For a start, antivirus software and a firewall should be installed. When browsing the Internet, use an account which does not have administrator rights. This will prevent the laptop from the majority of malware attacks, with insufficient permission to install the malware.
It's also important to configure Web browser security settings so that frequently used trustworthy sites have lower settings than other untrustworthy ones. The settings ensure that potentially dangerous browser extensions are disabled when visiting untrustworthy sites.
Behaviour is also important in preventing infection. Users should be educated to work safely. They should be made aware that untrusted websites, emails or even USB storage-based devices should be viewed with suspicion, and seen as potential sources of malware.
Finally use a modern operating system and ensure it is patched frequently. Modern operating systems have numerous protective mechanisms against buffer overflows, and frequent patching will protect a laptop against malware that uses the latest exploits.
This was first published in October 2009