First of all you are totally right to question the statement of "if there are more than 8 TCP connections you have spyware", I cannot believe a tech support professional would say this - what a totally irresponsible thing to say to a customer!
It's quite possible that you might have a lot of TCP/IP applications running on your machine or you might have a couple of TCP/IP applications making quite a few number of valid TCP connections ( web browsers do this, they launch parallel threads to download page info, pictures etc ) and this might show many more than 8 established connections on a netstat display.
If you have hundreds and hundreds of established connections in your netstat output ( and you're not doing much or not running any applications that need IP connectivity ) then perhaps this might suggest that something isn't right.
The netstat tool allows you to see what sort of network services are running on your machine ( these will be in LISTENING state ), as well as seeing what sort of connections you have active ( these are TCP connections in ESTABLISHED state ).
There are 4 columns in the windows netstat output, these are Protocol, Local Address, Foreign Address and State. The foreign address is just the IP address ( or hostname ) of another machine which you have a connection to. So, if you're browsing google.com for example and quickly do a netstat, you should see an entry in there ending in a "google.com" address followed by ":http" or ":80".
It's good practice every now and then to shut down all networking applications that you know about ( don't forget ones that run in the background and in the systray! ) and do a netstat to see what else is in LISTENING state - this helps you to know what other services are running. Just google for them if you don't recognise them.
However, the best tools for checking for things like Spyware are spyware scanners themselves... I myself use a combination of "Spybot S&D" and "Adaware".
I hope this helps,