1) Do not rely on a software firewall such as BlackIce Defender or similar. They can be good backups in addition, but your first line of defense should be a good hardware firewall/NAT router. Linksys or DLink are good names (The linksys BEFSR41 is probably my best recommendation). Stay away from the Belkins (sometimes sold at Walmart). Don't let the phone companies installer give you a DSL modem connected by USB. Make sure it is an ethernet connected modem so you can use your hardware firewall with it.
2) Do away with Internet Explorer or any frontend based on IE that masquerades as an alternative browser. Use IE ONLY to go to Windows Update and get your security updates and software patches. Go with Firefox or Opera. Also, do not use Outlook Express or Outlook for the same reasons as above. There are currently security problems for these packages that are over 8 months old and still there is NO fix for the problem. ***Edit: Thunderbird or Eudora are good email software replacements.
3) Tell your installer that you want your PC configured with only standard configurations. Tell them you do NOT wanted any branded configurations. If the installer tries to put any CD's or diskettes in your PC, slap him upside the head.
4) Make SURE your PC is up to date and protected by the router/firewall and also up to date antivirus software BEFORE connecting it to the network. Current statistics show an unpatched PC connected via a broadband connections takes on average only 3 minutes to be compromised by malicious software.
5) Don't rely on your firewall to protect you. Firewalls ONLY protect against brute force attacks. You can still VERY easily be compromised by passive attacks coming in through trusted sources such as email and requiring you to click on something. Once your machine is compromised by the passive attack, the firewall does no good, because your PC connects outbound to the attacker. There is no inbound attack for the firewall to stop.
