On Debian if there is persistence on the USB stick ---- you could place an executable shell script on the desktop and then a simple click on it would work. They run super well inside a terminal. Let me give you a simple example of an executable shell script I use to update my debian VM's. If you need a hand with setting up a shell script let us know. Virtually anything you can manually run in a terminal can be handled this way. #! /bin/sh sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove read -p "*** press Enter to close this terminal ***" nothing This is not fully automatic but one click makes it virtually the same. The last line (totally optional of course) simply makes the terminal wait for me to click enter once I see the process has run to my satisfaction.
@Palancar Err... I mean without adding persistence. Persistence slows things down hugely. But thanks anyway...
Chrome + Shadow Defender + Adguard + HMPA Chrome = it's good for security SD = now if she don't install anything, set it on boot (eventually create a folder on another partition and add it to SD exclusion in case she want save docs), if on-demand explain her how she should use it. Adguard for desktop = quite good to remove ads before they reach her browser, add some of the built-in filters, it has also some antimalware features. HMPA = anti-exploits, keystroke encryption, etc... eventually add lastpass, easy to use. should be enough.
Pretty much the same setup I've got on all of our windows 10 machines. Got to say chrome runs very smooth even in SD on windows 10. Exception being that I went with malwarebytes anti-exploit (free). When I start working again, I'm considering a paid license, but will also check out HMPA.
yep this is a basic user-friendly and quite very safe setup. I used to do this on some friends and "willing-to-pay-for-good-security" customers machines. barely get any distress calls after.