Basic security guidelines for your Windows system:

Your browser, no matter if you’re using Firefox, Chrome, IE6/7/8, Opera, or whatever browser is a huge, gaping security hole. Each browser has a set of ways to make it more secure and people will have vastly differing opinions on such. However, there are a few general guidelines that will plug up your browser’s security hole a great deal of the time. Since I only use FireFox, I’ll be linking FireFox extensions. Use Google to find similar add-ons for your browser.

HOSTS file – the HOSTS file is your computer’s first line of defense on resolving addresses before they’re even loaded in your browser. Simply adding a malicious site to your HOSTS file and directing it to your local loopback address (127.0.0.1) will preemptively keep that site from ever seeing the light of your screen. The address will simply not resolve thus preventing anything malicious form that site entering your computer. Thankfully, there are diligent people out there chronicling malicious websites and adding them to a freely available modified HOSTS file.

http://www.mvps.org/winhelp2002/hosts.htm - Go here and follow the directions specific to your OS version.

Adobe Flash – pretty much the biggest security hole on the entirety of the Internet. Keep it updated. If you are using Firefox, get an addon called “FlashBlock” as it blocks Flash-based files from loading unless you hit a little button where it is on the page. These days there are a huge amount of ads that are Flash-based and it is super simple to have malicious code injected into them. Most other browsers (minus IE6/7) should have either an add-on to get this functionality or a built-in option for it.

http://get.adobe.com/flashplayer/?promoid=BUIGP
https://addons.mozilla.org/en-US/firefox/addon/433

Javascript – JavaScript is nearly as bad as Flash when it comes to security vulnerabilities. Most browsers these days have an option to disable JavaScript entirely. Sadly, it’s an all or nothing option, usually. NoScript for FireFox allows you to selectively block and allow scripts to run on pages and even add sites to a white list to always allow scripts to be run.

https://addons.mozilla.org/en-US/firefox/addon/722

Ads – many ads today are susceptible to code injection, thus corrupting them with malware and hitting any user that loads that ad. This is very prevalent in Flash ads. What the HOSTS file doesn’t catch, an ad-blocker will. Now, ads do generate money for a lot of sites out there based on loads and clicks so being fairly ethical about what you block is a good idea. Sites that you frequent and know to be safe would be a good place to add to your white list. Most browsers have some sort of add-on that does comprehensive ad-blocking or have the feature built-in.

FireFox: https://addons.mozilla.org/en-US/firefox/addon/1865
Chrome: https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom
IE8: http://www.ghacks.net/2009/04/08/internet-explorer-8-ad-blocking/
http://adblockie.codeplex.com/
Opera: http://my.opera.com/Tamil/blog/ad-block

Anti-virus – this is probably the trickiest one to quantify as people have glaringly large opinions on which one is the best. Personally, I’ve always had bad luck with the expensive security software suites. They either bog your machine down too much or don’t offer enough protection. So, I’ll list off my top choices for free, top-rated anti-virus solutions that often work better than the licensed software.

Avira AntiVir: has a very high detection rate. The free version is anti-virus only. It is lightweight, fast, and very effective on keeping threats out. However, it has been known to throw out false positives at times. It is anti-virus, anti-malware, and anti-spyware. It’s free for life on a non-commercial license. The full security suite is much the same and worth the price if you want a full security suite.

http://free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html

Avast!: has a very high rate of detection, works well, and is fairly robust for a free anti-virus. My only complaint about it is that is has a lot of bloat to it and is often slow. The audio alerts are also fairly annoying at times but easily disabled. It, too, is worth the price of the full security suite but still suffers from the bloat and resource hogging.

http://www.avast.com/free-antivirus-download

Microsoft Security Essentials: this one has gotten better and better since launch not too long ago. It’s fast, very lightweight, anti-malware, anti-spyware, augments and bolsters the Windows Firewall in XP/Vista/7 to a respectable firewall, and is all around a very good piece of software. I would highly recommend this to anyone who wants a fast, lightweight all-in-one solution that won’t bog down your computer like others.

http://www.microsoft.com/security_essentials/

AVG: this one used to be a good set but has gotten progressively worse the last couple of years. It’s better than having nothing but the above solutions are much better at the same jobs. It’s also gained a lot of bloat in the last couple of years as well.

http://free.avg.com/us-en/homepage

Anti-spyware/malware/adware – sometimes, the scanners above miss threats and having another line a security helps. Like anti-virus solutions, there’s a bunch out there and people have differing opinions on which is the best. I’ll offer up my top choices – most are free.

Spybot Search & Destroy: probably the highest rated anti-spyware/malware/adware piece of software out there that’s the right price.

http://www.safer-networking.org/en/download/index.html

Malwarebytes: also a highly rated anti-spyware/malware/adware piece of software. The free version is fairly crippled in functionality, though. The full version is pretty damn good though.

http://www.malwarebytes.org/

Windows Updates – these come out at least once a month on the second Tuesday (a.k.a. Patch Tuesday http://en.wikipedia.org/wiki/Patch_Tuesday). It’s generally a good idea to pull in the latest updates. I suggest adding Microsoft Update to your system as well so that your other MS products (if you use Office or Visual Studio or anything MS) will stay updated as well. I have mine set to automatically download but notify me about installation since I like to evaluate the updates beforehand. If you’re interested in looking up the update info, I’d recommend this as well. If not, just set to automatic install. Checking the “optional” updates is also handy at times for driver updates (I prefer going to the hardware manufacturer directly) or non-critical system updates.

Combine all this knowledge with an authenticator on your account and you'll be fairly safe from getting hacked as long as you're diligent about keeping your system clean. The current, only known method (afaik) of hacking an account with an authenticator is by using a "Man in the Middle" attack where a trojan/keylogger is loaded onto your system and throws an error about your authenticator code being wrong. It takes that code, uses it in a very short time frame (3min or less), and the person stealing your account uses it and your password to login and subsequently locks you out of your account in various ways.

Like I said, this is basic guidelines and any feedback or more suggestions would be appreciated, I'm sure. In the end, your computer and account's security is ultimately up to you. Blizzard can only do so much to prevent and counter account theft.

I'm an IT professional that works in a large corporation so I get to keep tabs on what works and what doesn't and how well the ones that do work, work. I simply posted this because I've been seeing tons of threads about accounts getting hacked and threads about the authenticators. I felt I would share my knowledge with those who may or may not have the same knowledge. Happy hunting!

We've seen people try fancy stuff to steal your accounts. They're not limited to the following:

1. Hijacking an ad banner to exploit a Flash vulnerability.
2. Hijacking an ad banner to exploit a PDF vulnerability.
3. Hijacking the Launcher's page. Since it's basically a web browser, it displayed what they wanted. It's generally a fake site where you fill in all sorts of account and personal info that we don't ask for.
4. Making a fake Launcher with the said fake page.
5. Fake addon installer packages.
6. Scams saying your account is under investigation and would be banned if you don't do something.
7. Scams saying that you won a free prize and to visit a site to claim it.
8. Scams that you're selected for an alpha or beta build, or even something like the World of Warcraft movie and to visit a site to get it. It usually has a payload waiting for you or has you log onto the site.

There's a lot more. We see people having their accounts compromised and locked out mostly due to the above. Having extra knowledge to prevent bad things from happening is something desirable.

Ok Talrenya. Thanks for the help thus far :)
I'm more of a hardware person than a security expert so maybe someone else can step up and help out, too.

Just some thing odd in the wild: http://www.microsoft.com/technet/security/advisory/2219475.mspx
Moral of the story: don't click on weird links.