You can use Software Restriction Policies or AppLocker so that they can only run the whitelisted programs and not random .exe files and whatnot. You can set this up with various rules, like path or publisher (for signed software).
AppLocker is easier to setup, but not available for all Windows versions.
It might seem like a drastic measure, but at the end of the day your parents probably don't need to install new software themselves. Automatic updates for programs can still work, if you set it right (for example with publisher rules).

Other than that: don't install software unless absolutely required (such as Java), use a PDF reader with JS disabled, disable macros in Office (if possible) and some other stuff...

Yep. I now started listing the antiviruses that mess up the system on my Malware Prevention page.

I encourage scanning with AVs on demand, but a real-time AV can indeed cause more trouble than it solves. And it might give you a false sense of security (most malware is not detected by all AVs, so there's a reasonable chance your AV won't catch some of it).

Among other things, TFA implies that this is because they were using 'PCs instead of Macs' [sic].

While it's true that OSX has way less malware than Windows, the main cause of malware infections is the users who click anything that's offered to them without thinking.
You can hide behind less popular operating systems, but the sad truth is that the average computer user simply can't handle the freedom of being able to do whatever they want, without messing things up.

So the solution is better tech education or--the cheaper way--locking things down. Both MS and Apple are doing it in their mobile OSs and they're starting to implement this in their desktop OSs as well.

Of course, the IT could also have locked Windows down with Group Policy and SRP, so that it would be pretty much impossible to install anything (unless reinstalling the OS).
Instead, they relied on some crappy antivirus (Sophos) and I wouldn't be surprised if the users were given admin rights as well.

I'm not a Microsoft fan at all (and they might have played dirty to get the school to use Windows), but the real story here is IT staff incompetence and the poor education of the average computer user.