How did you come up with your security setup (Win 7 64 bit pro), suggestions ?

This is about my Windows 7 64 bit PRO system.

It is set up with a standard account and some kind of SRP policy.
Since I'm not comfortable with this I intend to change that setup. The computer is not regulary connected to the internet but I should have a configuration to do that in a way that's safe.

Part of the reasons why I'm not comfortable with that configuration is that I'm not a geek. Things on the malware/security front are changing. For one thing, updates can change the 'security situation'. And I really don't fully understand such 'tech' options.
My current configuration of SRP is probably like this : https://www.wilderssecurity.com/showpost.php?p=1658323&postcount=29 Well, perhaps a bit more complicated. I'm inclined to drop SRP.

I still haven't configured privoxy but I intend to do that, mostly to get better control of the connection to the internet.

I really don't like using an AV/traditional blacklisting.

Flash ? Most websites seem to require it, what's really the best way to either not have it on your system but still maintain a functional internet connection or to just block Flash while still being able to browse the web without major issues ? Security/privacy/(anonymity )/convenience wise.

IE 8 has a smartscreen filter which can phone home, sort of.
IE 9 may have some similar features, I haven't checked it out yet.
So I am interested in an alternative browser.
My past experiences with Opera and Firefox were not good.
I suppose for security/privacy issues several factors are relevant: popularity of a browser (more popular means more targeted attacks), and if the browser handles security/privacy issues well. The latter part can be broken down into two issues: features and simplicity. More features can create extra protection but can also create additional vulnerabilities. More and more complicated code could at least in theory implicate that more things can go wrong, feature-wise and bug-wise.

I'm even willing to consider some kind of HIPS. Not a full HIPS, but something that monitors my browser and sensitive settings of my OS.

One thing I absolutely hate is software that phones home like that Adobe stuff, so I have to deal with that.

Also, I'm not sure about how to deal with all the potential security/privacy issues of Windows 7 like the .NET setup. Windows XP is a lot less complicated.

There are many options like virtualization and whitelisting but I wouldn't know where to start, e.g. vulnerabilities and limitations of specific software.

I strongly prefer not having to update software, if possible.

So, how did you arrive at your current security setup ?
Feel free to come up with some suggestions.

 

IE 9 has Protected Mode, ActiveX Filtering, and Tracking Protection Lists as well. Firefox and Chrome also sort of phones home for their malware site protection.

WinPatrol may fit your needs. Or a behaviour blocker like Mamutu/ThreatFire.

Sandboxie works great in 64-bit, especially with Experimental Protection. Has whitelist capabilities as well.

SUMo or Secunia can simplify that update process. Use EMET on outdated software.

My current setup is started as pretty much the same as my XP one. Then it evolved as I looked for different kinds of security.

 

My security setup came about from by view suggestions and testing different setups myself and until I came up with a security setup I liked and felt each layer complemented each other well.

 

I read a lot and used an imaging program just in case a disaster nailed me while I was testing.
At one time i was overloaded with security software. I got tired of it and removed almost all of it.
Now I KISS the whole thing.
Shadow Protect Desktop, Webroot/Prevx 4 is fantastic!, Sandboxie v. 3.56, Hitman Pro cleans up nicely if my wife or I use a browser out of the sandbox and Winpatrol Free.
My system is Windows 7 Pro x64 with an E8400 CPU. Not very powerful.
And no noticeable slowdown.
Good luck.+
Hugger

 

Thanks.

I use imaging software anyway, but only in case of suspected infections or a corrupted OS.
To some extent imaging can also be useful for preserving some degree of privacy/(anonymity?).

I'm not quite comfortable with the 'experimental' mode of Sandboxie.

Actually, my issue with updates is not the mere inconvenience of updating. It's mostly about updates breaking things and causing unknown changes. In that sense I prefer a static system.
Installing HUGE amounts of Windows updates every month is just crazy IMO.
Updates can cause issues with security software and configurations.