This premise mirrored the core tenets of safer sex educators, who say that changing behaviors to avoid the most common infection vectors is more effective than anything else to prevent the spread sexually transmitted diseases. The same exact thing applies to computer security. After all, the best anti-virus software ever made can't stop you from doing something dumb. After a trial of a few months, I found that I was able to live without the performance hit and hassle of running real-time anti-virus and anti-malware software, without any infections to cause problems. Needless to say, this was a controversial idea, and I got a LOT of mail about the story.
Rule 1. Beware of Emaildon't open unexpected attachments. If you're not sure if something's legit, ask the sender via IM or email before you open it. And never, ever open those "Please forward to everyone you know" emails.
With the rise of email filtering, phishing attacks have become the more serious email threat today. Phishing emails pose as missives from trusted sites--like your bank, eBay, Facebook Paypal, or Google--and ask you to log on to fix your account. Unfortunately, the links in the email aren't to the sites you trust, they're to sites that look like your trusted site, but are really just fronts to harvest your information. The most insidious of these phishing sites will actually harvest your info, then forward you on to the real page you'd expect to see on the site, if you'd actually logged on. To avoid phishing emails, don't click links from trusted sites in email--instead open the browser and type the site's URL in manually.
Rule 2. Be Smart About PasswordsPasswords are a pain in the ass, but they don't have to be. Every site requires a separate password, and it's nearly impossible to keep track of them all without using some external software. I don't like trusting all my passwords to an app because it represents a single point of failure, if the password file gets corrupted, I'm screwed. On the other hand, using just one password on all the sites I visit would be very dangerous--after all, if that one password is compromised, and then used to access my email, every other account I have would be compromised as a result--thanks "I forgot my password" button.
The second password is for sites that I trust. Typically, they're full of sensitive information--my banks, online stores, and things like Twitter and Facebook--where a breach could be very embarrassing. This mid-level password is secure, using a combination of letters, numbers, and symbols that's more than eight digits long.
Finally, the last password is for my email account. My email account is the gateway to access on every other site I've setup an account--after all, if you have access to your email, you can always mash the forgotten password button to reset your password or have it sent to you, right? For that reason, I don't use my email passwords anywhere else, and I typically use a passphrase with letters, numbers, and symbols--if it's allowed by my email provider.
Rule 3. Pay Attention While BrowsingEvery modern browser includes tools that will warn you away from known dangerous sites. That's good, but you need to pay attention to sites that your browser thinks are safe, too. After all, there's always a lag period between the time a malicious site goes live and the moment the browser tools start reporting it as naughty. So, pay attention to things like spelling, grammar, image quality, and overall polish as you browse the web. Train yourself to not click Approve on every dialog you're presented with--it's important to pay attention and not install suspicious software or software you don't need.
Always think before you click. You can see all the apps you've authorized to connect to Facebook here and Twitter here.
Rule 4. If It Sounds Too Good to Be True, It Almost Certainly Isis a 1 in 30,000 chance of winning an iPad worth adding yourself to thousands of spammer's lists?
And while we're talking about free stuff, beware pirate and porn sites. While you might save a buck or two by pirating that copy of Office, the keygen that you used to get your activation-free key also infected your machine and opened it up to further infestation. Heck, you may have even joined a botnet. Not good. Pirating software is a high-risk behavior--if you're going to pirate, you should invest in good anti-virus software, or be prepared to constantly nuke and pave Windows.
Visiting lots of porn sites is also a high-risk behavior. Beware sites that prompt you to install software to access the members section, or want you to click a certain number of ads to continue. Frequently, these ads attack Flash insecurities, and will infect your computer.
There's a lot of great free software available on the Internet, but there are an even greater number of malicious apps disguised as helpful free software. Only download software you trust, and only download that software from the developer's page or a trusted repository--like Sourceforge. If you aren't sure what the developer's page is, Google it. Google does a pretty good job of filtering malicious sites from it's search results--beware the ads though, they don't undergo the same stringent filtering.
Rule 5. Keep Your Software Updatedkeep all of your software updated--this was important before, but even more so now. With all the threats attacking Flash, Acrobat, OS security holes, and browsers, you need to keep your software up-to-date or risk attack. Luckily, you don't need constant vigilance to make that happen-- Secunia PSI will scan your PC and notify you whenever one of your applications needs updating. Secunia PSI is free for personal use, and it monitors pretty much anything you'd ever need to update. With Secunia running and Windows Update scheduled to automatically install new updates, your software will be protected against most known threats.
Last minute addition: It's also worth mentioning that it's not a terrible idea to actually run anti-virus, but disable the real-time scan functions. Set it to run a regular nightly or weekly scan of your PC, so that your AV will notify you of any infections that you might actually get.