All of the aforementioned make good 'second lines of defense', but every person's 'first line' should be least privilege.
But what does it mean in a practical way?
This is what I can come up with:
Don’t use Administrator account
Set UAC to highest level
Disable Adobe Flash
Use Adblocker (you can still allow ads on sites you trust)
Use Scriptblocker for your browser if you are really serious, (but I have heard it can be annoying)
Use good antivirus/antimalware
Use anti-ransomware if you want (numerous anti-malware programs is a slippery slope I would argue)
Keep Windows up to date (guess I have to add this one although I don't feel too confident about MS anymore)
The best thing would probably be to sandbox the browser. Is Microsoft Edge immune to ransomware? That would be an edge over other browsers.
Still I can’t understand how ransomware works. There must be an executable involved that is encrypting your drive...? How can this run without triggering UAC?
Back in the days of XP I was infected with a worm (Blaster or Sasser) just by connecting to the Internet without antivirus. So I know it’s possible to get infected by malware without clicking an executable. There have also been infected PDFs spreading malware I think.
It would be nice with some kind of “best practice”. Malware creators make money by creating malware. Anti-malware creators make money by creating anti-malware. Bloggers make money writing about malware/anti-malware.
But it’s hard to find “the truth”. I refuse to think that the solution to anti-ransomware is to run yet another anti-malware program on my computer. Anti-malware programs are a problem by themselves I think and should only be used as last resort, because Windows is a big target for malware creators.
@Monk It would be nice if you could expand on your “least privilege” argument. Are you talking about corporate environments with locked down machines where you can’t do anything? Or special settings or software?