The single most important factor in your system's security is still your online behavior.
If you open email attachments that you didn't ask for, or click on links to collect the million dollar cash prize you just won in a lottery you didn't enter, no one on this planet can help you.
Also, if you're running your OS with administrator-privileges, malware can mess you up even if you don't click bad links, especially if your router (aka hardware firewall) is not set up properly.
They key factor is admin-rights. Malware can't spread, gather information or send it to someone else without admin-rights. You don't need them for everyday computer work - just for installing, removing and configuring applications and system settings.
According to Secunia, the average user installs 2 new programs every year. That means that, if you don't use a user account with admin-rights, you'd have to enter your admin-password twice a year. Or whenever you're going to modify system files. I hope that wouldn't be too much of an inconvenience for you.
How to set up a user account that doesn't have admin-rights when you are using the standard account you created at setup:
Symbols:
-> means user interaction, usually a left click
"" content in between is the name of the actual button you should press
-> Start -> Control Panel -> "Add or remove user accounts"
-> "Create a new account" -> choose a name and check "Administrator" -> "Create account"
You're back at the Manage accounts window. Click on your newly created admin account -> "create a password" -> enter password and password hint -> "Create password" -> "Manage another account"
You're back at the Manage accounts window. -> chose the old account you used so far -> "Change account type" -> check "Standard user" -> "Change Account Type".
Sign off or restart your computer.
You're done, that's it. A high percentage of all malware that exists now has no chance to ever compromise your system from now on.
Congratulations!