Simple guide for college student's PC

Is there a guide whereby I can set up the Firewall only on a college student’s computer who has absolutely no knowledge about such.
It would have to be less intrusive as is possible and still protect.
I am afraid if presented with too many dialogs he will simply click whatever it takes to get rid of it.

His Dad’s attitude is “I do not have time for such nonsense, that is why I have software, it is suppose to make those decisions”. An he wonders why I am always being called upon for PC cleaning and repair.

Can’t do anything about the Dad but there is hope for the son if I do this right.

will he be installing software? or will he be using it for basic stuff like internet, email etc.

what are his computer habits

No software installation.
Normal college student stuff; internet, school sites, school work, etc.
Into games, mostly online but not a nut about it.

Is a great kid, but a little naive about security.

I’ve installed CIS on teenagers laptops (the youngest being twelve at the time) with Internet Security configuration, AV in stateful mode, FW and Defense + in Safe Mode, Sandbox enabled with unrecognized files treated as limited. They get very few popup and can cope.

On top of CIS, I’ve also installed Sandboxie in which they run their browser.

During the nearly 3 years from the installation, they were never infected though they facebook on a regular basis.

One other major important issue to fix here is updating his softwares on the systems.
Running Secunia PSI in auto-update mode might help out here About Secunia Research | Flexera
The newer v3 is still beta but more eligible for this type of user.

His university probably already has a policy in place for forcing automatic updates by use of some NAC software required for network access and authorization.

if you really want a light and locked down configuration i would use comodo firewall with defense + without the AV. First install comodo then set it to proactive security by right clicking on the tray icon and change the configuration. after reboot i go into the defense + settings and turn off “enable adaptive mode under low system resources” and only keep “enable enhanced protection mode” enabled if the computer is 64 bit. i uncheck the box “treat unrecognized files as” and disable the sandbox. Then under the firewall tab i click stealth port wizard and select the 2nd option. Lastly go to the more tab and click preferences. uncheck “automatically check for program updates” and “enable comodo message center” then under the parental control tab check all the boxes and set a password.

with this configuration there will be 0 alerts and all unknown (malicious or legit) applications will be blocked. all applications that are in the trusted vendors list, in the cloud whitelist, or the trused files list in defense + will be allowed to run. I run this configuration on my parents computer and it is really light (~8mb of ram) and they havent had a single infection or problem. they use the computer for email, internet, word documents, basic stuff. they havent complained about something not working yet.

before setting the parental control make sure all program are able to run correctly and everything has the correct internet access through the firewall.

hope that helps