You're theoretically right Gertrude, but that doesn't help the average user who doesn't have much commonsense and has no idea of the problems. This sort of advice really isn't very helpful - you could just as well say that if you drive really responsibly and carefully you don't need car insurance.

The average punter just doesn't have a clue, they just use the apps. They've never seen the command line and don't know anything about how an OS works. They have zero insight and little inclination or interest in learning stuff that isn't directly relevant to their computing experience. That's just how things are. Pontificating that they ought to learn that stuff is the mistake that us Linux mavens are often guilty of (and why Linux is not more widespread) - folks just refuse to learn things that even smell complicated that they see no immediate benefit in (even though they'll write complex spreadsheet macros).

I've taught Tom to be very circumspect about what he downloads and installs and he's a responsible lad, but it wouldn't be that dificult to catch him out. HE doesn't know what is spyware and what isn't, even though your clever (and well disciplined) children do. But he does check with me (usually). "Training" children (and adults) in computer caution is not that easy or foolproof.

Running as non-admin is theoretically good, but in practice it's such a pain and so many things don't work (esp. games) that I don't. If you're prepared for a LOT of tinkering with MakeMeAdmin etc., you can get a reasonably smooth non-admin experience, but it's a PITA.

AV is by no means infallible (any of them), but it's a good second line of defence - having said that, it (Norton and AVG) have only picked up a couple of virii in all the years I've been using them (and I download a lot). Admittedly I don't frequent warez sites.

I'd guess 1 in 100 users or less have a properly configured ("stealth" as you put it) external firewall, which is the best defence, although there are lots of inexpensive ways to implement this). MS firewall (in SP2) isn't wonderful, but it isn't bad.

So irn_bru, if you:
Use MS built-in firewall (ON by default)
Set autoupdates to ON (ON by default)
Install & use MS Antispyware, aka Windows Defender
Use a reputable AV product - properly set up and set to autoupdate
Avoid Internet Explorer and Outlook (use Firefox/Thunderbird or Opera)
You should be reasonably safe.

DO find an ISP who does virus/spam filtering (important!) and don't give your email addy to all and sundry (don't use the unsubscribe function!)

Oh and just don't install any viruses.....