“All you need is a firewall and a little common sense. Don’t run stuff from unknown sources and you will be OK.”
While that will take care of about 90% it isn’t a good plan. Well known and reputable websites get hacked. If you visit them your computer will be infected without some kind of defense. This bypasses the firewall because it rides port 80 through your browser, which is enabled.
That depends on what you are using for a browser. Never use IE.
Actually, the most insidious things I've heard of have been bugs in Adobe Reader and WinZip. If you open the wrong file with an unpatched version of either of those, you are owned. I don't use either of them. For PDFs, I use Foxit on Windows and Preview or the Firefox PDF plugin on the Mac. And I use 7-Zip on Windows for zip files and other types of archives. Easier to use, compresses better, and is secure.