There are some best practices and basic precautions users should take when configuring a system. These include making sure the user is running as a standard user as opposed to an administrator, which is now something people can do successfully in Windows Vista and Windows 7, running a decent anti-virus program, setting up a firewall along with keeping all of your software up to date which nowadays is mostly automated.
If you're setting up either Windows Vista or Windows 7 for someone, the only thing you really have to do is install an anti-virus program and setup a standard user account for them.
Regarding the web browser, Internet Explorer 8 is perfectly adequate to use and you also get the advantage of it running in protected mode which is just another layer of protection for the user. Hopefully, in the near future, we will start seeing other web browsers take advantage of the integrity mechanism in Windows Vista and Windows 7 just as Internet Explorer does by default.
Though, having said that, it doesn't matter how you configure someone's system, if the user isn't educated and doesn't understand the security risks of some of the things they do, the possibility of their system being compromised greatly rises. Though, this doesn't mean to say when we configure the system, we shouldn't do the things mentioned above since they will help mitigate against certain types of attacks.
You can take other steps to further increase the security of the system and completely lock it down but this will mean having to severely restrict the user and then their system doesn't really become their system any more since it's very much controlled by the person who has set it up. Blocking a user out from their own system obviously isn't a good idea.
On the family computer at home though, which my parents use and also my younger brother who uses it 95% of the time, I have locked it down slightly by giving everyone a true standard user account and anything that requires administrator privileges will prompt the user to enter administrator credentials, which they won't know. This stops my brother from installing every infected / buggy freeware application that the internet has to offer along with changing system wide settings. If my brother wants to install say for example a game, then I will switch to a dedicated administrator account. I'm around pretty much all the time so setting up their system like I have isn't a problem because whenever they wish to install an application, which is really the only thing they do which requires administrator privileges, I'm mainly always there.