Before Firefox I used Netscape.
Before Thunderbird I used various other email clients.
IE and Outlook (Express or Office) introduce too many vulnerabilities. I only ever used IE for MS/Win Updates.
I've had a virus once, ever, since 1979. It was in 1989 when someone else came in and installed a game on DOS during lunch. After that I locked the office. Later of course with NT4.0 and later in offices a computer would be locked from casual co-workers.
Checking tools:
Need to be used by experts
Silent Runners. Download and run as administer. You may want to restart in Safe Mode if in doubt.
http://www.silentrunners.org/
Gmer Root kit checker
http://www.gmer.net/
Note that AV software causes MORE problems than malware today as Malware apart from ransom-ware is meant to be invisible and doesn't cause strange behaviour. Crashing or slowing down is almost always NOT due to virus/malware.
AV software nor UAC doesn't stop the user repeatedly clicking on OK.
The common routes to infection:
Autorun. When win95 was announced I knew it would be a problem. It's USB sticks, network shares, floppy, CD, DVD, SD cards, USB malicious devices inc PSU or mouse and network/Internet uPNP/SSDP discovery. An external firewall on a router/modem will stop Internet attacks on this vector. I've installed over 1000 computers since 1996 with NT4.0 and also some Win 2000, XP, Vista, Win7 for Offices/Colleges/Industry. I've always disabled Autorun and SSDP and uPNP in the Registry. Belatedly MS has released a tool. It should never have existed, nor been enabled by default. Some Media Streaming gadgets need uPNP on for PC connection. If so make sure uPNP is disabled on the Internet Router/Firewall/Modem.
ActiveX. Don't use any flavour of IE or Outlook. ActiveX is arbitary code run outside the browser sandbox. No other browser or email uses it. It should NEVER have been in MS Email & Browser but only in native applications. Idiots!
Java via Browser. This is NOT javascript. It's applications loaded via local storage, network or browser. The risk is the same as any unknown program. Hardly any website uses it so set it in Firefox to "Use on demand". Make sure up to date and remove old versions.
Javascript. Most websites need it. Use Noscript plugin on Firefox. Infection is automatic. So only "whitelist" known sites. Other sites, including Google (+, groups, YouTube, search page etc), Twitter, Facebook are so problematic with risk of malware infected adverts and malicious users as well as privacy busting tracking on all other sites you only enable temporary javascript. Don't click on adverts or stuff you don't know what it does. Some domains should NEVER be enabled due to Privacy issues, not Malware.
Toolbars and Codecs. Don't install Toolbars, adblockers or Codecs / Media viewing from random sites when the site asks. Go to an appropriate place, such as adobe.com for Flash.
Installing applications from random sources. Never EVER install / download "pirate" or "cracked" versions of apps/programs/films/ebooks. A common method to install a Trojan / Malware.
Server services with no properly set up external firewall. Server, Computer Browser, IIS/Webserver, MS-SQL server HTTPS, FTP, Telnet, Remote Assistance, DCOM, Remote Registry, File and Printer Sharing. All these allow or have allowed remote infection silently EVEN IF AV running, if not blocked by the Firewall in you router/Modem. Do not rely on Windows Firewall as it allows these to pass! Do not put a Windows PC in "DMZ" of a router. You can't disable DCOM and MS SQL without breaking window applications, but the others should be "Disabled on startup" in services.msc
Web Applications. Don't view PDFs and many other none Web page things in a Browser. Disabling Firefox and other browser PDF built in is done in the browser (about:config in Firefox). Also Check Plug-ins/Add-on and Applications in settings/Options. I have most applications set to File Download or Ask.
Firewall
Never use USB for Internet connection. Use WiFi or cabled Internet to a router.
Never use a USB 3G or 4G dongle direct. Use a portable WiFi point with a firewall and mobile dongle built in.
UAC is useless protection.
Not being Administrator only helps a little.
Education, not AV programs is the key!
Make sure you have notebook (not kept in Laptop bag) and password set on Windows. Use different real passwords for everything. Use a master password on Firefox. Disable Forms autofill/memory and only let Firefox remember non-financial site passwords.
Public WiFi Hotspots.
Do not do any Financial web pages, ebay, pay-pal etc. If you MUST do email have an extra Web based account that emails are forwarded to. HTTPS isn't safe! search HTTPS WiFi Man in the middle attack. A solution is to use a trusted VPN (already setup) at the University, Cafe, Hotel etc. We had one on Port 80 on a linux server in the Attic so that to the University (for our kids) or when I was travelling it couldn't be blocked as port 80 is a Web site. So using the VPN meant that on public WiFi we were really using ALL internet stuff (Web, FTP, SFTP, email, usenet, IRC etc) via our home network and also able to access our home media, printer and file shares securely.
