I've lately only been using Linux on my laptop and desktop, but my grandparents recently asked me about advice on a new computer. Is the current best practice to avoid all antivirus software and assume Windows 10 is secure with whatever is built in?

Grandpa thinks Avast makes his computer secure and is using their custom browser for his banking. Is my great distrust in all antivirus systems as worse than the viruses they theoretically find still valid?

I think so. Antivirus systems are a huge attack surface. Maybe have windless defender installed; make sure Windows automated patching is on; use the latest version of Chrome or Firefox with an ad blocker installed, and don't give them access to the admin account.

And if you're paranoid like me get a managed switch and setup Snort to monitor your network. That'll protect you more than an antivirus will.

Makes sense. For some adblocking on steroids, put all of this in your hosts file: http://someonewhocares.org/hosts/

12,000 domains of ads and tracking blocked at the OS level!

Which means I only update it for them periodically. It's still better than not doing it.

It aggregates someonewhocares.org and many other sources into a combined hosts file, to the point where it actually slows down DNS lookups noticably on most computers.

I even use it on my phones, and all other devices where I can access the filesystem.

Almost all devices in the world support a hosts file, becase most of the network stacks in use today spring from the same code.

EDIT: It has 40-55 thousand host entries, depending on which version you use. In my scripts I just curl https://raw.githubusercontent.com/StevenBlack/hosts/master/h...