I've lately only been using Linux on my laptop and desktop, but my grandparents recently asked me about advice on a new computer. Is the current best practice to avoid all antivirus software and assume Windows 10 is secure with whatever is built in?
Grandpa thinks Avast makes his computer secure and is using their custom browser for his banking. Is my great distrust in all antivirus systems as worse than the viruses they theoretically find still valid?
I think so. Antivirus systems are a huge attack surface. Maybe have windless defender installed; make sure Windows automated patching is on; use the latest version of Chrome or Firefox with an ad blocker installed, and don't give them access to the admin account.
And if you're paranoid like me get a managed switch and setup Snort to monitor your network. That'll protect you more than an antivirus will.
I'll second the recommendation for Windows Defender, based on how well it blocks the bad stuff. But to be clear, 1) Windows Defender isn't any more secure than other AVs, e.g. [1], and 2) the risk from AVs is negligible and far outweighed by the benefit, for the average user.
Windows Defender is at least unobtrusive. Got hit with a cryptolocker last year, and then mandated usage of some garbage WebRoot product that brings a quad-core i7, 32gb RAM and SSD workstation to its knees. Not sure which was worse...
I've used https://github.com/StevenBlack/hosts for years now, and any close- and extended-family laptop or computer I touch gets it either silently or with some explanation if they ask me what I'm doing. Noone has ever complained. My only gripe is that I haven't written a cron-type update script for my extended family members who use Windows.
Which means I only update it for them periodically. It's still better than not doing it.
It aggregates someonewhocares.org and many other sources into a combined hosts file, to the point where it actually slows down DNS lookups noticably on most computers.
I even use it on my phones, and all other devices where I can access the filesystem.
Almost all devices in the world support a hosts file, becase most of the network stacks in use today spring from the same code.
Grandpa should probably use a chromebook. It's cheap, it's not as targeted as windows systems, and doesn't need AV. On the downside he'll be locked into the Google ecosystem, but for his needs that might not be so much of a problem.
If it becomes a problem, GalliumOS is actually good enough in most cases to use as a daily driver on a Chromebook.
Grandpa will be better off with an iPad since iPad has way more apps than Chromebook and is more intuitive and user friendly than Android or Chromebook. iPad can can work offline, more portable and convenient to read (pinch and zoom etc) and to write, type with a keyboard that you can connect or touch type on screen. Not to mention Apple will protect his privacy more than Google will.
I see where you're coming from and my (then 76 year old) Gran loved using my iPad mini, but she found the screen too small and a full sized iPad too heavy to hold. She did like her iPhone, but would still routinely send random messages to the wrong person.
She would've also found the jump from iOS 10 to iOS 11 confusing, as she did from XP to Windows 8.1.
I'm only posting this because I went down the exact route you mentioned for exactly the same reasons and it backfired spectacularly, and expensively.
I share your intuition. Absent credible evidence to the contrary, I would not use anything on Windows other than the default from Microsoft. On the other hand, I probably wouldn't expend a lot of energy arguing with Grandpa when Grandpa has decided Grandpa knows better.
However, my first level advice would be not to do banking online, but that's another story.
Grandpa thinks Avast makes his computer secure and is using their custom browser for his banking. Is my great distrust in all antivirus systems as worse than the viruses they theoretically find still valid?