Windows 7 security is on high level but you have to understand few things.
Windows 7 offers FW very similar to Vista, unfortunatelly this firewall doesn't user-friendly. There is on the market eg. Windows 7 Firewall Controll which offers you much better management if we are talking about "outbound connections".
Build in Windows 7 FW also doesn't close all ports eg. 445 (using by worm Kido) - you can test it on your machine. Just open IE and in address field type this:
\\127.0.0.1\C$
When you'll see explorer window with your disks - port 445 is open.
That's why it is so still important to have 3rd parties software firewall (if you don't have HW firewall) even on Windows 7 which is a new MS baby.
Another thing is if you'll disable eg. UAC, DEP, SRP your security level will be weaker also.
AV's IMO are great but only as on-demand scanners. Prevention should be on the first place, then detection, then cure.
1. Prevention (HIPS, sandbox, based-on sandbox policy softwares)
2. Detection (softwares based-on blacklists mechanism: AV software/Behavior Blockers/Cloud computing)
3. Cure (Backup software)
Above configuration provides you optimal protection level against old threats (AV/BB) but also against 0-Day Threats (prevention).
HTH,
Creer
