Dont forget to add an Application layer IPS unit right behind the firewall. Something like the Tippingpoint 10. http://www.tippingpoint.com/pdf/resources/datasheets/401200-001_TippingPoint10.pdf For the ultimate in protection Buy the following Cisco ASA 5505 unit (firewall) Tippingpoint 10 unit (transparent IPS unit)
The Cisco ASA is not appropriate for home users or non-IT professionals in general, and is not without security problems of its own. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1203 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1159 Home users are much better served by buying a basic home gateway/firewall and being able to actually understand it then having an enterprise firewall that they can't configure.
A more secure solution than any of the above (or possibly in addition to some) is probably to use MAC or Linux and install windows as a guest OS in a virtual machine using VmWare or VirtualBox or Xen etc. Only run "must have" Windows software such as trading platform. For all other uses (eg browser email etc etc) use the MAC or Linux facilities. A firewall and no open wireless network should be all the protection you need in this config. Make sure machine has plenty of memory.
These were already mentioned 1. no script 2. key scrambler Here are 2 more 3. flashblock 4. BetterPrivacy If you're using anything other than Firefox, you have to switch. I'm no fanboy, but FF has the biggest number of useful plug-ins of any browser. Yes, Opera may be faster and more robust and lot's of people Luuuuuvvvv Safari. I've even heard good things about Chrome. But it's the difference between buying a Model T (in any color you want - as long as it's black) and buying a Lexus LS450. Some plug-ins (like KeyScrambler) will also work in IE, but most are exclusive to FF. And even if you only DL those 4, they are INVALUABLE. No shit. But every good defensive strategy has multiple layers. Start with an intelligent NAT, SPI router. It doesn't matter what that stuff is, any good (Linksys, DLink, Trendnet, Netgear) router will do. If you want to get fancy, dust off an old 3/486 and install smoothwall or something similar. But plan on learning more about networking that you'd ever want to know. Next, you should have 2 on-the-fly scanners and at least one firewall. I like Avira (www.avira.com) security suite and Malwarebytes. Avira is not free (but you can use it for 30days). Malwarebytes is free for the scanner, but not for the version that is memory resident and scans on the fly. Avira is supposed to have very good heuristics, which means that it can identify potential (aka 0-day) threats. Other programs are mainly database driven, so if you're the first sucker to find a virus, worm, trojan, etc., uhhhh, congratulations? Zonealarm used to be good and may still be and they have a free version. Last I heard, they were going to license Sophos' heuristics, but I don't know if that ever happened. Third, update your OS daily. Have it set to automatically DL and install at least the latest security patches. This is so easy to do and is the last thing most people think of. Lastly, eliminate as many threats as possible at the point of contact, i.e., your browser. The odds of someone hacking your machine by exploiting a vulnerability in the OS are pretty much zero if you keep it up to date. The real risk is with Java and Java script, ActiveX apps and the like. But unless you have NoScript, there is no way to allow/deny these on a site by site basis - at least not easily.
what about google's chrome? I know that the best, cheapest firewall is a linux box set up between your isp and the PC you use and build the linux kernel in encrypted mode.... just my 2 cents....
If you have NoScript, you don't need flashblock, they do the same, only NoScript is better and proven. Key Scrambler is a security risk, and since most keyloggers today run at the kernel level, its pointless.