So it would be nice if our professionals, who actually know this stuff, and do not have any MS-bashing agenda, simply explain what we, ordinary dummies, can do to protect ourselves better. ›››
A few pointers from a user perspective:
The first answer is obviously common sense: things like, don't use your personal information for sites who do not truly require it: create dumpster e-mail accounts with fictitious names to register on that gaming site or forum, download that app that flashes pictures of kittens on your desktop, etc; don't spill your life on Facebook; don't "CLICK HERE" because you are the 1,000,000th viewer and won an iPad; don't download apps from sources you don't know or trust no matter how cool the app seems; etc...
On the computing side, the first thing I do, is stop/remove all processes/programs that I don't need. This is easier done in Unix systems (not bashing MS, just the way the OS architecture works), but you'd be surprised of how many processes are running in your computer you do not need and they are just turned on as the default.
Now, for stuff like cookies and downloading something that installs a lot of crap along, and surfing all of those unsecure and dubious sites: get virtualbox
and make yourself a VM of any OS you'd like. Once you have it set up and your VM is fully configured the way you wanted, make a backup copy of it. You will then use that VM to surf dubious sites, download apps and see what else they do, etc. If you incur a problem, you don't like what you see, etc.. simply delete the VM, and restore it with your backup copy. Your main OS never gets affected. No need for dual boots. About the only thing the VM is not really good for is playing games.
Matter of fact, you could make a number of VMs for specific uses: you could make a VM which you only use for online banking, one VM which you only use for your favorite forums, one VM just for porn
... that the darkest hour never comes in the night.. you can sleep with a gun when you gonna wake up and fight.