I spend a lot of time talking to "normal" people, who use their computers without really knowing how they work, why they have problems, or even what they're doing to cause the problems with spyware that they're having. They keep getting infected with viruses and spyware, and don't understand why. They're running antivirus and spyware protection apps--shouldn't that be enough? The answer is a resounding no. Blindly trusting any application to keep you safe is a recipe for infection. That's why I recommend people follow a few simple rules for safer computing, because it's better to avoid exposure to malware entirely than to rely on your protective apps to fight it off.
Rule 1: Don't open email attachments
I shouldn't really have to say this, but I will. Don't trust any email attachments that you aren't expecting. If your Aunt Esther sends you a jpg, and you aren't expecting it, do not open it. If an email arrives with no text and just an attachment, don't open it! These attachments are usually nothing more than machine-generated viral payloads, designed to entice the weak-minded into clicking on them. Don't be weak minded!
Rule 2: Don't use default software
Internet Explorer and Outlook Express are more secure than they ever have been before. However, millions of people use these apps, which makes them a juicy target. By simply switching to the Firefox browser and Thunderbird email client, you'll cut your chances of being exploited.
Rule 3: Nothing valuable is ever free
Cynical? Yes. True? Definitely. Every day, you'll see dozens of promises on the Internet, promising everything from free laptops to free dating services to free cash! There's always a catch, and the catch is usually expensive. Sometimes, the services advertised are outright scams, another way to harvest credit cards from unsuspecting rubes. But, sometimes seemingly legit free sites will require you to sign up for expensive recurring charges that are nigh impossible to cancel. If an offer sounds too good to be true, it almost certainly is.
Rule 4: Pay attention to URLs
We've all seen them, the spam emails and websites that look just like your bank's website, but the URL is a character or two off, and is actually hosted on a server somewhere in Siberia. If you upload your username and password to an illicit site, you'll quickly find your bank account drained. That's why it's always a bad idea to click links in emails--especially to access your bank account or Paypal. If you have an emergency notice, manually type the URL to visit the site. If something bad happened to your account, they'll let you know.
Rule 5: Criminals are bad spellers
Even if you do accidentally end up on a phishing site, there are almost always problems with it that you can detect! Either there will be spelling mistakes, weird grammatical problems, or goofy-looking problems with the images. If something feels weird about the site, trust your instincts and do a little digging before you enter your personal info.
Rule 6: Think before you click
Beware of skeezy websites. Frequently phishers use porn and warez sites as a way to farm new information and infect PCs with their malicious wares. Don't install software from these sites, it can include keyloggers and other spyware that will infect your PC and steal your private info.
Now, I wouldn't suggest that you run your PC without antivirus software. It's important, and it will help protect your PC should you (or someone else using your PC) exhibit poor judgement.