Hello all, I'm starting to get my Windows 7 Ultimate 64-bit desktop running. Wanted to check if my setup is good, and if it needed anything more or if something should be changed. The main point is to Keep It Simple, and I don't want to use real-time blacklisting. I have done my best to remove all 3rd party security software I could, as I feel that Win 7 has it pretty much covered. The machine is used for all sorts of tasks, such as programming and gaming, so I can't tweak it to death. Here is the list: - Sandboxie Paid with experimental protection enabled (browsers, IM, multimedia, pdf reader, office programs) - SUA for daily usage, Admin account used only for installations and management - UAC at highest level - Considering AppLocker. I haven't been able to test it yet, and can't say if it is too restrictive. I think there is no reason to use SRP in place of AppLocker in Win 7 Ultimate? - Windows Firewall, most probably with two-way advanced security. Testing isn't done yet, but shouldn't be that hard to implement. - EMET with DEP Opt-out, SEHOP Opt-out, ASLR Opt-in, with same apps configured as Sandboxie - Considering Image for Windows as a backup solution. - Autorun and Autoplay disabled via Group Policy - MBAM, Hitman Pro and few bootable AV-CDs for on-demand scans - Main browser: Firefox 5.0.1, with Adblock Plus (Easylist), HTTPS-Everywhere, Noscript. - The machine is connected to D-link DIR-655 router, which has been reinforced with strong passwords for accounts and WPA2. There is also MAC filtering in place.