I run a paid for active antivirus/antispyware/antirootkit program. This way, it doesn't have any popups asking you what to do and all the advanced settings are adjusted. I find that free versions have too many holes that 'other' users can screw up.
I have spywareblaster and spybot simply for the immunization/blocking. Updated manually weekly.
I don't use internet explorer. Opera/Firefox are my browser of choice. In any browser, I do NOT accept 3rd party cookies or let the browser save any info(this means I manually enter in where I'm going, and manually enter in my username/PW anytime I want to post anywhere).
My ethernet card(NIC) and wireless adapter use opendns.
http://www.opendns.com/start
I use windows vista/xp with the last service pack with ALL updates.
I don't ever open emails if I don't know the sender. I don't download or click on anything in an email.
I use sumatra and foxit for reading acrobat files.
I make sure that I update java, flash, and shockwave regularly. Seems that many people forget to keep 'common' programs that they use all the time updated. So, keep the OS updated, along with EVERY program installed in it.
I run a malwarebytes, superantispyware, and asquared 'free' scans at least once a month. And, I run a 'competing' free online AV scan about once a month. My AV/AS seems to be doing a great job since nothing has found anything.
My AV/AS program set to scan daily(usually when I'm at work) and is set to check for definition updates every couple hours.
Your computer is only as safe as YOU and your habits, regardless of the OS.
I don't care for running a firewall since the Vista firewall and my router is good enough for me. And, I haven't found the need for sandboxie. I guess sandboxie would be a great addition to common eye-dee-ten-tee(ID10T) user errors.
I have a good woman so I don't surf questionable websites.
I do OK with work(lots of OT). So, I don't feel the need or care to steal movies, videos, or music online.
I have a separate bank & account strictly for online shopping. It doesn't have a credit line or overdraft. I deposit what I need to when I shop online. This visa/debit is used solely for online shopping/paypal and is separate from my normal banking/checking/directdeposit.
I also have pseudo emails for forums, online shopping, friends, family...... Guess where all the spam comes from?
Usually friends with stupid chain emails(whether jokes, hearsay, pictures). Some forums/online stores.... also seem to sell off email addresses too.