Changes in red
Running as Admin on Windows7 x32 ultimate with no third party real time security
-------------- on network (pre-PC protection) --------------------
ISP service includes email scanner and spam-filter. Wireless Router with WPA2, SPI with Flood/Poisoning/Spoofing protection and Norton DNS (malware).
----------- from network stack to process stack ------------------
Use Windows FW both for inbound and outbound. Added a deny execute on all threat gate folders (browser download, e-mail and media player using Access Control Lists deny execute/traverse folder for Everyone).
--- from Low Rights (Protected mode) to Medium Rights (LUA) ---
Using Chromium (unsigned application) with Chrome sandbox and build in safe browsing. Running PDF and Flash plug-in with Mandatory Low Rights. Using startpage as search engine, vista basic/windows7 skin,
no extentions only Chrome no-script like tricks of Hungryman/M00NBL00D (see http://www.wilderssecurity.com/showthread.php?t=323783)
-------- from Medium (LUA) rights to High (Admin) Rights ---------
User is only allowed to execute signed executables (AppLocker) plus Chromium and 7-Zip, Admin is allowed to run all from safe places (SRP). Unsigned programs can't elevate to Admin (UAC). Running browser, mail, media player "As Invoker" (file and registry virtualisation) with EMET 3.0 memory overflow protection.
--------------------------- On demand -----------------------------
- Grand parent (USB drives), Parent (NAS, 2nd HD), Child (HD) backup scheme with Win7 Image and Synctoy Data backup
- Running CCleaner through scheduled task (/run /tn) to evade UAC pop-up
- HitmanPro Free (coud) scan and
Avira cloud scan