A Solid Security Plan

If you carry out this plan you will have an online defense that provides solid, but not bullet-proof protection. I suggest reading this whole page before you start. Then come back and start with Step 1. Notice the links for each step -- they lead to more information about carrying it out.

Be sure to uninstall any antivirus or antispyware programs that were previously installed before you install replacements.
Step 1: If you have Windows XP, and you do not have SP3, or at least SP2, installed do it now. (If you have Vista, SP1 is a good idea.) Then make sure your Windows Firewall is enabled. If you install another firewall, be sure to disable the Windows Firewall after you finish.
Step 2: Use secure browsers and email clients. Do not use Internet Explorer with Windows XP -- use Mozilla Firefox except for the few important sites that might not work with anything else. With Vista, IE7 is fairly secure, but I'd use Firefox anyhow.

If you use Outlook Express or Windows Live Mail, make sure to configure it to read your email securely. Windows Live Mail is a more secure replacement for Outlook Express.

Step 3: Install a good antivirus program if you don't already have one installed. Keep the definitions (signature files) for your antivirus program up to date. It will soon be obsolete unless you do.
Step 4: Install a good antimalware program. There are now good programs that combine antivirus and antimalware engines.
It's likely you'll find a few nasties on your computer when you first start your anti-spyware program. If it were me and I ran into a bunch of spyware, I'd plan to reinstall/restore Windows before trusting my computer. [spyware removal suggestions]
Step 5: Back up everything you would hate to lose: pictures, music, the book you're writing, recipes, genealogy records, etc.
Step 6: Programs won't protect you from everything. You need to be informed and stay sharp about the mistakes you can make that will defeat your defenses.
You may be the weakest link in this defense plan until you complete Step 6. You won't be able to finish it all at once, but keep working on it until you learn about online ambushes and how to avoid them.
Step 7: Keep Windows, your browser, and other critical software patched and up to date. Oh yes, and keep the signatures (reference files) for all your defense software up to date too.

Note: It will take time to learn how to respond to the questions and alerts that a full online defense will generate. If an alert seems to be a direct response to something you're actively doing, and it is not related to handling an email message or attachment, or viewing a website, it's probably OK to allow it.

If you're in doubt, I advise letting the security program block the action. You can then try again and maybe get enough of a clue to decide one way or the other.