I use the following on my browsing PC (Win 7).
Firewall: TinyWall with lockdown mode. No incoming connections, all apps are blocked with only a small whitelisted ones. So outbound communication from any apps.
Always run as a normal user with elevation on need basis. Same is applicable for *nix and Windows OSes.
For development, I have another PC which contains Comodo Antivirus (Home / Edition - Freeware)
Won't open any downloaded executable files if found suspicious. Usually scan it with virustotal for safety if I feel fishy! (It's purely a gut feel, but has saved my **s many times!)
For most of the office documents, I've multiple universal viewers which can preview the file in read only mode. No VBScript / JScript executables.
Disabled the autorun on all removable drives.
No thumbnails stores enabled. A bit of lockdown and hardening on the windows side. Disabled most of the services which are not required / not used and manually enable them after enabling it using the Autoruns utility (from https://live.sysinternals.com).
So, mostly the services will be disabled and cannot be even run manually.
A bit of hardened and optimized TCP/IP Stack.
Being a reverser since school days (those who knew IBM DOS 4.0 / MS DOS 5.0 days!!
) also look for certain packed files / unpack them, run a quick analysis for infection / networking stuff, if I'm in a paranoid mode!
Apart from that as l don't run Antivirus!
Most of my mails are pure plain text, won't open html mails that easily.
Extra careful with attachments. Don't open attachments that easily even if it is from a known contact.
And no Java / JRE (though I have it on the dev. PC!), disable / remove all plugins (who uses it these days!!
) from the browsers.
Firefox Quantum with Noscript and Ghostery, Multiple Adblockers like Anti-Anti Adblock, AdGuard, URL Tracker removers like cleanurls) will help cutdown any web based malware infections.
Using Brave browser for some Google sites.
Mostly non-standard and smaller, portable applications (Complete set of apps from https://portableapps.com/) for most of the needs and doesn't trust MS, ADOBE, ORACLE, GOOGLE products that easily. Using alternates for most of their stuff.
Have multiple VirtualBox with a bit of patching with manually configured services and without networking and only read-only folders mapped for ingress file copying.
Regular backups of all documents, Photos to Backup HDDs and important ones to cloud with a container based encryption (I don't want Google, DropBox, Mega or whomsoever to peer at my files!)
For encryption, I mostly use command line OpenSSL toolkit (which is compiled in my system)
Never has a virus or malware attack ever since I stopped writing them (from 1999) and before got fried multiple times! (that's a learning process!!
)
All in all, the take away is that a bit of feeling paranoid about security with a little common sense and some lean / less resource hungry firewall, CCleaner, MalwareBytes antimalware, Comodo Antivirus, Less privileged user and some working knowledge will get you a long way!)
If possible switch to Linux for most of the day-to-day activities / development and keep windows only for browsing and some casual stuff and for reversing.
Hope it helps!!! Though the above being lot of off-topic stuff, just wanted to share what I do partially for staying safe!!
Peace and comments welcome!!
