As much as we'd like to bash Microsoft, or whatever software vendor is affected by exploits, the truth is that user behavior also contributes to the poor security on some machines. Jeff Atwood details his own experience with a PC that was infected because he surfed 1 website with an old version of IE6.
I recently upgraded my dedicated racing simulation PC, so I was forced to re-install Windows XP SP2, along with all the games. As I was downloading the no-cd patches for the various racing sims I own, I was suddenly and inexplicably deluged with popups, icons, and unwanted software installations. I got that sinking feeling: I had become the unfortunate victim of a spyware infestation.
The simplest thing you can do to protect your machine is run your operating system's automatics updates service. Windows has the Update app that sits in the icon tray, Mac's have the Software Update option in the apple menu, and Ubuntu provides update notification in the notification tray via an orange icon. You should be in the habit of running updates frequently, no matter which system you run. I was dismayed a while back by a colleague who felt they didn't have to run updates in Ubuntu because essentially "Linux is secure enough".
Another good practice is to always run the latest version of your browser of choice. If you use Windows Update, you'll keep Internet Explorer's patches up -to-date, although there are still unpatched vulnerabilities in the wild. A better option, and my recommendation especially for Windows Users, is to run Firefox 2, which automatically updates itself.