Computer security is hard. Technical people have a hard time keeping up with all the issues, so what is the average computer going to do?
The Security Now, podcast #229 describes a few simple rules that anyone can follow:
These are easy enough for anyone to remember and follow. It is much better to follow a few simple rules, instead of having more better rules that don't get followed.
For further details, see the So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users paper. It describes how some traditional security advice is not worth following, because the benefits/risks are outweighed by the cost of following them.