Firewall
If you're a Windows user, the built-in firewall is more than sufficient for any home user. Otherwise, there are plenty of decent free firewalls out there, like COMODO. Don't waste your money on bloated crapware like Norton Internet Security.
Whatever firewall you choose, you can make sure it is configured correctly by using an online scanner like "Shields Up!", which will check your ports and find out if you're sharing any information. Don't take this link as a recommendation, though. The author of the scanner certainly has his own idea of what constitutes insecurity (such as the ability to access an FTP site).
Anti-Virus
Even though malware/spyware is growing as a threat, viruses are not on the way out. You still need a decent anti-virus monitoring your computer. That said, I recommend Avira AntiVir, which is quickly growing in popularity, and rightfully so; it is a lightweight on the machine, its interface is easy to use and makes good sense, and it has impressive detection rates. If you can put up with the pop-up upgrade advertisement the free version presents after every auto-update, get it. If you feel like using a different anti-virus, there are plenty of decent free alternatives out there, so once again don't go out spending your money for something you, as a home user, don't need.
Whatever anti-virus you choose, there's no point in having it if you don't keep it current. Most will automatically download, but even so you should sometimes manually check to make sure you have the latest definitions.
Anti-Malware/Spyware
Often, when someone makes a recommendation for anti-malware/spyware, the usual answers are Spybot and Ad-Aware. However, as good as these programs are for cleaning out cookies, if you want to get rid of the real nasties that turn your computer into a useless pile of garbage (much like Windows ME), you need one of the anti-malware/spyware programs that pride themselves in being able to detect the malware/spyware that really matter. For that reason, I recommend Malwarebytes Anti-Malware or SUPERAntiSpyware (which is legit, despite the spyware-sounding name).
In regard to MBAM, I can attest to its usefulness from experience (as for the latter, the creator of MBAM has recommended it): a few months ago, I booted up my computer only to find out that I could not use my Start Menu, could not access Task Manager, and could not access some websites (not surprisingly, popular websites helpful in removing spyware). Ironically, the spyware that was responsible for hijacking my computer kept presenting pop-ups telling me to buy an "anti-spyware" software from the manufacturer of that spyware to get rid of the spyware.
I tried elaborate removal procedures posted on the Internet, and I tried the most popular anti-spyware softwares such as Spybot and Ad-Aware, but to no avail. At this point, I was worried, because I considered myself more knowledgeable with computers than the average home user, but was still at a loss.
(Perhaps if I had not given up keeping up with the tech news, I would have realized that malware/spyware has been rising in prominence so much so that popular anti-virus programs have started packaging malware/spyware detection, and numerous anti-malware/spyware programs have been sprouting up and making the top ten lists of popular computer program download sites.)
Then I tried MBAM: after a quick scan, a single spyware was found, and after removing it and rebooting, my computer was back to normal.
Once again, these programs, despite their power and usefulness, are completely free. The only real downside to the free versions are the lack of "active scanner" like your average anti-virus program. If you want an active scanner, you're looking to dish out about $20.
In any case, just like with anti-virus software, you should make sure to keep your anti-malware/spyware software current for the same reason.
Use Legitimate Download Sites
If you've gotta get your fix at questionable sites, I can't help you; all I can say is that it may not matter how good your security is if you keep going out of your way to put yourself at risk, which is exactly what going to questionable sites as a habit to download will do to you. The reason is obvious: those sites do not guarantee the quality of their downloads, and so you may find yourself making new friends in the form of malware/spyware, viruses, trojans, and other nasties.
Remember that there are plenty of good/legit download sites out there, such as
Major Geeks (great place to get the free security software you should have, by the way),
Filecart and
Oldversion.
Windows Users: Show File Extensions
This one bothers me. There is no reason why file extensions should be hidden. In fact, hiding them is convenient and beneficial for viruses and other nasties, because it helps them to hide from you and allows them to trick you into opening the seemingly benign files they're in. For example, the malicious ".vbs" extension can be attached to "hotbabe.jpg", but since you can't see the true extension all you're seeing is ".jpg". Yay for stupid default hiding of file extensions by Microsoft. If you're like me and don't think that the hiding of file extensions is such a good thing, then do this if you're using Windows Vista: open "Control Panel" from the Start Menu, select "Appearance and Personalization", select "Show hidden files or folders", uncheck "Hide extensions for known file types", and click OK.
Miscellaneous Security Programs
There are other useful programs. For example, if you use Firefox, there is NoScript. Also, there's a program called SpywareBlaster, which works alongside IE or Firefox when you're using it, and which prevents malicious programs from tracking, installing, or committing other unwanted actions. All you have to worry about is updating the program manually every now and then, unless you want to pay the modest donation for auto-update.
EULAlyzer is another good free program. Nobody likes reading the lengthy and boring legalize that is the EULA, so have this program scan for you to determine if there are any questionable phrases, which sometimes indicates, for example, an attempt to install spyware.
Threaded Mode
