I have MSE installed with real-time protection off. It's there just for the sake of context-menu scans for when I'm not entirely convinced something's safe, and I can't be bothered to upload it to
virustotal or
jotti. Been meaning to try out the
VT Hash check tool, but I suppose I'm just too lazy.
As for entry points, disabled autorun for all drives, have an autorun.inf
folder with all permissions removed on all NTFS volumes (local disks and portable storage), use a hosts file from
here, use firefox 28 with Java disabled (via quickjava extension), and adblock plus present.
Haven't had an infection in years.
I'm planning on building a small router (probably one of those Atom-based SoC mITX mobos in a mITX chassis with a pico-PSU) using pfSense or maybe IPFire if FreeBSD won't play ball with the newest hardware... The idea is to use host blocking, ClamAV realtime checking, rogue Java and ActiveX applet blocking and context-sensitive ad blocking at the internet entry-point, specialized for the task and centralized for any machine used in the house.
If and when I do this, I'll probably make a post about it on the forum, explaining as much as I can be bothered to.