This is exactly why, on a Windows computer, you should:
1. Never run under an administrator account unless you are performing administrative duties (i.e. temporarily admin to intentionally install an app, and not opening Word docs).
2. Use Software Restriction Policy to only allow executables to run out of C:\Windows, "C:\Program Files", and "C:\Program Files (x86)".
If I had to pick one or the other for my grandmother - antivirus software or the non-admin/SRP config - I would choose non-admin/SRP hands down and sleep easy. It's that effective. Unfortunately almost no one operates in this state because it's not default when you buy a new Windows PC. Companies selling antivirus software might go out of business if this were the default configuration.
1. Never run under an administrator account unless you are performing administrative duties (i.e. temporarily admin to intentionally install an app, and not opening Word docs).
2. Use Software Restriction Policy to only allow executables to run out of C:\Windows, "C:\Program Files", and "C:\Program Files (x86)".
If I had to pick one or the other for my grandmother - antivirus software or the non-admin/SRP config - I would choose non-admin/SRP hands down and sleep easy. It's that effective. Unfortunately almost no one operates in this state because it's not default when you buy a new Windows PC. Companies selling antivirus software might go out of business if this were the default configuration.