If the criminal can get their own software running on your machine they have the potential to read and alter any of your documents and data. They may get access to your email lists and mail programs so that they can send out mail in your name - and try and spread their software to other machines. They can spy on your key presses to record passwords even though you only type them in when you use them. They can also access any cameras or microphones, or GPS on a mobile device to know where you are.
Many newer computer systems are designed to make it difficult for the criminal to install their software. For example by making separate accounts for admin purposes ( sometimes known as root accounts ) and more restricted accounts for normal use. Too many users use the admin account all the time and this makes it much easier for the criminal to install their own software.
Web browsers try and restrict what software running on a web page can do. They may run in a 'sandbox' that prevents any software embedded in the web page from having wider access to the computer.
The easiest way for a criminal is to get you to install their software for them.
By clicking on links in their web pages.
By opening attachments to their emails.
Even by clicking on some adverts.
By installing free and 'trial' versions of apps from websites or app-stores
By installing counterfeit versions of Windows operating systems - malware will be installed at the same time.
Often the first software to be installed is a general purpose malware loader - that can be used to update itself and install other malware at a later date, and often it will also try and spread itself to other computers.
The easiest computers to attack are those running old and out of date versions of the operating system, or software. The criminals know how to attack these with ease. They know about all the holes and mistakes in the software. Computers that are kept up to date for both operating system and software are much harder to attack.
Free and secure up to date versions of Linux will run on most older computers, and easily do the things that most people need.
Anti-malware, anti-virus software is designed to prevent the criminals getting their software installed on your computer - but it must be a reputable version and kept up to date.
Keep an eye on the specialist labs that test anti-malware and make sure you install one with a high rating from the real site. There is plenty of fake anti-virus around.