I can't help notice your nom de guerre is an impossibly long number, so I assume you take privacy seriously as well. I wish most folks had your attitude. Actually I am adopting something close to your approach - but the reason I am, is that Microsoft has been improving the NT 6 drive geometry and security(now NT 10 with the latest OS), and the hardware in new PCs is growing better with it; so I can simplify the basic requirements in modern systems.
The first question I ask a client, is "how much do you have to lose?". If they EVER enter a Social Security number into the keyboard or credit card, or shop online, or do banking or other financial activity on the PC - the requirements go up. So if you do have something to lose, this is my minimum requirement list:
1. Create an use only a limited (local) account for everyday use. Only go to the local administrator to download updates or install programs and applications. I don't recommend using the cloud based account system Windows 8 & above, forces you into - read CNET for the way to create a local account.
2. Install IBM's end point security browser protection called Rapport. This will definitely block all screen, video, and keyboard capture events. This is the only solution that has passed all six tests of the AKLT kit for testing keylogging and other spy threats. This will work in an infected environment, and updates itself most of the time.
3. Install Web of Trust (WOT), as discussed elsewhere in this thread.
4. Install CCleaner - if you set this utility up correctly and run the cleaner section just before reboot, shutdown, or before sensitive activities, it will delete any malware that can run with user privileges during that boot session.
5. Browser plug-ins are going away, but you will always have an app that can do the same thing as Sqript-Safe, No Script, or AdBlock Plus to hopefully block any drive by attacks by bad links or advertisements on even legitimate sites.
6. Activate Defender - I'm talking about the new one that came out with Windows 8, that is an anti-virus as well as an anti-malware. It doesn't hurt to add MBAM to this, because of its malicious server blocker in the paid version, but a good host file could do the same thing, if you can find one that auto updates - see CNET reviews.
7. Download the free version of Malwarebytes Anti-Exploit - if you were using EMET before, you may have to uninstall it. I feel that this utility works better than the glitchy EMET from Microsoft.
8. Use a password manager that for no other reason, at least encrypts the password on your hard drive. Many apps have a bad habit of recording all keystrokes and putting them on the hard drive where the bad guys don't even need a keylogger to find them. I have tested this, with a program available on CNET and was shocked to find many sensitive files in less that fifteen seconds!!! I'm serious about this one!
I will end the list there with one caveat - you really do need to keep all applications and operating system fully updated on the day the updates come out to plug vulnerabilities and prevent zero day drive by take overs of the operating system. To do this is easier - you can sign up for email alerts on CNET for your favorite applications, and make sure Windows Update is on automatic. I can recommend a couple of other utilities that make this much easier: One of them is Secunia PSI - it supposedly tries to do the updates automatically, but the more important feature is that it will usually pop up on Win7 limited accounts and tell you when you need a manual update. Bear in mind by this time, it has probably been at least two days to a month after the actual update came out. File Hippo's Application Manager can get you closer to zero day protection, but you have to log onto the Administrator to run it - if you put a desktop icon to all accounts, and run them as administrator you could short cut this task. Even the CNET alerts are late when it comes to flash. Adobe is not very good at auto updating flash - so if you can do without it, then don't install it - YouTube doesn't need it, and most sites use HTML-5 flash ability to bypass the need for it to be installed. If you have to - only use Chrome, as it definitely does not need flash at all. The other browsers are trying to catch up to this goal. The only source of zero day alert for Adobe flash, that I've found is to sign up for email alerts at Krebs on Security - he is the only way to get the alert on the day it is issued - sorry! CNET is always at least two days or more, late on this.
With the exception of flash - Internet Explorer is getting amazingly good at blocking threats all by itself!! I used to run a ******** lab, to test against malware invasion, and it was next to impossible to test my other defenses using IE-11 or better. The browser actually blocks about 85% of all threats on its own, and even switches from 32 bit to 64 bit automatically depending on web site requirements, which gives it even more protection. I have had to switch to sampling email spam to test against threats now, and even this can be difficult when your email is properly setup to exclude untrusted sources, or blocks active content in the inbox. Flash is the only vulnerability on this, so I hope most web sites will work for everyone just using the HTML-5 version of Internet Explorer - unfortunately there is no promise that Spartan or whatever Microsoft is going to call its new browser, is going to support extensions or apps of any kind. like password managers, or other things that used to be called plug-ins.