There is no 100% proof guaranteed method of being absolutely safe and most likely you are vulnerable to an exploit or hack at this very moment regardless of the platform you are using (pc/phone/laptop).

No matter how many precautions you take, there's always a way of being hacked, infected, etc. if somebody motivated and skilled enough desires it. 

In some of the following situations described below, the author presumes that you, dear reader, are a Microsoft Windows user, In others, It applies to everybody. 

Part 1: the local scenario:

You need to stay safe by not taking anything that you download to your computer for granted and by not giving out your personal information out there for free for granted. So you have to police what comes in your PC/laptop/tablet/mac/phone etc and what goes out. 

The rules of thumb on how to not get viruses are these: 

Never trust files from anybody including your closest friend or even your mom: not because they want to hack your computer, but because they themselves may be hacked and not even know it. 

Always apply rules of common sense when you absolutely have to execute a program downloaded via the internet: 

1. What is the source of the program ? Is it a famous website that would take time and money to invest in cybersecurity because it cannot afford to have it's reputation destroyed by infecting it's customers with viruses?
2. If it's not a big site like softpedia or cnet, are you absolutely sure you cannot get the program from one of the above "famous" variants ?

If you have no choice but to download and run it, and you suspect it may be from a shady source, don't worry. First of all, if they have a portable zip version, get the zip. It's generally a better idea to know and see what you're unzipping instead of some wizard setup setting up whatever it's setting up in the background. 

Regardless if it's a zip file that contains an exe or if it's an exe file by itself, dont just execute it fingers crossed. 

Use an online virus scanning website that is free and makes use of several antivirus engines to check your file:

• https://virusscan.jotti.org/
• https://malwr.com/submission/
• https://www.metadefender.com/#!/scan-file
• http://www.virscan.org/
• OR the most well known of them all https://www.virustotal.com/

That should in general give you a good idea even if you have an antivirus installed or not about the nature of the file. Virustotal even has a neat windows upload tool that once installed you get a nice "send to virustotal" entry on the right click menu on files. 

Note that all the might of the above may not detect an actual 0-day (Zero-Day) virus. By that it's usually understood that the virus is so fresh and new and innovative in it's virusy ways that not one antivirus was able to figure out that it's a virus yet. 

So in that cases, you'd use what I like to call a sandbox: An environment that even if infected has zero impact to your actual computer and to your actual files, online accounts, credit cards etc. There's a very well known piece of software that does just that and it's called sandboxie : https://www.sandboxie.com/ 

If you for some reason don't want to run it in a sandboxie instance environment you can go full emulation and opt for a virtual machine : Install virtualbox from https://www.virtualbox.org/ and create your own little virtual computer inside where you can run all and any kind of unknown programs with relative safety. (not 100% proof but that's another topic) 

Keep your pc up to date regardless of the operating system you are running, or if you want to get a bit dirty, at least find out what services are running on your machine and manually shut down what you don't use, and/or set up firewall rules for the things that you'd rather turn off but are required to leave on. This way you at least make it a bit harder for the "attacker" and usually the attacker is an automated piece of software that gives up on the spot if things don't work in their favor. But it'll try again in a couple miliseconds, it's sometimes persistent like that.

This way you should be relatively safe when downloading and executing unknown files from whoever or whatever out there on the webs. 

The second part, The so called "remote" scenario :

This is what would be considered internet use common sense 101 rules of conduct. You probably know some of them, but read on regardless: 

• Never use the same password on all your online accounts
• Always try to opt in for 2factor authentication using email, sms, or an authenticator like Google Authenticator. This way even if somebody finds what your password is, they can't do much about it except try to use it on pretty much any other online service they can think of, where they hope you didn't enable 2factor authentication. 2factor basically acknowledges that you're you only when you provide the special code sent via email/sms or generated by the authenticator. 
• Not really a big security/malware issue but whatever email client or service you use, there is an option (or there should definitely be one since we're in 2017) to disable loading images in the email message body. This will help you fight of loads of spam, mostly because lots of images that show up in your emails are very easy to use to track down the fact that your email box exists, is active and therefore ready to receive mail that is actually read. It's actually one fav way of email discovery, when so called leaks of data get in various hands, the spammers or malware distributors know they have millions of emails but don't know which are actually active. Once they know, your email gets added to spam lists and you'll be getting mails from them and their friends and their friend's friends for a long time. 
• When a webpage tries to get any kind of personal data from you, unless you have absolute certainty that it is a legitimate source, don't feed it your actual personal data. Invent. You don't have to give your identity away just because they say so.  Buzzy Bee living on "Honey street nr 64" is way better than your actual name and address and will likely get you OUT of trouble in the event that said website is hacked and anybody has access to your name and address. 
• When you are asked for passwords or for logins, don't blindly click the login with facebook/login with google+ or whatever. Take the time to create an actual user because you don't really want to share your facebook and/or google+ or other platform's data with any website, do you ? Remember the what if they get hacked scenario. Also, if you Absolutely have to, make sure to grant them the minimum permissions necessary for their "login" to work. They may ask you for email birthdate and that's what usually anybody does nowadays, but they have zero need for your friendslist. That's just using your data for free. You know, lab-rat style. For advertising and whatnot. (and who knows what else?)
• Make sure you are on the actual website that you think you're on. Sometimes you may find you're actually writing down your credit card number on a page that claims to be what it's not. They have ways of tricking you into thinking that this is legit. From the standard photo-realistic copy of the legitimate website and it's look and feel to the url title. However, what they can't fake is the ssl cert. Make sure you login only to pages that are OBVIOUSLY delivered via HTTPS (your browser bar should say SECURE or be green and have a lock on it depending on your browser of choice). This is a no brainer:
• NEVER LOGIN ON AN UNSECURED PAGE
• Also, a bit more techy, click on the url bar where it says secure and check for more details, depending on your browser it will be different, for chrome you need to press F12 and go to the security tab and check the Secure Connection for the crypto protocol, in firefox you click the lock in the url -> the arrow -> more details and down under Technical details you get info about the crypto protocol, and it should ONLY BE TLS 1.2 as of the writing of this article. Anything lower than that and you should be somewhat worried, anything not using TLS and using SSL you should just disregard as they clearly don't care at all about their user's data safety. 

Don't fall for it : Just because it looks the part doesn't mean it does the job. Don't fall for the ages old optimizers/cleaners/etc pieces of software that are usually filled with bloatware and even if clean, don't do much improving anyway. 

Remember that no piece of software can magically make your pc invulnerable to viruses or to hacking and ultimately be very careful and skeptical about ANYTHING on the internet, think of it like a stranger asking you questions that would in real life creep you out. Just because it's shiny, has good graphics, great colors and funny sounds and looks very clickable doesn't mean you have to go with it. Only means that it's very well designed to steal your attention. Just like a good ad. Or a flashy product. 

Don't be fooled by marbles in exchange for your gold just because they're shiny: They're still just pieces of glass.
And Gold is Gold.