I had to set up Windows for my friend, after her first install of it (I did that install too) got trojaned heavily, loaded with adware, and probably some spyware. This was a standard install of Windows, with the usual easy-to-guess password.

Once upon a time, that was a reasonable install, but, no longer.

So, after running the antivirus and other crap, I decided to do a full reinstall. Here are the ingredients:

Windows 2000
Outpost Free Firewall
Knoppix on CD
Firefox browser
Thunderbird mail client
A fast internet connection

Put the Win2k CD in there, and fire up the setup.

First, you need to wipe the disk. Repartition it so that around 2 gigs are unused. Unless the disk is really old, the 2 gigs will be cheap insurance. This spare partition will be used if we need to boot into Knoppix and copy out data files to reformat the first partition. (There's a method to my madness.)

Second, complete the installation. When it comes time to set an Administrator password, use something weird, like: ii8aEV*. This throws off some worms that try to guess passwords.

Third, once you're set up, create another user, named User if you can't think of a name, and set the password to something weird. Make this a "Restricted" user. Don't log in as User; log in as Administrator for the rest of this recipe.

Fourth, connect to the Internet via a high speed connection. Run Windows Update from the Start menu. When it says restart, restart. Repeat until there are no more updates to install. Then, if you want, add a few more updates that sound relevant. (If you don't have a high speed connection, you'll have to get CDs with all the service packs and updates.)

Fifth, go to http://www.agnitum.com/products/outpost/ and get the Free version of their firewall. Install it. Reboot as requested. (Make sure you're Administrator when you install.)

Sixth, download Thunderbird and Firefox from http://mozilla.org. Install each application. We'll stop using Internet Explorer and Outlook Express. Go into the Internet control panel, and set your default browser to Firefox, and your default email to Thunderbird.

Then you can install any other software you need.

Seventh, write instructions about how to log in as User and Administrator. Explain that, to install software, you must be Administrator. When you're normally using the computer or Internet, you need to be User. User has fewer permissions, and cannot wipe out important files easily.

Then, log out, and log in as the User.

This seems to work pretty well. The firewall alerts the user to the various attacks coming from the Internet, highlighting exactly why it's important to maintain good passwords, to stay logged in as User rather than Administrator, and (if possible) to disconnect before logging in as Administrator.