Any one of the uBlue projects is perfect for this use case.
KDE: https://getaurora.dev/
Gnome: https://projectbluefin.io/
Gaming: https://bazzite.gg/
Install and setup once, run forever. Immutable so impossible to break for a tech illiterate user, no package upgrades fuck-ups because updates are atomic and don’t touch the currently running system, are done in the background and are completely invisible for the user, great hardware support, based on Fedora. Users can only install Flatpaks through the App Store.
The only “maintenance” needed is a weekly reboot to move to the latest OS image.
As a personal feedback, I moved my gadget enthusiast but tech illiterate father on Bluefin. He can ruin a Mac in less than a few months. He can generate undocumented bugs on iOS by his mere presence. But somehow, Bluefin is still running perfectly after a year. That’s how robust it is.
Honestly, Microsoft is one of the most active participants in the shitty fascist dystopian surveillance shitshow in the us right now. It’s not that it “might not be better”, they are literally one of the worst.
Open source doesn’t work on trust, it works on scrutiny. Which is much easier to do when everything is open and therefore auditable. The threat model is very different, and the mitigation process is much faster since thousands of companies, including the biggest ones, need a secure Linux to run all their servers.
Open source software security issues comme mainly from :
What open source software won’t do because doing so would immediately kill a project: