I think that step one is unrealistic for 98% of computer users.
Step 1. Should be purchase the computer from a knowledgeable computer store / VAR that does the service packs, critical updates, and anti-virus installation and updates before delivering the computer to the end user.
Step 2. Use a router for cable or ADSL Internet access. Turn off wireless or at least secure the wireless with WAP. Make your first connection to the Internet is via CAT5 network cable connected to the router. Ideally the router has real firewall protection and does not just rely simply on NAT to provide protection. I think that stateful packet inspection is essential though most routers only offer NAT protection.
Step 3. If the major brand computer company does not prepare the computer for using the Internet safely then basically follow the instructions from Mark Kaelin.
I would suggest that within 24 hours of accessing the Internet that the end user run a full virus scan (Norton, McAfee, TrendMicro), SpyBot scan and an Ad-aware scan. If the computer scans find any viruses then use the Windows XP or restore CDs to start over again. If the computer finds any serious malware then it should be scanned again within 24 hours to make sure that computer is now malware free.
As the owner and one of the techies that works on several new computers and numerous fresh installations of Windows everyday I believe that the most important thing is to have multiple backups of important documents, e-mail, and pictures onto CD-R, flash drive, external hard drive, tape backup, DVD-R. Afterall a lot of viruses and malware come in the 5'10" variety which can strike within 12 minutes of accessing the Internet and almost always within 30 days of accessing the Internet even with MS critical updates and quality anti-virus protection.
I hope my opinions lead to further discussion.
Keep Up with TechRepublic