There's nothing quite like the smell of a fresh Windows box. After that first reboot, seeing that clean, smooth desktop brings a tear to my one good eye. Everything is possible with a fresh Windows box. Everything runs faster with a fresh Windows box.
Then I plug into the network and I'm immediately attacked by Popup Ads, Gator (evil), DoS attacks, Messenger Service Popups, HTTP requests for /system32/cmd.exe and clever neighbors trying to print to my printer.
How should we protect our fresh Windows boxes, these new fawns, just before we hurl them into the abyss?
Well, here's the first things I put on ANY Windows box. This is the "don't leave home without 'em" list. This is the "You're not seriously going out without your _______" list.
"Anti"-Things you must install on your fresh Windows box in the 21st century
At a minimum, enable the Windows XP built in firewall. This will protect you from MSBlast (which I removed off half a dozen relative's computers). Other folks use Tiny Personal Firewall, and others, but if you're serious (and you love your family) just buy ZoneAlarm Pro.
In the old days, (last year) you could be clever and avoid viruses. Don't open anything, don't talk to anyone. But now, with attachments being sent to my Mom with names like babypics.jpg.exe, I just can't trust her to be THAT clever. Heck, I don't know if I am that clever. I use either Panda, ETrust, or Norton...but my preference is Norton.
The #1 least understood problem on PCs today, IMHO, is spyware/malware/scumware. A friend of mine visited recently from Malaysia and brought his laptop. He's a technical guy, and a developer, but he was complaining of weird popups and odd behavior in his browser during development. We ran Ad-Aware and counted up 357 different components of spyware. He had at least 20 different evil (but not viruses!) bits on his box, including CometCursor, Gator, SafeCast, Hotbar, and a particuarly evil bit of spyware that actually chained and appeared in the TCP/IP Properties and literally sniffed traffic at the protocol level. I install Ad-Aware and run it on Startup.
Everyone has their favorite, but I recommend SpamNet, it's like Napster for getting rid of Spam. When you block a spam message with SpamNet you are "voting" for that message as Spam. The more people vote, the more accurate SpamNet gets. It's at least 99% with VERY few false positives, since actual humans are involved. On the server-side for a Spam solution, I'm going to check out SPAMSoap. I'll just change the MX record on my mail server, and mail will route through SPAMSoap first, then to me. It appears to be a nice, cheap way for me to protect all my hanselman.com users.
If you're not running these particular tools, make sure you are at least running something to address these issues. And seriously, run Ad-Aware if you haven't. You'll be surprised.