First make sure the windows firewall is enabled, and the inbound is set to block. you can also use device manager to disable the wireless devices if you want. but
that wont stop malware from doing an outbound connection.
but here the short list:
1 use ciscos opendns and configure the web security rules.
2 decent AV/security software
5 block flash and ads, use WOT plugin
6 UAC set to full do not run as admin