I think the MVPS.org hosts file is a good idea for everyone on every device, but anyone using Windows 8+ should know that if the Windows Defender Service is enabled (and I've seen system updates re-enable it), Windows 8 will ignore the content of your hosts file.
My standard protection list is: Adblock+ with Easylist, Malware Domains and Fanboy's Annoyances subs (I also use Warning removal and turn off unobtrusive ads) for every browser on every user account. I actually impregnate the default user account on whatever desktop OS to make sure every account gets CREATED with those options turned on for Mozilla and Google browsers.
Adblock+ for IE doesn't have all those options, but as of version 1.3 at least unobtrusive ads can be turned off. IE does support TPLs, so in an AD environment I mandate the Easylist TPL for basic ad blocking, even if the user disables other ad blocking tools.
On Windows machines that don't have some kind of security appliance or web filtering in place, I also install Spybot Search and Destroy for its Immunization function.
I'll also throw Malwarebytes on absolutely everything and I urge end users to avoid installation of Java and Adobe Acrobat Reader as much as humanly possible. On systems that I maintain, I have a script that adds a scheduled task to install Chocolatey.org's repo + scripts to update browsers, flash, PDF reader et al on Windows machines.