Alright, thanks for your answers guys.
After a few days of digging through the internet, I've changed my setup a bit and added a few things. Here's my current and probably final setup:
Win10 x64 auto update, UAC max, smartscreen block, win firewall - on, standard rules with few ports permanently blocked: 137 138 139 445 135 3389 5000 1900 | - these ports are quite useless unless you're using wireless printers and can be exploited badly.
RTP: Zemana Antimalware (recommended for newbies), Malwarebytes Anti Exploit (recommended if you do not want your browser and computer to be destroyed by shady hackers),
Windows Defender (yup, I know it's quite a poor AV but it is enough if you're not downloading much crap and using antimalware), I've forced Cloud scanning and PUP detection (YES, WD can detect PUPs) http://www.thewindowsclub.com/harden-windows-defender-highest-levels-windows-10 - some simple stuff I modified
http://www.amtso.org/feature-settings-check-potentially-unwanted-applications/ - to check if WD is detecting PUPs (assuming you want to enable PUP detection which you should if you're using WD)
.. if PUP detection is not working : http://www.winhelponline.com/blog/defender-enable-pua-pup-adware-protection/#method1 | https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus
** also add registry key via regedit in this location : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
Data: 1 enables PUA protection | 0 disables protection
..and then restart real-time protection in win defender and reboot computer just to be sure
Why do I use this "crappy AV" ?
https://twitter.com/taviso/status/676799692936581120 - Some of Google's hackers recommend it
https://twitter.com/taviso/status/647408764505579520 - another post by the same guy
Basically, pretty much all popular AVs except windows defender are opening a lot of new attack vectors because of their poorly written code, bugs, shady practices, etc. Besides, if you're not completely nuts, like responding to emails sent to you by "Nigerian princes", clicking on questionable pop-ups and downloading a lot of crap then you are good to go with windows defender. 11/10 Microsoft employees recommend it as well
standalone scanners : ESET online scanner, Malwarebytes Antimalware, HitmanPro, AdwCleaner
I sometimes check VirusTotal results of my running programs via procexp
I run CCleaner once in a while and I have Cryptoprevent
My Windows tweaks : I disabled SMBv1*** - wannacry spread through this, disable it http://www.thewindowsclub.com/disable-smb1-windows, disabled autorun - a good idea if you're inserting foreign USB drives into your computer
My browser : Chrome, in chrome://flags I enabled appcontainer.
Chrome extensions : 1. uBlock Origin with approximately 230 000 total filtered domains, sites, IPs and in medium mode (block 3rd party frames (stops some drive-by downloads))
to verify if you're protected against drive-by downloads / exploits:
- http://www.amtso.org/feature-settings-check-drive-by-download/ - this should trigger your AV
2. Scriptsafe with browser spoofing ( sites think I'm using Macintosh with Firefox ) to verify : https://browserleaks.com/webgl
3. Stylish (because Google's search page looks too ugly for me)
I've disabled 3rd party cookies in Chrome and I've got a nice theme (yes, security related, kitty protects my computer against shady hackers) https://chrome.google.com/webstore/detail/blackcattheme/niedcneicdfaoonejeaklaplkoenfijp
I've also got Cryptoprevent and Sandboxie
My router settings : default, except : SSID streaming off, changed wifi SSID, approximately 50 characters long wifi password, 15 characters long settings password, openDNS, disabled ping requests from both wan and lan
...Totally not overkill.
Edited by Daniel_Boringcliffe, 06 July 2017 - 03:11 PM.