I recently helped my brother-in-law setup a new computer that he had purchased, just to make sure that he would not be plagued with the endless spyware and adware that most home users are afflicted with. The biggest issue being that most people run their personal machines as a member of the Administrators group. One thing that I noticed as I waded through all of the "utility" software on his machine was that there is a lot of JUNK on OEM machines!! I have only purchased 1 OEM machine in my lifetime, while building the rest of my machines or buying them used from University surplus sales, so I didn't realize how much crap they put on these things. I got the feeling from this situation that if the user feels safe because of the massive amount of software designed to make them safe on the machine that they must be safe -- or at least that's what the OEM would have you believe. After I cleaned all of the AOL, Norton trial, and Mcafee trial software off the machine, it booted twice as fast and ran much more smoothly. I also installed AVG Free edition for Anti-Virus and enabled the built in Windows Internet Connection Firewall. Now he will be able to use the full power of his machine and not get plagued by viruses and other malicious code.
Some things that are just smart to do with a Windows machine to maintain it -- in order of importance:
1. Do not use an Administrator account unless you are installing software or configuring your machine (this will save most people)
2. Use a firewall of some sorts
3. Enable automatic updates for Windows
4. Use anti-virus software