Your browser, no matter if you’re using Firefox, Chrome, IE6/7/8, Opera, or whatever browser is a huge, gaping security hole. Each browser has a set of ways to make it more secure and people will have vastly differing opinions on such. However, there are a few general guidelines that will plug up your browser’s security hole a great deal of the time. I will provide information for Firefox, Chrome, and IE8/9 as best I can.
HOSTS file – the HOSTS file is your computer’s first line of defense on resolving addresses before they’re even loaded in your browser. Simply adding a malicious site to your HOSTS file and directing it to your local loopback address (127.0.0.1) will preemptively keep that site from ever seeing the light of your screen. The address will simply not resolve thus preventing anything malicious form that site entering your computer. Thankfully, there are diligent people out there chronicling malicious websites and adding them to a freely available modified HOSTS file.
http://www.mvps.org/winhelp2002/hosts.htm - Go here and follow the directions specific to your OS version.
http://www.abelhadigital.com/hostsman - HostMan easily lets you manage your HOSTS file and keep it up-to-date.
Adobe Flash – pretty much the biggest security hole on the entirety of the Internet. Keep it updated. If you are using Firefox, get an addon called “FlashBlock” as it blocks Flash-based files from loading unless you hit a little button where it is on the page. These days there are a huge amount of ads that are Flash-based and it is super simple to have malicious code injected into them. Most other browsers (minus IE6/7) should have either an add-on to get this functionality or a built-in option for it (IE8/9).
Get Flash: http://get.adobe.com/flashplayer/?promoid=BUIGP
Ads – many ads today are susceptible to code injection, thus corrupting them with malware and hitting any user that loads that ad. This is very prevalent in Flash ads. What the HOSTS file doesn’t catch, an ad-blocker will. Now, ads do generate money for a lot of sites out there based on loads and clicks so being fairly ethical about what you block is a good idea. Sites that you frequent and know to be safe would be a good place to add to your white list. Most browsers have some sort of add-on that does comprehensive ad-blocking or have the feature built-in.
Anti-virus – this is probably the trickiest one to quantify as people have glaringly large opinions on which one is the best. Personally, I’ve always had bad luck with the expensive security software suites. They either bog your machine down too much or don’t offer enough protection. So, I’ll list off my top choices for free, top-rated anti-virus solutions that often work better than the licensed software.
Avira AntiVir: has a very high detection rate. The free version is anti-virus only. It is lightweight, fast, and very effective on keeping threats out. However, it has been known to throw out false positives at times. It is anti-virus, anti-malware, and anti-spyware. It’s free for life on a non-commercial license. The full security suite is much the same and worth the price if you want a full security suite.
Avast!: has a very high rate of detection, works well, and is fairly robust for a free anti-virus. My only complaint about it is that is has a lot of bloat to it and is often slow. The audio alerts are also fairly annoying at times but easily disabled. It, too, is worth the price of the full security suite.
Microsoft Security Essentials: this one has gotten better and better since launch not too long ago. It’s fast, very lightweight, anti-malware, anti-spyware, augments and bolsters the Windows Firewall in XP/Vista/7 to a respectable firewall, and is all around a very good piece of software. I would highly recommend this to anyone who wants a fast, lightweight all-in-one solution that won’t bog down your computer like others. A bonus is that if you currently do not have anti-virus protection, you can easily download this through Windows Update in the "optional" downloads section.
AVG: this one used to be a good set but has gotten progressively worse the last couple of years. It’s better than having nothing but the above solutions are much better at the same jobs. It’s gained a lot of bloat in the last couple of years as well.
Anti-spyware/malware/adware – sometimes, the scanners above miss threats and having another line a security helps. Like anti-virus solutions, there’s a bunch out there and people have differing opinions on which is the best. I’ll offer up my top choices – most are free.
Spybot Search & Destroy: probably the highest rated anti-spyware/malware/adware piece of software out there that’s the right price.
Malwarebytes: also a highly rated anti-spyware/malware/adware piece of software. The free version is fairly good in terms of functionality. The full version is good but the free version is usually good enough. Feel free to support developers!
Windows Updates – these come out at least once a month on the second Tuesday (a.k.a. Patch Tuesday http://en.wikipedia.org/wiki/Patch_Tuesday). It’s generally a good idea to pull in the latest updates. I suggest adding Microsoft Update to your system as well so that your other MS products (if you use Office or Visual Studio or anything MS) will stay updated as well. I have mine set to automatically download but notify me about installation since I like to evaluate the updates beforehand. If you’re interested in looking up the update info, I’d recommend this as well. If not, just set to automatic install. Checking the “optional” updates is also handy at times for driver updates (I prefer going to the hardware manufacturer directly) or non-critical system updates.
Combine all this knowledge with an authenticator on your account and you'll be fairly safe from getting hacked as long as you're diligent about keeping your system clean. The current, only known method (afaik) of hacking an account with an authenticator is by using a "Man in the Middle" attack where a trojan/keylogger is loaded onto your system and throws an error about your authenticator code being wrong. It takes that code, uses it in a very short time frame (3min or less), and the person stealing your account uses it and your password to login and subsequently locks you out of your account in various ways.
Like I said, this is basic guidelines and any feedback or more suggestions would be appreciated, I'm sure. In the end, your computer and account's security is ultimately up to you. Blizzard can only do so much to prevent and counter account theft.