So he needs to do web browsing but does he need to do it in Windows? What about a ChromeBook or ChromeBox?
-KeithP
Computer is already in his possession (XPS 15 9550), he's also got a contract with Dell for tech support, I'm not sure how changing the OS around would gel with that. Either way, I have no experience with Chrome OS, so I have no idea how MS Office, ACT!, and the other software he uses would work in it.
I would forget about Sandboxie as that's also likely too hands on and adds needless complication into it. It's not going to offer much if you're already using Chrome which already has proper sandboxing. There's also nothing wrong with sticking with Defender if Windows has been set up properly (e.g. with a software restriction policy (SRP)) and as you've said it's not an admin account.
I could probably make not using an admin account workable. Barring physical access to the computer or anything similar where they can view the screen (if that level of penetration is already achieved he's probably toast anyway), would leaving the admin account without a password introduce a security risk? Or using a password, but having the password hint be super obvious (his middle name)?
I've never set a SRP before, is there a good guide for it out there?
Enjoying all the suggestions from everyone so far, thanks for the great input.
Edit: in the past my father has been hit with things that change his home page to Google imitators like Conduit. Anything that would specifically prevent against that nuissance would be nice. Other than that, crypto-ransomware is my biggest fear, in case my father would panic and do something that would make his data unrecoverable.