Welcome to the Advanced class. Antivirus, Firewalls, and good backup practices just aren't enough these days. Here, I'll present you some advanced security practices that might just save your bacon some day. (secion incomplete, 3/10/08)
The concept of Least Privilege is the great granddaddy of 'em all, the cornerstone of any serious security setup, and one of the most difficult to implement in Windows. The least privilege concept has been around for decades. Unix grew up around it. Linux is built from the ground up with it, and even insults you when you don't follow it. OSX makes it insanely easy. Windows... barely even knows it exists. What is it? Simply the idea that the user will have the least privileges necessary to function. If you can run it without admin privileges, you should do so. If you can't, you should seriously think about whether you really want to do it or not.
Windows Vista is Microsoft's first attempt at bringing least privilege to the masses. For all versions prior, it was always assumed and indeed most often the case that the user was a full administrator of the computer. Internet Explorer on Vista even has a "protected" mode in which it runs with less privileges than even the current user, which goes a long way to helping prevent disasters. However, due to the long history of all users being admins on Windows machines (and lazy, stupid programmers), much software won't run properly without admin rights. World of Warcraft is not one of these--it will run fine with normal/limited user rights.
There is hope for Windows users however. Windows 2000 has Run As, and Windows XP added Fast User Switching. There are third-party programs as well, such as suDown and WinSUDO. (WinSUDO is authored by a regular poster at the DSLR security forum) These features and programs make life as a normal user more bearable and often quite easy.
So what's so great about running with least privilege? For one, if you don't have permission to modify say, the c:\windows folder, neither will that virus that you just double-clicked on. Running least privilege limits the damage malware (and you) can do to your computer a great deal. That keylogger won't be able to hook itself so easily now. Limited accounts can stop malware dead in its tracks. That's why it's so important. It's not a silver bullet, but damage is limited to just what you yourself can access, unless of course you opted to use Run As on that virus program.
For further reading see the nonadmin blog.
Sandboxing is creating a controlled, easily erasable, and not easily escapable environment for running programs in and normally used for researching malware. Depending on the type of experiment being done, data may or may not be allowed to be pulled in from outside the sandbox. In all cases, the program running inside the sandbox is not supposed to be able to reach outside the sandbox to alter any data. Some malware is pretty smart however, and some sandboxes are not very well constructed, thus like any other security measure a sandbox isn't 100%.
It's the characteristic of not allowing sandboxed programs to change things outside of the sandbox that we're interested in. This makes sandboxing useful both from a security and a privacy standpoint. Let's say you're running Firefox in a sandbox. You're surfing porn sites and you don't want anyone to know about it. Oops, one of those porn sites just dropped some malware on you! (yes, it CAN happen to Firefox) No problem - kill Firefox, delete the sandbox, life goes on and nobody's the wiser.
By far the easiest sandbox to use is Sandboxie. I've been a user of Sandboxie for well over a year now, and it's grown considerably, and gotten very smart over the updates. I highly recommend paying the modest price for it, to unlock the cool features such as forcing programs to run in the sandbox. The only other sandbox programs intended for end-users that I know of is GreenBorder, which as a company is no longer offering their sandbox product. ZoneLabs, makers of ZoneAlarm, has a program called Forcefield. Forcefield is currently in beta status however.
Think of a Virtual Machine as kind of the ultimate sandbox. It's not just a protected area on your computer. It is a computer. An emulated computer, running within its own wholly-separate environment (barring security issues such as one VMWare recently had. Since a Virtual Machine is a whole separate computer, it's possible to run a different OS on your VM than what you have on your actual computer. This is handy for more than just security. Just don't go trying to run OSX as a "guest" OS. It's a pain.
When it comes to virtualization you have several choices. There's VMWare, Microsoft VirtualPC, and my favorite, innotek VirtualBox. VirtualBox and VirtualPC are much simpler than VMWare (aside from maybe VMWare Player). VirtualBox is free and fairly fast.
The main drawback to virtualization is speed. Think about it: you're running an entire second, sometimes entirely foreign, operating system on the same hardware you normally use to run one. Plus, you have to absolutely dedicate some portion of your RAM to the virtual machine. It's like dualboxing on WoW, only worse. Now, even on my aging (yes you can laugh) 1.8GHz Sempron, VirtualBox does fairly well for web browsing. Although I have 1.2GB of RAM and assign a fair chunk of it to the VM, I wouldn't try it for gaming though. Maybe retro-gaming on a Win 95/98 VM, but certainly not anything remotely modern. Though if you have a beefy PC you're welcome to try.