Basic security rules under Windows
- Run your session as a "user", don't ever run your session as "administrator" if you don't need it
- Read your emails as plain text, HTML emails could contain bad code (and write as plain text as well, I cannot stress this more : emails were not designed for HTML !! Screw you with your incredimail and the like !!)
- Run a firewall and antivirus on your workstation
- Regularly try to download the test virus from eicar.org to see if your antivirus software is still running (viruses usually take over protections on your computer)
- Use Mozilla Firefox and Mozilla Thunderbird instead of Internet Explorer and Outlook Express
- Don't forward emails with your 50+ recipients disclosed... dang, please use BCC (this rule also applies to a 10 recipient forward eh)
By just running your session as a user, you'll stop 99 % of the viruses of spreading across your machine. Working as power user doesn't help, 90 % of viruses will still get through.
Playing games as well as some programs may require administrator privileges to run properly.
Who is to blame ? - Microsoft for not stressing the principles of administrator vs user privileges for the sake of ease of use - Poorly designed software requiring administrative privileges while it could run without - Script kiddies (e.g. : boyfriend spying on her girlfriend with a keylogger, this is so lame)