Advice needed for my security setup

I'm a long-time reader but in the past I wrote a little (I dont' even remember my username), so I'd like to introduce me to this forum.

I'm an IT professional in Italy. Like (I suppose) many people here, a day I caught a virus, I finally went rid of it and then I googled for the best ways to protect me. Finally I found Wilder's and (I think like many people here, also) my PC ended up bloated with a mess of security software.

Then I started to strip down my setup and now I would like your advice.

The Users:
Two PC's (1 desktop and 1 netbook, both Win XP SP3) shared by me and my not-so-geeky wife, so I don't want to reduce usability at all. I'm on a always-on ADSL connection.

The basics: I set up a LUA (with SuRun) and a default-deny SRP (for all users except administrators - no additional path rules), all enforced by KAFU. All HD's have 2 partitions (system/data)

Backup:
syncback free for data backup
Paragon Hard Drive Manager 8.5 SE for system partition backup
Mozy Home Free for scheduled backup of selected data

I have a second internal HD on desktp PC that is mainly dedicated to backups, but sometimes I make a full backup on DVD's also.

Firewall:
Netgear router with hardware firewall, remote admin disabled, custom strong password for admin, UPnP disabled. PC's are connected in a small WLAN (PSK-WPA2 key), so XP Firewall is on on both PC.
OpenDNS setup in the router, with some ad/nasties filtered.

Browsing:
Firefox in SandboxIE Free, with direct access to only one folder where my wife learned to save all the downloaded stuff. Forbidden acces to 'My Documents'. Only few executables (basically Firefox, Thunderbird, SuRun, Foxit reader, Media Player Classic, 7-zip) are allowed to run in the sandbox. I use AdBlock Plus, more for convenience than for security, and WOT as site advisor.

eMail:
Thunderbird in SandboxIE Free (direct access only to mailbox and address book)

AV:
I'm ending up with no resident AV. I tried all the freebies and at the moment I have Avast!home, but now I mainly use it as on-demand scanner for downloaded files or unknown DVD's/USB keys. At the moment the only running shields are network, web and email, but I'm considering to drop them as well, because of the sandbox and the fact they found nothing in a couple of years.
I dropped the resident module of Avast! when I found Prevx Edge Free, that now is my main realtime alerting module (I don't care of removing malware, to remove I will restore my backups).

Privacy:
Keepass for passwords
TrueCrypt container for personal data
CS Lite, Better Privacy, Redirect Remover in Firefox. Firefox alway deletes personal data on exit.


My CPU's are not supporting DEP, so I installed Comodo Memory Firewall (altough it never popped up a message, it's a very small footprint).

I have also Returnil installed, but it's used only when I'm feeling unsure (dangerous web searches, some unknown application).

All that stuff is very light on resources; evan my old desktop PC is very responsive and I have the feeling that I'm covered enough for my browsing habits; but I'd like to hear from you if I can discard something from it or if I missed something to add.

My thoughts at the moment are especially related to:
Comodo memory firewall: do I really need it?
Windows Firewall: Do you think it's overkill? Now it's in my setup only because of the WLAn
Drive Sentry: mayby a possible replacement for some of my apps, or a complement? I'm sure only that it adds its system resource usage, I don't know about additional security.

I apologies for the length of the message and for my not-so-perfect english and I thank you in advance


Drone

 

to me you are just fine well protected
with SuRun+sandboxie

 

I really like your setup, it's almost the same as mine.
I really have any critique, because it all seems very neat.

 

I think you have all the bases covered...great setup!!!

 

I have the same feeling ... almost. Often less is more, but I feel more secure with some added layer and for now I'll stay with some other app. Maybe next thing I''l drop will be Avast! web shield, and then who knows.
Thanks for your advice

 

your welcome