If you are ultra paranoid, there are many non-bitcoin related guides out there on how to set up an encrypted filesystem. At a minimum, you should be running linux to make yourself less of a target. I'm not bashing on Windows, but personally I feel that it is easier to secure a linux box.
You should encrypt your home directory and use an encrypted swap as well. I avoid encrypting my entire filesystem due to performance concerns. swap may be a bit overkill, but you never know for sure how the client is going to work unless you look into the source.
Ideally you would use an encrypted thumbdrive (4GB or larger for the database files) mounted to ~/.bitcoin or wherever your bitcoin client sets up its data, then shut down the client and remove the thumbdrive when not in use. You can use a smaller drive and symlink just the wallet.dat file if you want. I chose to keep the DB there so that I can use clients on different computers and just haul the thumbdrive around with minimal block-synching required.
Although I am a Gentoo user, I found this to be an excellent link detailing how to set up an encrypted thumbdrive on ubuntu: http://www.packtpub.com/article/securely-encrypt-removable-media-with-ubuntu
Perform the steps here to secure your wallet in Windows/Mac/Linux. The linux instructions also cover encrypting your home directory and swap:
https://en.bitcoin.it/wiki/Securing_your_wallet
I cannot stress enough how important it is to create a separate user for bitcoin and avoid browsing/emailing with this user.
Be safe, be smart... and most of all, be a pain in the ass to the hackers.
This is the vital line in your post. If you can access it, so can a piece of malware.You should encrypt your home directory and use an encrypted swap as well. I avoid encrypting my entire filesystem due to performance concerns. swap may be a bit overkill, but you never know for sure how the client is going to work unless you look into the source.
Ideally you would use an encrypted thumbdrive (4GB or larger for the database files) mounted to ~/.bitcoin or wherever your bitcoin client sets up its data, then shut down the client and remove the thumbdrive when not in use. You can use a smaller drive and symlink just the wallet.dat file if you want. I chose to keep the DB there so that I can use clients on different computers and just haul the thumbdrive around with minimal block-synching required.
Although I am a Gentoo user, I found this to be an excellent link detailing how to set up an encrypted thumbdrive on ubuntu: http://www.packtpub.com/article/securely-encrypt-removable-media-with-ubuntu
Perform the steps here to secure your wallet in Windows/Mac/Linux. The linux instructions also cover encrypting your home directory and swap:
https://en.bitcoin.it/wiki/Securing_your_wallet
I cannot stress enough how important it is to create a separate user for bitcoin and avoid browsing/emailing with this user.
Be safe, be smart... and most of all, be a pain in the ass to the hackers.
The solution? Make sure that you are not even able to access it yourself, at any time you may be picking up malware.