Ask HN: Achieving high security and privacy by daily re-imaging of your system

I'd like to have my system re-imaged every single day (for example, automatically every night, or whenever I shut it down, or just before I travel with it).<p>Why do I want to do this? Because it cleans up the system and instantly gets rid of all malware, junk, and hidden data. By hidden data I mean temp files, URLs, snapshots, and buffers written out by browsers, editors, media players, etc.<p>If you start searching for hidden data, you'll find that there is plenty of private information that is not found by "cleaning" programs like CCleaner.<p>I'm focusing on Windows here but my question can apply to Mac and Linux as well.<p>How to achieve it? I've thought of 4 ways:<p>(1) Carefully create a complete system (OS and applications) on a virgin disk and then run it as a read-only disk. I'm not sure that Windows can be set up like this since it needs to write to the registry and other places.<p>(2) Carefully create a complete system on a virgin disk and image that disk over to your "working" disk whenever you want to refresh your working system. The working disk is writable, so Windows will be OK.<p>(3) Write a script that first wipes your disk and re-installs, one by one, the OS and all your applications from a trusted source (like a DVD or a read-only external drive) by running the actual install programs, and then applies all your settings (i.e., options, preferences, defaults).<p>I already maintain a readme file that documents the settings I use in every app I install, and it is not a huge list in my case. In some apps, settings can be applied only through the GUI so this could be a hassle to set up.<p>(4) Create a VM that has the OS, applications, and settings that you like, and start a fresh instance of this VM whenever you feel the need.<p>In all of these cases, I'm assuming that the user maintains a clean separation between his data and the apps/OS. In my case, all my data lives on a separate volume. (Even data can be untrustworthy--like JPEG images that cause buffer overflow exploits and macros in Word documents--but let's leave that issue aside for this question.)<p>I see pros and cons with each of the methods above.<p>What are your thoughts?<p>Which way would give good security and privacy, but not entail a huge hassle?<p>Is there a commercial or free product that already does this?