Everyone should have antivirus and firewall programs installed on their PC's and set to start at boot. The virus definition files for antivirus programs need to be updated every few days.
There are many antivirus programs to choose from--most charge, but a few are free. Which is best is the subject of much discussion. Run a Search for and read some of the posts on this subject on VirtualDr. But do install one.

There also are several firewall programs. WindowsXP installs one by default, but it is not as good as ZoneAlarm, which comes in a free version. http://www.zonelabs.com/store/conten...ku_list_za.jsp Whichever firewall you install, make sure it is the only one running. More than one can conflict. Firewall-only programs rarely require updating.

An antispyware program also is a good idea. Most do not need to be set to run at boot. You run scans with them when you feel it is necessary. I run a scan almost every day. Common ones are AdAware (which comes in a free version)
and SpybotS&D (which only comes in a free version)
However, neither AdAware or SpybotS&D are proactive--able to stop spyware from entering your PC--unless you have the Plus version of AdAware (and it is not too trustworthy) or have set the Immunize function in SpybotS&D. So they will find (and offer to remove) spyware only when you run a scan. Therefore updating their reference files and scanning every few days is required.
MS claims that Windows Defender is proactive --at least in some respects. (It does run at boot in the background.)
It is OK to have more than one spyware detector installed on your PC.

I would suggest you add SpywareBlaster to your list of programs.
When installed, it does not run in the common sense of that word, but it is proactive in stopping bad BHO's and other spyware. It, also, requires that you update its data files from time to time.

Take advantage of Security measures offered by Internet Explorer.
For example, use Restricted Sites. (You can use IESpyAds to populate it
as well as SpywareBlaster's list. )
And review the various settings in IE Tools|Internet Options|Security Tab|Custom level. I set those pretty strictly, and set the permission for ActiveX controls--in the Internet zone's Security tab|Custom Level--at Disable. I put sites where ActiveX is needed (and which I do trust) into Trusted Sites,
Also set the slider on the Privacy tab to Medium High.

And perhaps use a HOSTS file

Finally, be wary of any attachment you get in an email--even from a friend. Scan it first with an antivirus program before viewing.
And be careful about the sites to which you surf and the program downloads you make. Downloaded install files should be scanned with an antivirus program before running them.