I think the occasional pre-bundled download is the biggest risk of all to meet a potentional unwanted program to-day. Clicking through without paying attention on a download install is almost like playing Russian Roulette.
Pre-scanning sites you never ventured onto cannot be a bad practice either, if you can find the time for it.

The amount of websites with excessive header information, outdated CMS and vullnerable themes and plug-ins etc. is almost endless. Given the fact that hopefully the malcode is shortlived before either being taken down or closed, could easily lead to some user getting infested (use the avast! software updater and keep all of your OS and third party software fully updated and patched). Block ads that could also be occasionally malware infested. Block third party requests and scripts.
Safehex and use of the braincells sitting between the machine and the chair should do it, Still you could be the odd one out that becomes the PUPcode prize winner.of the day, as I have been demonstrating in this thread.

Keep the avast! shields up and running together with DrWeb and TrafficLight extensions up and active.and use a good Adblocker.

pol