This is the number one most important rule. Don't go around to random sites that seem too good to be true. An example is a site that has links to some random program that you have to download. You click the link and download some kind of malware. If you are going to do this anyways, check the file size. Most programs will have a file size of several MB and malware usually does not. Don't download Limewire or other file sharing programs that let anyone upload things. There are mostly viruses.
2. Get A Router/Firewall
Windows XP and Vista both come with a firewall that protects against inboung protection and has limited outbound protection. Without a firewall, hackers would have open access to your computer through all ports. All routers come with a firewall and if you have multiple computers it would provide protection to all of them. Ignore all the leaktesting crap. All this stuff about Matousec and other leak tests are pretty much useless. Programs that are good at this will have a popup for every action similar to malware which could simply hooking or unhooking something. They are only for advanced users that are paranoid.
3. Get A Good Antivirus With Real-Time Protection
Real-time is the key here. An antivirus that does not scan real-time is useless other than doing scans. What is needed is an antivirus program that can scan all the files that are opened or writing things. This way it will catch malware in action. Most antiviruses are good, but some are better than others. I recommend Kaspersky, Avira, and Nod32.
4. Get A Sandbox/Virtulization/Whitelisting Program
If you are just going to browse the internet, you need a program to keep you safe even if there is lots of malware on the page you go to. These programs have set rules on what is allowed to happen in the browser and is completely seperated from the rest of the computer. I recommend Sanboxie and Defensewall.
5. Get A Behavior Analyzing Program
Though not as effective as a classical HIPS program, these programs will not have popups everyone minute. They analyze the behavior of an application and see if it is acting like malware, if it is, there will be a popup and you can decide what to do with it. I recommend Threatfire and Mamutu.