[sandworm101]

>> The next biggest risk I have encountered is phishing emails

I describe that threat much differently. I don't blame users. I blame windows for allowing a link clicked in an email to install software, to alter system files, to upload PII to Nigerian servers. Users should not be trusted. Just because a macro in an excel doc inside an email CAN do something clever doesn't mean that windows should allow that to happen so easily.

[cirthaya]

Email Software like Outlook is largely responsible for a lot of phishing problems. E.g. email addresses are usually hidden and only visible after a lot of fiddling. Bad UI such as Outlook's makes most users powerless to recognize phishing. The blame should be put where it belongs: with the people responsible for deciding on the fatal Outlook/Exchange combination.

[hulitu]

Outlook is not alone. Some email programs also hide the address or headers.

[AstralStorm]

Windows does what it can with SmartGuard. Users just click through it. You can enforce signed software plus whitelist if you want in a system policy. Just entertain the thought that now you will have to curate a lot of software on the machines.

You can disable execute for download directories too.

These are not the default because it annoys everyone to no end. Likewise installing applications just from Microsoft Store. (Where badness has slipped in too.)

And finally, people still get caught with an MS Office document which will be opened from a download just fine and with a fake website.

[luch]

yep this problem has been solved on Android and iOS where the only place to install software is the App Store.

Windows did try to incite devs to use the windows store but it did not catch on. Restraining third-party installation only from the Store is a good way to remove adwares and co.

Honestly Microsoft did shat the bed with their app store, it has no right to be as difficult to use (both as user and developer) as it is.

[holbrad]

One of the big reasons that the Microsoft store failed so hard was the absurd cut Microsoft wanted (30%).

Windows developers were and are already doing app distribution. 30% for something dev's were already doing...

[kyriakos]

Numerous android apps were found to be doing dodgy things after the fact. Probably ios ones too. It's not foolproof.

[pletsch]

Would also like to see block mounting of ISOs by default.