This is coming from someone who is very paranoid.
First and foremost, if you're using Windows XP, switch to Windows 2000 professional. It doesn't have a lot of the crap Windows XP has and has pretty much the same functionality.
Install the latest service pack (SP4).
NEVER do anything ActiveX or web-installed. That is just asking for it. NEVER connect to Microsoft under ANY circumstances; Windows Update lets them do whatever the heck they want to your computer. Use Autopatcher 2000 for the updates instead. That utility also has a bunch of security related registry edits - I personally enable them all except for the NTLM hash part.
Spybot Search & Destroy is a good utility, but make sure to know how to use the tools included with it and don't just scan your computer and think you're done.
HijackThis does whatever Spybot S&D doesn't do in the spyware department.
Disable Autoplay - This will come in handy, say, if you're playing Sony music CDs.
Use something like nLite or XPLite to disable the following:
Remote Registry, Windows Tour, Internet Explorer, Java Virtual Machine, VB Script, Windows Automatic Updates, Windows Update Manager, all IIS services, Outlook Express, and Outlook Express stationery.
For a firewall I would recommend Agnitum Outpost Firewall, since it allows you to set up your connection in a true "default deny" fashion.
Get rid of any Microsoft software made after Windows 2000 that you can - anything after that will not be self-contained and discreetly open ports, etc. Virtual PC is an exception; there are various other PC emulation utilities out there.
Don't use Microsoft Office, use OpenOffice.
Don't install Windows Media Player. Use WMP 6.4, Media PLayer Classic, and VLC Player.
You should have a goal of being able to type in "netstat /an" in the command prompt and seeing something like the following:
C:\netstat /an
Active Connections
Proto Local Address Foreign Address State
C:\
This means that nothing's listening. So, not only will you have a firewall, but you'll have an empty fishhook on your computer - there won't be any Microcrap to hack. To remove the listening ports you mostly have to remove services, although some may still remain - look around on Google on how to disable those ports. Be especially concerned about disabling NetBIOS. grc.com's "three musketeers" can also help you here, especially DCOMbobulator.
For a browser use Firefox and Opera. NEVER use IE under any circumstances.
The only services I have that start up with Win2k are DHCP Client, DNS Client, Event Log, Infraed Monitor, Network Connections, Plug and Play, Remote Procedure Call, Windows Management Instrumentation, Windows Management Instrumentation Driver Extension, and Workstation. The solution is to disable everything that automatically loads up with your computer that is not any of those, and leave everything that didn't in manual. The services that loaded up with Windows should be in Automatic. Refer to Black Viper's service analysis if you want to know more about what the services do.
A good security site that hardc0regamer didn't mention is
www.insecure.org - TONS of good utilities.
Another one is
www.sysinternals.com - Look for RootkitRevealer and TCPView (the latter of which is more convenient than netstat)
Personally, Kaspersky AV basically destroyed one of my Windows XP installations. It may be that iStream thing that it uses. However, I am also hearing that you should just test programs with something like Virtual PC and look for virus activity, and you on't even need an anti-virus. Currently I'm using Norton (as independent reviews have shown this to have the second highest detection rate behind Kaspersky), but am wondering how freeware anti-viruses stack up.
Oh, and never use your real, burned-in MAC address. Always use a fake one. You can change that in the Windows Registry. Mine is the default one for Virtual PC
PeerGuardian is good to use although I'm personally not too worried about torrents on this tracker. Now that I can post I might actually make torrent comments :O
And I found it fun how I ran the Microsoft Baseline Security Analyzer on this computer (Currently Windows XP, but not much longer) and it wouldn't work since I didn't have the "proper" services enabled
This definitely isn't complete but is a good start. Does anyone know of any independent reviews of free anti-virus software, and registry scanning software? Or any vulnerabilities or flaws in my system? (and sorry for my poor organizational skills
)