I'm looking for ways to defend against ransomware.
As part of this strategy I've come up with the idea to block myself from writing to as many locations (and files) as possible.
It may be assumed that the active user is always logged-in as standard, local user (not as an administrator) on Windows 10 and that write access is specifically denied to that user, using NTFS' security features.
Does NTFS' "disallow write" feature effectively stop ransomware from encrypting and deleting the protected folders and files?
Or better formulated:
Is it worth it to bother and change NTFS file and folder access permissions to defend (in-depth) against ransomware?
Bonus question:
What changes if you're usually logged in as an adminstrator?