I would partially disagree.
They have the password (to something) as you said, but they did not get the wallet.dat
So you have essentially protected the wallet.dat, Have you not ?
Why not install VirtualBox on the Windows PC. Then use a virtualized Ubuntu installation when you need to access your wallet?
Because it gives you complexity not security. If the host system is infected any virtualisation as protection is useless. While you might be able to fool very simple malware that just searches for the wallet.dat with this, it will not help you against a keylogger. If you type in a password in the VM ware it is still piped through the host OS.
Yes, I would argue against that however that simple malware is not something you need to be concerned about. Most malware today is no longer written by borred, talented teens, but by professionals. Modern malware C&C Servers even have support build in [4]. Thus a search for running VM Ware is routine
You can easily rename the file type to something else like .wkshw and rename it back to .dat when you needs it. They most probably won't spend time to search for a file type like this.
Which -again- only protects you against simple malware. It is not much more difficult to seach the fileheaders instead of the file ending.
I think always using on screen keyboard will make it very safe from keyloggers
Nope, to be safe from keyloggers use something like keepas [1] which is designed to protect against keyloggers. A screenkeyboard is easily detected and taking a screenshot for each click is something e.g. Zeus [2] does if you want. AFAIK Zeus isnt even the latest shit [3] out there.
"use a portable browser" might be usefull, however what is preventing the malicious internet cafe operator to make a copy of all of your data? There might be more interesting stuff. Public computers are not safe.
-snip-
But, when talking about bitcoin, smart hacking tools DON'T EVEN NEED YOUR PASSWORD!
They just need your private keys to steal your money.
Yep.
-snip-
The best way to protect your coins is to NOT GET INFECTED
Just don't install crapware!
"Common sense" is probably the best (sometimes the only) line of defense against malware. Well a secure OS is helping as well.
[1]
http://keepass.info/help/base/security.html#secdesktop[2]
https://en.wikipedia.org/wiki/Zeus_%28Trojan_horse%29[3]
https://en.wikipedia.org/wiki/Operation_Tovar[4] AFAIK it was mentioned here
https://www.youtube.com/watch?v=GA7S0JK8o_k - didnt check, its been a while since I lasted watched that talk. Watch it. It will make you think different about todays malware.
