Rock-solid hardening of a Windows 7 system?

Solution 1:

Set up Windows 7 with a normal user account beside the Administrator account, just as you'd do on Linux. It's virtually impossible to really screw up the entire PC with just a normal user account.

This way, any suspicious activity will require an Administrator password at the elevation prompt (sudo equivalent)

Solution 2:

I think that, given you're coming from an environment that requires you to understand what's going on, you'll have no problem keeping things secure on Windows. In my experience, most issues arise from inexperienced or lazy users shooting themselves (and their systems) in the foot. Windows gives you a reasonable level of security, but of course doesn't prevent you (the user) from weakening it. The following list is fairly basic common-sense, but IMHO is where most of the problems arise:

1. Take notice of the UAC prompts - even if your user has admin privileges, Windows will still require your confirmation for anything that needs elevation. Pay attention to what you're authorizing.
2. Make sure you allow Windows to stay on top of updates.
3. Don't install software you don't trust - especially stay away from shadyware like keygens, game cracks, etc.
4. Understand how the firewall works - if you've been using iptables then this will be an order of magnitude simpler. Use the Windows Advanced Firewall screen to check and manage what's exposed.
5. It should go without saying, don't click on that Viagra ad!