Let me first state that I work full time in a computer security incident response team in a very large global company. A large portion of any incident responders workload is dealing with malware of some sort.
Anti-virus software is a good thing-- don't get me wrong here. The problem that anti-virus (AV) vendors face is that all of the AV products rely heavily on signatures-- this typically means actual byte patterns from already analyzed viruses and other malware. Since the virus has to be analyzed before signature updates can be pushed out there is always a lag time between when the researcher gets the sample and when they can put out the updated file. Sometimes this lag is days, sometimes weeks, sometimes longer. AV software is therefor ALWAYS behind and simply cannot be counted on to protect you from the latest threats. Some malware is polymorphic which means as it spreads it re-encrypts itself with every copy (or even on a timed basis). This means that antivirus vendors simply cannot keep up.See a comparison of AV vendors products here-- you'll see that Norton only caught 44% of new samples tested, compared with some others that were 71%.
http://www.av-comparatives.org/seiten/ergebnisse_2008_11.php Using Firefox is definately something you should do (compared to IE). Having your system updated as soon as patches are available is another.
Many security folks recommend Kaspersky, Avira and Antivir-- just about never Norton or Symantec.
You can find this sw and most of the other software you need at this (malware free) site:
http://filehippo.com/
