Some basic rules which make you just about 100% virus-safe:
1: Don't ever use Microsoft Outlook or Outlook Express. Roughly 70% of all virus attacks are directly associated with Outlook.
2: Don't open attachments. If you absolutely, positively must open one, scan it first and (if at all possible) do it on a machine that doesn't matter. (We keep an old, slow Windows 98 machine here at the office especially for this task: if it gets infected, who cares? Wipe it clean and no harm done.)
3: Remove dangerous and useless software, Yes that's right, UNINSTALL it. There are three primary items which should be on your virus safety removal list: Outlook Express, the Windows Address Book, and the Windows Scripting Host. In Windows 98, you can remove all three in about 20 seconds by going to "add/remove programs" in the Windows control panel. This acton alone wil reduce your virus risk by approximately 80%. Getting rid of Outlook from Windows 2000 and Windows XP is, alas, a lot more difficult, but still possible. Microsoft have a page somewhere which tells you how to do it.
4: If you are on broadband, use a hardware firewall. A REAL firewall - not one of these toy ones that run under Windows. Think of it this way: you are having a party and you don't want uninvited guests, so you hire a security guard to check that everyone has an invitation. Where do you put your security guard? In the kitchen? Or do you lock all the windows and have the guard standing OUTSIDE the front door checking on the guests BEFORE they come inside? A software firewall is like a security guard that sits in your kitchen drinking tea all night. Anyone can get in and, if they are smart, they will never get caught. A real (i.e., hardware) firewall is either (a) a dedicated unit which looks a bit like an oversized moden and costs about $AU200, or (b) a second computer running a secure operating sustem (usually Linux or Free BSD). Any old computer will do, yes, even that old 16MB 486-100 you have out in the shed - and the software is free. All you need is two network cards. (These are a good idea even if you are not on broadband.)
5: Use a good anti-virus product. Norton's if you must (Nortons is competent but bloated, expensive and clumsy (like all current-generation Symantec products, or at least all the ones I have ever seen), PC-cilan, VET, AVG or any of several others if you prefer. I like PC-cillan myself, but everyone has their favourite. Please yourself about this. Don't run two - it's a really good way to cause a disaster. Anti-virus products, by their very nature, are required to break the rules of normal programming (in exactly the same way as a policeman is sometimes required to sneak around at night spying on people or drive faster than the speed limit). There is only a small risk of system instability from one "illegal" program (i.e., your anti-virus scanner). Two at the same time , however, is asking for trouble.
Notice that I listed having an an anti-virus scanner LAST out of five. That is no accident. Statistically, you are far, far safer running a non-Outlook email client on a system without the Windows Scripting Host or the Windows Address Book and no anti-virus software at all than you are running Outlook on a system that has the latest ani-virus program installed.
PS: I make my living doing this stuff, have done for many years. A good, simple rule to follow in computing, which will seldom see you wrong, is to ask any self-appointed "expert" which email client they recommend. If they say "Outlook", walk away and hire someone else - hopefully, someone who has more practical experience and common sense, and who knows something about security.