Best protection is not using windows to navigate. Use virtual machines with Linux. Linux is much more secure (mostly because almost all virus/malware target windows), and even in the remote case that your system gets infected, the infection affects only your virtual machine. If you are truly paranoid you can have several virtual machines: one for sensitive sites like banks and important accounts, another for regular navigation and a 3rd one for navigating suspicious sites. Then you can keep your windows machine clean and safe for its real purpose: GAMING
Actually, this is horrible advice. Not only does running dual virtual machines slow down performance immensely, but it also gives you no genuine security benefits over running your computer from the standard OS environment. Yes, this would protect your original OS from virus infections spreading to your most sensitive documents, but you are forgetting the most important part: there are many devices that can easily be compromised, and could then help the infection to spread from the virtual environment to your OS. This is something that is relatively easy to exploit, as USB devices are growing in popularity. The only real way to prevent an infection from spreading from your virtual machine to your daily OS is to take a large number of steps... and it would be pointless to list it out, because that alone would take an hour to type out.
And you're partially right. Linux is more secure than Windows, but only to a certain extent; it's just like running Mac OS on your machine; it's the way the OS is written that helps prevent automatic spreading of an infection. On the flip side, there are methods that can bypass this kind of security measure, and there are also people who enter their password whenever prompted, with no thought as to why (malicious programmers take advantage of this). The security benefits are relatively minor, when properly compared in a real world setting, and only the truly paranoid will ever be able to reap all the juicy security benefits from Linux.
If you wanted to be correct, the absolute most secure method of running a clean OS is to run a live
OS (Linux is great for this). By running a live OS (ideally a CD), you do not risk infecting your OS for any longer than your computer is turned on. Also, the only way an infection could spread is to be designed to spread itself through the user's documents, and not the OS files (which is not a method that is widely used, and is used for more specific infection purposes). The only real problem with running a live OS is the fact that you have to burn a brand new copy every single time
a new update is released; if you don't, then you're likely open to new security threats. Is it worth it? That is all speculation.