My Windaz defensive plan is very simple so simple it's complex. Take the white list approach. Only allow what you know is okay. This can be done by following these simple steps.

Step 1: Edumacate your self. If you don't know how viruses/worms/trojans/spyware/denial of service attacks work, then you'll just find your self making an informed decision based only on marketing. You'll probably choose Norton/Zone Alarm since they have been effectively marketed to help you setup without having to know anything. Products like these rarely work, or enforce too many restrictions, and use too much of your resources. In Zone Alarms case it also restricts you from viewing "questionable" material and continually sends encrypted information back to it's servers.

Step 2: Remove all un-needed services and applications and use fast user switching and various privelaged users, also set hard passwords for every account, even guest. Disable un-needed accounts. Additionally, when picking your password try using a sentence such as "rupert and mary don't like eggs and apples" then maybe add some l33t speak and add some random characters to produce something like "rup3rt & m4ry d0n't yke eggs and app|e$asjdhkh23", this may seem over kill, but it ends up not being hard to remember and takes a hell of a long time to brute force, now that brute force is eliminated you need to focus on not blindley handing it over to someone.

Step 3: Use a good packet level only firewall and deny all ports except the ones you need. I use WinRoute Pro, you'll need to find a warez version to get this, it's no longer made sold or supported, but it even works fine on Windows 2003, although it can be a bit confusing to setup (Has a lot of extra features)! Or use Deerfield VisNetic (http://www.deerfield.com/products/visnetic-firewall/), this costs a lot, but is an excellent packet level ONLY firewall, if you've got the money I definitly recomend this.

Step 4: Use something to completely restrict what gets run and when! Such as Exe Lockdown (http://www.rollbacksoftware.com/exelockdown.html), which uses kernel hooking to ensure you want to launch applications, it also maintains a white list so it doesn't get repedative. It's made for educational institutions to stop kids for playing with whatever their opressors dictate.

Step 5: Use a small effective anti-virus scanner. I chose NOD32 anything will do. Perhaps ClamWin? This is just to check out the few applications left over which you suspect, it doesn't even have to scan in the back ground. You could just scan what ever you want after downloading it.

Step 6: Use FireFox with at least the extensions: NoScript, Adblock and Adblock Filterset.G Updater. NoScript is a whitelist java script blocker, works excellently. Adblock just removes adds in it's list. Adblock Filterset.G Updater, continually updates Adblocks list with a huge list of adds.

Step 7: Keep everything above up to date (OS, AV, Firewall), most of these applications have some sort of self updating ability, so it's not that hard. The only thing not covered are 0day exploits, but due to your firewall most of them are ineffective, unless one of the ports you've opened is being used by an application, and that application is effected. For instance, don't use MSN Messenger or whatever it's called, use something light weight like Miranda-IM (http://www.miranda-im.org/

Step 8: When ever you hear about an exploit/bad feature in an application... stop using it and look for an alternative, only once you've searched for hours and found no suitable replacement should you go back to the original and use it carefully. In most instances you'll find some sort of replacement.

I know having an exe blocker and a firewall seems redundant when some applications package this, but none of the applications have packaged it as well as these two individual applications i've found.

I have literally used hundreds of different types of firewalls and anti-virus protection and this is the best i've come up with.

Sorry for the log post with the aggressive tone, but I needed to vent. :-)