Posting this under Privacy because a) Security is a means to an end, especially in this case b) I don't want "Just use Miracle Product X!" responses Basically, a family friend came to me re: problems with her laptop. It's an older HP model running Windows XP. I removed some gigabytes worth of temp files, defragged the drive, updated it, got the antivirus back in working order, dusted it out, and generally fixed it up. It now runs pretty well. (It'll be slow again in 6 months if the user doesn't start moving her music/movies/pictures off the main drive, but that's another matter.) Problems: The user is a complete novice. She does not have the time to become a power user. She is stuck on Windows XP. (Can't switch to 7/8/10 right now, and forget about Linux.) She has a ton of online accounts, many for paid services. She is mostly browsing with IE 8, which is a huge target. She defaults to using very weak passwords. She likes to install dubious adware games. I don't know if she has a smartphone or tablet. If she does, it's almost certainly not secured (as if such devices can be secured). Furthermore, she's dealing with some difficult life situations right now. So she needs a) Solutions with a very low cognitive burden b) Solutions that actually work in practice When I give her back her XP laptop, I want it to be set up to give her at least a modicum of safety vs. identity theft. ... What I'm thinking so far: Browser security Chrome is kind of the obvious choice as far as protection from local compromise. Unfortunately - Its password storage is no better than plaintext. - Google's privacy track record is IMO awful. (They're an ad company, what do we expect?) OTOH the user does not *need* anonymity (for now!). And Chrome looks better than Firefox as far as ITW attacks and sandboxing. Then again, Firefox actually bothers encrypting account passwords. That's worth something, especially the convenience of having it in the browser. Not sure that's worth giving up the sandbox though, or the separation of password vault and browser. Password security KeepassX or Keepass2, maybe? Those work very well in my experience, but the GUIs might be a bit intimidating. Also, it's Yet Another Application. LastPass might work, too. Never used it. The idea of nonlocal password storage makes me somewhat uncomfortable though. Social engineering prevention This is probably the hardest part. Norton Internet Security has been *RUBBISH* as far as this - it doesn't detect trojan software, adware, etc. at all, even when the stuff is obvious (e.g. using known fraudulent digital certificates). Something is needed to detect this stuff. Phishing prevention seems even harder. Maybe a browser plugin of some sort? How good is e.g. Web of Trust for dealing with phishing sites? Suggestions on any of the above issues, further analysis of the problem, and/or things I haven't thought of would be much appreciated. Thanks!