The problem with that is that probably 90%+ of all security issues are caused by the user. What you need to do is train people not to click on every random link that comes into the inbox or open every attachment that claims to be nude photos of some celebrity or from someone they know. People need to learn not to just keep clicking "next" when installing some bit of software, but to take a second or two on each page to make sure none of them are opting you in to some nasty bit of malware. People need to know that if someone calls them up, claiming to be from Microsoft or Symantec or any other big name company, that it's almost certainly a scam.
I get what you intend to do, but you haven't thought it all the way through. Say you perform some kind of tune up service on someone's computer. They then decide to go to some seedy porn site where they can't view the videos because of what you did. They then proceed to undo some of your tune ups to see naked women (or men), a digital STD infects their computer, they now blame you because you promised to make their computer more secure.
If computer security were as simple as changing a few settings or disabling certain programs, companies wouldn't need to spend billions of dollars a year on computer security. That part of computer security is easy, the problem is that all it really does is help mitigate the damage. USERS are the problem, USERS are the ones who do stupid things because they just want everything to be "easy to use". Those are the habits you have to beat out of people and it is something that takes a lot of time and consistent effort to accomplish. You can't just have one or two quick sessions with someone and they're "cured", never to make another security blunder in their life. You could spend years working with people and still feel like you're not making any headway. How long has it been considered best practice to have a password, let alone minimum of 8 characters, mix of letters and numbers, at least one non-alphanumeric character, etc? It's hard enough getting users to have a password that's something easy to guess like a birthday or anniversary. You can all but forget about some random string of letters and numbers along with a couple special characters. Until you can train users, you may as well be trying to empty the ocean with a drinking glass.
I would like to ask for suggestions from some experts here regarding security tweaks for Win 7. I already know of all the obvious ones. I'm kind of looking for those last few lesser-known ones that some of you might know of that I don't.
The reason is that I plan to offer a "PC security tune-up" service to local people in my area where I will examine and change several settings in Windows (7 and Vista is mostly what I believe I will encounter, probably some XP too) that tighten up security for them. I believe that there a vast number of home users out there (as many as 90% of them would be my guess) who don't have the skills or initiative to investigate their own security, and just leave their Windows settings on the defaults. As we know, this can be hazardous.
With all the new events and attention around unauthorized NSA surveillance and increasing malware and hacking problems, it seems like an excellent time to offer a service that helps people with their security.
If this plan seems odd given that I'm asking for input, note that my status regarding knowledge is that I'm in that huge middle ground between newbie and really skilled tech person. To give it a visual, I'd say it this way: if the lost newbie who can barely handle changing a setting in their browser is a "1", and a really sharp IT expert is a "10", I'm about a "5." I know way less than professional IT people, but I also know way more than most non-pro people (over 30) that I run across. I believe I can help that huge demographic of "ones through fours" because I believe I can talk to them in layman's terms and help them understand the problem (and solutions).
I also doubt that most pro IT people would be interested in making house calls for this kind of small thing anyway, and I'm more than willing to do it (I'm currently out of work).
So... any tips? I'm already going to be doing all the obvious ones like having clients set their User Account Control to the most sensitive setting, disable file sharing (provided they don't need it), disable Autorun, disable Remote Assistance (after confirming they don't use it), disable VNC, etc. Like I said above, I'm really looking for the little-known but important holes. The service will be aimed at closing off most of the vulnerabilities that for some reason Microsoft likes to leave open by default.