The importance of security beyond virus checkers

Was talking to a friend late last week, who thought their PC security was adequate because they had a software firewall and a virus checker with auto-update. Here's a concrete example, a hack involving e-mail which a virus checker won't catch, which shows why that just isn't so any more.
Here's a few recommendations which could ave your bacon:
1. AVST Free from Grisoft is adequate: Better you should buy Symantec Anti-Virus or some other good antivirus program.

2. Run a full scan for viruses at least weekly; leave your machine on overnight, and let it scan for you.

3. Get a firewall, one good, two better. A recent study with decent methodology showed a PC connected to a cable modem was, on average, hack within four minutes of installation. Even dial-up users are not immune; it just takes a few minutes longer for your machine to be infected if you don't use a firewall.
Software firewalls which run within your PC, like ZoneAlarm (not the Pro version, just the standard free version) are OK, but I add an external router with NAT translation, so no one from outside your home can tell the IP address used by your computer(s). The Linksys wireless routers and no-wireless-routers are my favorites, especially because they are really Linux computers in disguse, and with additional software, they can do much, more more. It's so much easier to buy a component that's expandible, than one which isn't, and then find you have to replace and reconfigure later because your neeeds have changed.

4. Get anti-spyware programs, and keep them up to date.

5. Don't use Internet Explorer, or any web browser which depends on IE, unless you absolutely, positively, must go to a website which won't work with Firefox or Opera.

6. Don't use Outlook or Outlook Express. There are many fine e-mail client programs out there, some with astounding capabilities, like Thunderbird.