... or turn on windows's hardware firewall...
I just spent Sunday cleaning up a relative's PC. Eccch.
The machine had been set up with the firewall on, almost all ports closed, no Windows Message service, etc. When I checked over the machine Sunday, it had been infected with Blaster, Sasser, Welchia, assorted macro viruses, 3 pieces of spyware, and a bunch of related rubbish.
The spyware had turned off the virus checker and firewall, so it could phone home. The worms got in while the spyware kept the dial-up connection open.
I had a CD full of SW updates and the latest combined security update that I downloaded to my PowerBook (saved by Safari's Debug menu and Windows spoofing) along with the Blaster and Sasser removal tools, AdAware, and a freshly purchased copy of McAfee Antivirus to whack the machine with. It took about two hours to fully sanitize and lock down that thing.
The worst part is I KNOW the owner is going to double click on the next 'neat' thing that shows up in Outlook mail. Ecccch.