Protecting against Flash viruses?

I just flattened & paved my brother’s laptop in the wake of some sort of virus infection. I didn’t feel like trying to sort out what the specific virus was, or try to get rid of it. I’m 90% certain the infection came from a flash exploit, probably from some skeevy pr0n site or something.

I’ve set him up with Windows 7 and Chrome. Is there anything else I can do to help him with preventing flash-based viruses in the future? Sadly he maintains that not running flash is a nonstarter. Will UAC mostly take care of it for me, so long as he never lets Chrome run elevated?

I imagine there’s a FlashBlock equivalent for Chrome by this point, so that Flash apps only run if they’re whitelisted or he clicks on them to enable them. (e: Though that’s not necessarily going to stop him from triggering them if clicking on it promises him hot MILF action…)

Could have been a PDF exploit too; there have been a bunch of Adobe Reader vulnerabilities and one attack vector is to embed a hidden PDF within a web page. To protect against those you can do things like use a different reader (e.g., Foxit), disable in-line viewing of PDFs (make it prompt you instead), disable scripting within PDFs in the viewer…

Chrome lets you set up Flash as click to play which is a good thing.

I don’t think there’s jack shit you can do, sadly, other than cranking the Flash update check up to as frequent as possible. Goddamn VMs.

Does he have Yahoo or Hotmail or use Yahoo or MSN as his homepage?