You get warnings, you hear stories, you read the news. What's going on here, you need to be a security expert before you plug in your computer? Relax a bit, there are some basic principles you can follow to keep your system safe. Don't relax too much though: there are bad guys out there, and they ARE out to get you. Symptoms of any infection include computer slowdown, crashing, odd dialog boxes, etc.
Keep anti-virus and anti-spyware programs up to date. It's not enough just to have them: they have to be receiving updates regularly. Anti-virus programs should be set to check for updates daily; anti-spyware programs should check at least weekly.
Your operating system (Windows, MacOS, etc) and all the programs you use should also be set to check for updates. Many popular programs, especially freeware, have been targets: the list includes WinAmp, iTunes, AOL Instant Messenger, Outlook Express, and many more.
Your ISP (Internet Service Provider) should be running a firewall (the USAP does) but don't rely on somebody else's security. Run your own: Windows XP has one built in. More specific info is below.
Some sites require you to register to use their resources, even if it's free. I recommend having a "junk" email account (such as a Hotmail or Yahoo freebie) so you can register without giving out your real name/email address/etc. Think twice before giving out information on the Internet. Also be careful downloading software, especially "cutesie" applications: these are frequently trojans, hiding malicious functions under an appealing exterior. Firewalls and anti-virus programs are a necessary minimum level of protection, but may not help if you get hit with something brand-new. Maintain good habits, and look before you click. Most browsers show you the URL of a link in the lower left corner if you mouse-over the link without clicking.
Most browsers nowadays have a built-in "Pop-up" blocker, but sketchy websites are still finding ways around them. Sites that are pushing pop-ups are frequently pushing spyware as well: if your security settings are low, you can get stupid search bars, "helpers" that are monitoring your browsing habits, etc. If you regularly browse sites that keep trying (music tab/chord/lyric sites are a good example) you may want to increase your security settings. Find them under Tools - Internet Options (IE), Tools - Options (Firefox), or other locations in other browsers. Depending on what you're doing, you may want to limit what cookies you accept, whether Java/JavaScript are turned on, and whether websites are allowed to download software.
Any time you're entering personal information, you should see "https" ("secure" http) in the address bar and a padlock icon in the lower right. This is a minimum standard, indicating that the page is encrypted: however, it doesn't tell you how secure your information is once the website has it. Only do business with companies that you trust.
Check multiple online shopping review sites: some unethical merchants are "stuffing" the review sites with fake good reviews. Also, there are unethical review sites which don't tell you that 5-star ratings are available for sale. Things are particularly bad in the world of online camera (photo and video) selling. Check multiple information sources, go with established sites with a good history, and don't just go for the lowest price.
Email is less critical than it used to be, now that even the "freebie" accounts like Hotmail and Yahoo are scanning for viruses. However, the viruses are still out there and they're still getting people. Think twice before clicking on an attachment: it can be a program disguised as a picture, Word file, etc. These programs can do anything from taking complete control of your computer to hijacking your websites, so you're giving your banking information to crooks when you think you're at wellsfargo.com. Really!
The same kind of attachments can also be sent through Instant Messaging programs, such as AOL and Yahoo's IM clients. The same standards apply; IMs can come from a friend's account, if their computer has been infected.
Beware generic language, that doesn't have anything to do with you or the sender personally, that's trying to get you to click on an attachment or link. A typical message might be "lol this is funny" or "Check out this picture" or "Here is the document I promised." If you're in doubt, save the attachment to your computer and scan it with your anti-virus program.
If you're running XP, you should be on Service Pack 2 by now. To check: right-click on My Computer, and click on Properties. The General tab should show "Service Pack 2" under System.
Check your other security settings: click on Start - Control Panel - Security Center. This allows you to check settings for Automatic Updates (should be on Automatic) and Windows Firewall. The built-in firewall provides basic protection, and should be on unless you're running a more advanced firewall.
If you're running Windows 2000, you should at least have automatic updates turned on. Microsoft is still issuing critical security updates. If you're running Windows 98 or earlier your computer is not secure: Microsoft is no longer supporting these versions.
No smugness allowed! You haven't been much of a target but there are weaknesses in both Linux and MacOS that could be exploited tomorrow. Make sure that your system is checking for updates and keep an eye on the news.
For anti-spyware I like Spybot (http://www.safer-networking.org/en/), which is maintained by volunteers and includes a resident tool which notifies you if a program is trying to change your system settings (such as your home page, default search engine, startup programs, etc). For more complete coverage also install Lavasoft Ad-Aware (http://www.lavasoft.de/) which detects a slightly different set of spyware. Microsoft also has a freebie at http://www.microsoft.com/downloads/ (still currently in Beta).
Zonelabs has a free firewall at http://www.zonealarm.com/. It will give you more information than the built-in Windows Firewall, such as any program running on your computer that is trying to contact another system. Some users report that their computer slowed down after install, so it's not the be-all and end-all in computer security.
AVG is a highly-regarded free anti-virus program. It's not as pretty as the paid ones but has all the features, and ranks well on providing protection quickly against new threats. Pick it up at http://free.grisoft.com/doc/1. Again, it's only good as long as it's getting updates.
For online shopping, here are some places to start looking for store ratings:
http://www.bizrate.com/ratings_guide/guide.html
http://www.resellerratings.com/index.html
http://www.bbb.org/ (Better Business Bureau online)
Also run an Internet search for trouble, such as "[company name] +scam" or "[company name] +problem."
If you want to search on a term that has multiple meanings in English which could provoke the Cascading Porn Popups of Doom, use Google's safesearch feature. For example, if you go to Google and enter "safesearch: sex education" it will pull up educational sites without the adults-only ones. Well - mostly. Use with caution. Yahoo has a similar feature at http://search.yahoo.com/web/advanced.
Hoaxbusters (http://hoaxbusters.org/) will tell you if the latest frightening warning is for real, or an Internet hoax. Always check it out before you act or forward a message. Makes you look smart!
C|Net's Download site (http://www.download.com/) has lots of freebies, many rated by their editors or other users, already checked for spyware/trojans. I always scan my downloads for viruses anyway though.
Microsoft has a surprising number of freebies for Windows computers: http://www.microsoft.com/downloads.
SANS (a private security training company) maintains an Internet Storm Center at http://isc.sans.org/. The Department of Homeland Security has its Computer Emergency Readiness Team current information at http://www.us-cert.gov/. Both have good information about current levels of malware activity.