I usually agree with SANS, but they missed the #1 preventative item and that is REMOVE ADMINISTRATIVE access of the user!!!! This will cut your risk 90% give or take. Also AV will not help you from 0-Day events... Not being a local Admin will.
Start - Control Panel - Users - Create New User, make it STANDARD USER - set a good password.
Logoff, logon as is user and never use an Administrative account unless you are doing updates.
Surfing and Emailing as a Standard User will protect you more than anything else... Ohh and of course DON'T CLICK ON THAT !!!!
http://isc.sans.org/diary.html?storyid=9880
