As I'm sure with many others here, I've been using Windows with a permanent connection to the internet for years with no problems, using hardware and software firewalls, keeping windows and AV up to date and not running in Administrator.
Sure, I've had viruses in e-mails, been attacked on websites and the firewalls constantly log stuff but none of my computers have been infected for several years now (although I do keep DVD backups of everything just in case).
My nephew's computers on the other hand get infected with monotonous regularity.
I set them up the same as my own, but this most recent time I have just finished cleaning one of their PCs of at least 14 types of virus. Trojans, worms, spyware, they had the lot. Their AV vault currently contain 124 infected files collected in the last 3 months, not including the stuff I weeded out with Smitrem, RougueRemover and all the rest.
What do they do differently from me? When I checked they invariably have their PCs running in Admin and full of warez. They install anything that says it will get them free games and music.
Apparently if you try and make something idiot proof then you will simply develop a better class of idiot!