programs on linux need to be made executable before you can run them. To compromise the system, they would have to drop to a tty, log in with a password that they shouldn’t even have (the initial login should be automatic), and run commands provided by the attacker.

I’m pretty sure most people are not going to want to learn how to edit a Linux desktop environment just for this use case. Even if I could, I probably would be extremely hesitant as to build a thing only I can fix.

Hopefully one day I can learn how to do this! Chrome OS worked like a charm though, very minimalistic.

My silver bullet for transparently protect my immediate family members from modern online threats is to setup a network wide adblocking, and if i have access to their devices then i further setup a systemwide adblocker too there.

Local adblock via ublock origin on firefox or ublock lite on chromium base, plus dns based adblock via nextdns or adguard, both working in tandem should eliminate majority of online craps nowadays.

I probably never go further via installing them linux, telling them to dump their familiar gmail or microsoft windows etc since i don’t have the energy nor the time to do so. Just adblock alone stopped me from being their personal it guy reinstalling windows, recover breached account etc every few months. Its set and forget and works wonderfully.

Oh yes, they are Although MB’s are rather costly…

@cupcake Isn’t easier to create network wide profile of sorts and enforce every new device to subscribe to it in order to connect?

By network wide i really meant adding an adblocking dns server on my wifi router. That should cover most case, anyone connected to my wifi network would automatically use the adblocking dns server.

But nowadays modern android phone seems to use google dns by default in their private dns settings thus bypassing router dns so in that case I’ll setup to use adguard or nextdns on those phone. I’m already the “it guy” in my family, so after buying new devices they usually came to me asking to configure it. I just change the private dns setting. For iphones i configure using dns profile, adguard have that profile thingy on their site. Those should also cover adblocking on mobile network when they’re out of the house.