Only 5 years ?
It has been since at least 1998 since I have last seen malware on any of my home PCs.
Do I have expensive AV software and firewalls ? No.
Do I seek out and immediately install all updates to all my software ? No.
What have I done then ? Simple :
1) I have set IE as a web browser I only use for specific sites that do not work without it.
2) I use Firefox with Adblock, NoScript, Redirect Remover and Cookie Manager add-ons.
3) I do not use Outlook for my email.
4) I do not install toolbars of any kind, ever.
5) I do not have any IM client of any kind anywhere.
6) I do not use any social sites or even social media of any kind if I can help it.
7) I do not blindly click on every link I get in my mail. Unsolicited crap gets trashed by my whitelist management system, anything else I check and verify before clicking - if I feel that it has a possible relevance to me.
Now, I am a particularly rabid curmudgeon, I agree, but I do believe that the first 4 steps - and the last one - can be easily followed by everyone without trouble. If you do have use for Facebook, Twitter or whatever, it's your call; I'm not criticizing that, just saying I don't use them.
And since malware writers love targeting things that are widely used, not being on Facebook certainly saves me from some measure of risk.