If you absolutely have to use Microsoft Windows, ensure you are using x86_64 Windows Professional (x86_64 is also known as 64 bit processor) or higher version. Also, ensure the hidden Administrator user account has a password, create a secondary administrator account - admin - to be used exclusively to (un)install software and configure devices. All other user accounts must belong to the Restricted user group. This will prevent any user from accidentally installing any virus, Trojans, spyware or other malware. The best way to access the hidden Administrator user account is to start Windows in Safe Mode. All Home versions of Windows prevents the main Administrator user account from being accessed locally but is still accessible from the internet. I also recommend turning off Windows Automatic Updates and only install the patches released on Patch Tuesday or the Service Packs which are released once every few years.
Having a very secure system still means nothing if the computer user is operating the computer in an insecure manner i.e. runs the computer with administrator (root in Linux/Unix systems) priviliges, users on the computer have no password protection (Linux will not install or create users unless passwords are assigned). 64 bit system users also need to accept the fact that websites that has malicious code embedded in it's web pages will be inaccessible. Sites like mail.yahoo.com will be difficult to navigate due to the fact that Yahoo is adopting Microsoft technologies. It also means that mail.yahoo.com will become more easily hacked by the Russian Mafia that are working with the Chinese Secret Service. They should also avoid Hotmail or websites that uses ASP.NET (a Microsoft technology).
I hope you watch W5: Investigating Canada's big cyber security problem and follow my suggestions - use x86_64 Linux, run the computer as a standard user and have all users password protected.