Oh, by the way, many of the programs mentioned below are listed on The FREE Replacements page.

1. You must run UPDATED antivirus software. I don't care what brand, but it must be updated regularly, meaning at the very least, every 2 weeks. New viruses come out every day and you need to be ready. There are free versions available if you can't afford to purchase one. I personally think the paid ones are all bloated, and unnecessary. AVG from Grisoft is okay, but getting a bit bloated. I like Clamwin, but it doesn't have an "on access" scanner that's running all the time. That means your programs run faster, but you have to be more careful about what you run. Oh, and by the way, if you're switching antivirus programs, always uninstall the old one, reboot, and then you can install the new one. ... update ... I'm now running Microsoft's free anti-virus tool, which can be run side by side with Clamwin.
2. You must have a spyware checking program. I use Microsoft's free anti-virus tool. It does everything that Spybot Search and Destroy does, but it's all automatic, and you don't need to be a geek to use it. Spybot also allows you to see what programs start when your computer starts. You can disable those programs that you don't need to have running all the time, like Real Player Scheduler, or the Quicktime taskbar, but be careful not to disable anything that might be needed by the system, or your antivirus program. Disabling unnecessary things in your startup speeds up your boot process. Oh, and don't forget to actually run the spyware scan to get rid of  the spyware on your system. I always use Spybot if I know that something evil is lurking on the computer that I'm fixing. If you want to manage your startup without Spybot, there are a lot of tools out there, or you can use something that is already built into your computer called msconfig.exe (Click Start - Run - type "msconfig" - and click OK).
3. Upgrade and update your Operating System. If you are using Windows 95, 98, ME, or 2000 you should upgrade to Windows XP or newer. The older operating systems just aren't stable or secure enough for modern day use. Buy the upgrade, BACK UP YOUR DATA, and then upgrade your system. I myself back up all pertinent data to another computer, and then format the hard drive when installing the new OS. It may need to verify your upgrade status with your old OS CD, but it gives you a totally clean install which is always faster and more stable. Don't forget to do regular Windows Updates to keep your Operating System patched. As new vulnerabilities come out, Microsoft puts out new patches to fix them and you'll need those.

4. Stop using Internet Explorer.

   The US Federal Government has officially said to use any browser except Internet Explorer because IE isn't secure. I am beginning to believe the same thing. I'm very security conscious, but even I had some nefarious programs installed without my knowledge. I recommend Mozilla Firefox. It's a great browser and it's free. It's actually more standards compliant than IE is, and it has a built in popup blocker, tabbed browsing, and other downloadable features called extensions. I've been using a mozilla type browser for years now and it just keeps getting better, while IE just kinda stays the same. I only use IE for things that I absolutely need to use it for. 

   
   Ok. Even I'll admit that with Internet Explorer 8, you don't have to worry as much. If you don't have IE 8 installed, then you should, just in case you accidentally use it. Microsoft officially considers it a critical update now. They've even added some nice developer tools. I still wouldn't use IE at all personally.
5. Never EVER  buy anything from an unsolicited email (spam). I can not stress this enough. If you've ever made a purchase, or even clicked on a link inside of a piece of email that was from someone you didn't know, you are the reason that spam (junk mail) exists. Even clicking a link that says, "remove me from your list", is a bad thing. It tells the spammer that your email address is valid, and they will sell it to other spammers. In an article I read earlier today, Microsoft said that it now thinks that 90% of email is junk (spam).
6. Do not open email attachments (unless you were expecting one from someone). This might seem obvious, but you shouldn't open it up to see what it is, if you weren't expecting it. I know that you got it from Aunt Martha who wouldn't hurt a fly, but guess what, it's a virus or spyware, and Aunt Martha just got it from a friend of hers that she trusted too, and she opened it only to have it send itself to everyone in here contacts.  But she didn't even know that it happened, because she just thought it was broken and didn't do anything.
7. Turn off 3rd Party Cookies in your browser. This might just bee my personal preference. First of all you'll need to make sure that you're using the most recent version of Internet Explorer. If you're a Windows 2000 user, these changes might still apply, but you're stuck with IE6 and that means you're on your own. Click the "Tools" menu, and the "Internet Options" menu item. Then you can click the "Privacy" tab and there you should see the "Settings" for the cookies. Don't bother with the low, medium, high thing. You'll notice that all of these setting (at least the usable ones), mention something called a "compact privacy policy". This allows a third party ad site that has a certificate to use tracking cookies. If a site has an ad on it from company A, and another site has an add on it from that same company, that information could be gathered and sold to either web site. Worse yet, if those ads are on a form that you're filling out, they could collect that form information and share or sell it with antoher website. I've heard that this has been documented in the past. At this point you'll want to click the "Advanced" Button. Check the "Override automatic cookie handling" box, and set first-party cookies to "Accept" and third-party cookies to "Block". There are ways to do this in Firefox, and the other browsers also. This way those ad companies can never put a cookie on your system for an ad that exists on a real web page. You might still see a few from the pop-ups that sneak through, but they're in different windows, and domains, so they can't get at your other cookies.
8. Don't ever install toolbars on your browser. The only one I will excuse is the web-developer toolbar for Firefox, if you do web development. Other than that, NO. Don't do it. They're all of very little use, report your activity back to big brother, and generally slow down your machine.

Those are the major rules that you should follow. I'll keep adding things as I think of them.

Perhaps I should mention that I'm not in any way against Microsoft products. I've been using their products for a long time, and I hold many Microsoft certifications. I'll continue to use their products as long as it's practical for me. Their products aren't any less secure than Linux, Macintosh, or Sun; if you keep up with the patches and service packs. They're just a bigger target for the bad guys, so they get shot at a lot, and it's publicized more.