Since I'm toying with some cracking and malware methods myself for the purposes of securing my own networks, I'll try and summarize how malware tends to work.
The purpose of malware is to deploy a given payload on a system. The payload can include anything from a harmless popup of kittens with the caption "you've been hacked" to a keylogger (records everything you type) to advertisements to remote access to your computer. Basically, anything goes.
There are a few different ways you can get hacked, but I'll focus on malware, since you probably don't run a website (webmasters have a big target on their back that says "hack me"). Basically, the malware author designs a malicious program and tries to get your computer to run it somehow. Once it does, it'll unleash whatever payload the author put into it, provided it isn't stopped by an antivirus. There are quite a few ways malware authors can get you to run their malware. The most common is to trick you into running it yourself.
For instance, the malware author may craft an email that looks like it comes from a reliable source, instructing you to open an attached file, which, as it turns out, is the malware. That's just an example, though. It certainly isn't limited to email. Many tools that claim to assist in software piracy may be malware; some even perform their function in addition to delivering their payload. It's actually quite simple; all the malware author has to do is get you to run a program. There are countless ways he could get you to do this; the practice of tricking people into doing this sort of thing is called "social engineering," and you can read more about it on
Wikipedia.
There are other ways to get you to run a program that don't require your interaction, however. These usually rely on exploiting some behavior in the software you are using. For instance, let's say the malware author has also managed to gain control of a website you like to visit. He might leave most of the website intact, but insert some code that takes advantage of a glitch in your web browser to run his malware.
Another potential avenue of attack could be at the operating system level. A lot of operating systems have services running in the background that connect to the internet for various reasons. Some of these services can be exploited to run malicious code and deliver a payload.
The best thing to do is to keep an antivirus program like
Microsoft Security Essentials running at all times and, if you are not behind a router with a built-in firewall (most routers have one), to also keep a software firewall running, such as
Comodo Firewall (note that this comes with an optional antivirus that you should not install if you are using Microsoft Security Essentials). However, no software is an alternative to safe browsing habits; be sure not to run programs that you didn't seek out yourself and not to follow links to sites that deal with your personal information (find out the site's address and enter it manually each time; e.g., type 53.com into your URL instead of following a link from your email).
Also, know that there is no 100% safe solution (this is important). It is almost impossible to keep a determined cracker out of your system; there are ways to trick antiviruses and defeat firewalls, but they take time and effort that most common malware authors won't bother with (though someone determined to break into your specific system might). By knowing what you're doing, you can be safe from 99.9% of attacks, as most target people that don't know what they're doing.