For home and school/office use, the more of these suggestions you follow, the fewer problems you should have. They won't solve any existing problems you have, but if you follow them all you should be able to avoid virtually all problems in the future. Note: Numbers in parentheses refer to notes at the bottom of the article.
Use Internet Explorer (1)
Use any browser based on Internet Explorer (e.g. Maxathon and MSN Explorer)
Use Outlook or Outlook Express (2)
Open email attachments you haven't manually scanned with your virus scanner (3)
Open email attachments you were not expecting, no matter who they appear to be from, without checking with the sender beforehand
Respond to spam messages, including using unsubscribe links
Carelessly click on links on questionable websites (e.g. "adult," warez, hacking)
Poke unnecessary holes in your firewall by clicking "Allow" every time some program requests access to the Internet (4)
Click directly on links in email messages
Use file sharing or P2P programs
Use pirated programs or programs obtained from non-trusted or authenticated sources
Use a non-IE or IE based browser (Firefox, Chrome, Safari, Chromium, Opera, etc.) (5)
Always have an up to date virus scanner running (6)
Always have a firewall running (7)
Install all the latest security updates (8)(9)(10)
Delete all unsolicited emails containing attachments without reading
Manually scan all email attachments with your virus scanner, regardless of whether it's supposed to be done automatically (3)
Manually go to a site linked to in an email (type it in) (11)
Inspect links copied and pasted into your web browser to ensure they don't seem to contain a second/different address (12)
Establish a regular backup regimen (13)(14)
Make regular checks of your backup media to ensure it is still good (15)
Do not send attachments in emails (16)(17)
Do not use stationary or any other kind of special formatting in emails (18)
Do not TYPE IN ALL CAPS (19)
Sadly sometimes this is unavoidable, so only use IE when the site absolutely will not work with any other browser and you cannot get that information/service anywhere else, and only use IE for that one specific site.
Outlook and Outlook Express are very insecure, and basically invite spam and malware into the computer. The jury is still out on Windows 7's Windows Mail, but given Microsoft's history with email programs, extreme caution is advised. Mozilla Thunderbird is the recommended replacement if you need a non-web-based email client.
Google automatically scans email for Google-handled email accounts.
When in doubt over whether or not to allow some program, use Google to find out what it is and whether or not it needs access to the Internet. Otherwise, denying access is the safest course of action, since you can always change the rule later.
It doesn't matter which one you pick so much as that you pick one of them and use it over IE.
AVG Free and Avast are available if you need a decent free virus scanner, and Microsoft now includes their own Windows Defender software with Windows 7.
The firewall built into XP and Windows 7 is probably good enough for 99% of all Windows users, but other options include ZoneAlarm, Outpost Firewall, and Comodo. If you have a router with a firewall built into it, there is no need for any of the aforementioned firewall software to be running on the computer.
Microsoft's usual system is to release security updates every second Tuesday of the month.
Use of Windows Update on Windows operating systems prior to Windows Vista requires Internet Explorer, and is thus a valid exception to the "No IE" rule.
Service packs should ALWAYS be installed. They frequently contain security updates that will ONLY be found in that service pack.
For example, if you're a customer of Chase Bank, and you receive an email apparently from them with a link to a deal or feature, instead of clicking the link in the email, go to chase.com yourself, and find the information that way. If you cannot find the information within a couple of minutes, that's usually a good sign that the email was a fake; you can always call the bank and ask them about the information to be certain. Make sure you use the phone number included on the legitimate website, though!
Continuing the example above, phishing attempts often include links like "chasebank.com" when the actual URL for Chase Bank is "chase.com." Also, "chase.com.trickyou.com" is actually a subsection of trickyou.com, not chase.com. Of course, not all phony URLs are this obvious.
You can go with a full fledged backup program, or simply copying important files onto a CD/DVD/Flash drive.
I'd recommend a tiered backup system. For example, you might have 5 rewritable DVDs, and every day you burn your backup onto a new disc. On the 6th day, you erase the disc for Day #1 for your backup, and so on so that you have multiple backups should one disc ever go bad. Another way to do this is to go with an incremental backup service such as Carbonite, or even Mac OSX's Time Machine (though Time Machine tends to be used with storage devices that are in the same physical location as the computer, which isn't exactly disaster-proof).
Replace rewritable CDs and DVDs approximately every 3-6 months - they do go bad.
Though often deemed necessary, these dramatically increase the size of email messages (2-3X minimum) and clog up email servers already straining to cope with the flood of spam pouring in daily.
If you want to share photos with friends/family, upload them to some photo sharing site like Flickr, Google's Picasa Web, or Facebook and then send people a link to that particular photo gallery.
This is often seen as unprofessional. Conversely, emails sent in plain text take up less bandwidth during travel and less space on email servers, and they are less likely to include hidden links and malware tricks due to the transparent nature of their content.
This is considered to be the same as SHOUTING and many people find it to be hard to read along with highly annoying.
Adapted from a forum post by Jimmy Greystone at http://forums.cnet.com/7723-6142_102-327159.html