Stay out of bad neighbourhoods.

Note that social preconceptions of what constitutes a "bad neighborhood" may be wrong. You may have heard that porn sites are bad neighborhoods; but nobody's getting viruses off abbywinters.com. In contrast, any site offering to give you smiley cursors and screensavers may as well be selling rusty needles in a back alley.

Only download software from people who have a reputation to lose.

Sadly, many reputation-bearing software vendors bundle security-harming crapware with their software anyway. It's an improvement over random piracy, though; and one bias that probably worsens people's security is the notion that if no system is perfectly secure, then they may as well not bother improving — a form of zero-risk bias, I suppose.

For that matter, speaking of reputation and risks, a few years back you could get a Windows system cracked by putting a music CD from a well-known music label in the drive. Users may have expected that a music CD was not software, which expectation proved false.

Something else to consider is that most users probably experience the sunk-cost fallacy, coupled with status-quo bias, when considering switching to different software (e.g. operating system or Web browser). Considering that there are significant security differences among these choices, cognitive biases may be keeping a lot of users on inferior software.