I disagree with #1 (not necessary these days IMO).
#5 is bang on, to expand a little, spyware (also known as adware or malware) is software that installs itself to a machine to promote a service/site etc.
It can often get onto a machine via mistyping the web address of a site (which brings you to another site that installs the software) or via security vulnerabilities in a web browser. Or, simply by clicking "yes" to install helper applications suggested by pop-ups. I'd say using regularly updated anti-Spyware tools, in conjunction with updating your web browser with the appropriate security patches from the manufacturer is the best course of action.