Short of never plugging the computer into the Internet and not accepting disks from other people?
A1. Put a strong password on your personal account, no blanks, not words, no phone numbers, etc.
1. Put a strong password on the Administrator account.
2. Rename the Administrator account.
3. Disable the guest account.
4. Lock the HOSTS file.
5. Install antivirus software.
6. Keep it updated.
7. Run (or schedule) a full system scan twice per week.
8. Install Anti-Spyware software.
9. Keep it updated.
10. Run (or schedule) a full system scan twice per week.
11. Install a software firewall.
12. Keep it updated.
13. Install a hardware firewall (No, this is not redundant).
14. Keep it updated.
15. If you are "surfing" the web, and a message box appears, do not answer it, close it. (Preferably using CTRL + ALT + DEL)
16. Use email forwarding (e.g. get a gmail account and have it forward to your regular account. Use the gmail account as your email address. That way the email goes through 2 services to clean up spam and viruses before you ever see it.)
How many more do you need? I can type all day