[Snip good collection of security setting suggestions. Does anybody have others or a URL?]
I could never quite understand how anyone could get "phished" by e-mail since I have never ever seen a "phishing" or other malicious message that was not obviously so, even when I don't have me spectacles on!
Your imagination needs serious recalibration. You are a geek, not a naive, dumb, or unfortunately, typical user. Windows security sucks. Most users will pick convenience over security. What fraction of users (customers) would be happy with your suggested settings? Phishers are smart. They are willing to work for high value targets. Google for >spear phishing<. After you have read a few of those, google for > spear phishing RSA<.
From the comments section of an Arstechnica article on the RSA event:
So why do any workplace computers in sensitive environments have Flash in the first place? Because the training materials are no doubt flash based.
:) If you are interested in security, the whole comments section may be worth scanning. My probably naive view is that this type of problem could easily be solved by having the serious work done on a special class of well locked down machines and making a pool of more open systems available for checking mail or facebook or whatever. I've heard stories of people filling USB slots with epoxy so idiots can't insert thumb drives found in the parking lot or brought from home. I forget the context. -- These are my opinions. I hate spam.