Common routes of infection for both malware and virus' include opening unsolicited email attachments; even if you know who the sender is we often recommend looking at the context of the message.
For example, if the sender typically only sends joke emails then suddenly sends a message regarding financial topics then we would coach you to contact the sender prior to opening the message and determining if it is legitimate.
This rule can obviously become difficult to follow if a sender does not typically send one type of message, in that case we recommend taking a close look at all email prior to opening them and if an attachment asks for permission before opening or asks you to allow specific security changes then always click cancel or no, and immediately delete the message and contact the sender as his / her computer may be compromised and may be trying to send the infection to their contacts.

Another method of infection is purely web based, even a simple misspelling of a website name can lead you to a site that will immediately infect your computer, also be careful during searches, when searching the web for something take to time to look closely at the results; make sure before clicking the result contains all major aspects of your search; i.e. if you search for "2007 ford radiator" then the result should contain one or a combination of those words in 1. the title (typically larger print and bold) 2. the body of the result (somewhat of a paragraph structure giving a peek at the page) and 3. the link (found below the body of the result). If any of these do not contain aspects of your search then move onto another result.