I think 99% of routers already put you behind a firewall and I'm using the internet through a router. So I'm guessing the Windows firewall is not needed. What do you guys think? Windows firewall on or off?

Yes you should use a firewall regardless of having a router, whether you use windows or a 3rd party one is up to you, though windows firewall is generally regarded as fine on vista or above (I'd still harden it a bit though.)

It's not like you want to rely purely on a firewall either though, you should still have a scanner or two with you to pick up viruses (One licenced and one independant, never put two licensed scanners together or they'll try to kill each other), and a dedicated rootkit scanner.

So many useful replies, don't know which to mark as solution. I will just mark the first reply as a solution and +1 every post, hope that is okay?

Do what you like but I heard the "+" marks don't do anything unless five people do it for one post.

Most modern routers have NAT and SPI.

That's a minor defense at best though, and it doesn't protect the user from things he does himself.

It's been solved, but you always want to have firewalls in both the router and on each device. Basically something to keep people from coming in and something to protect the machines from each other.

Some routers do have firewalls in them, I know the one I use back home can do stateful packet inspection and a few other tricks. It's not as good as something like PF, but it does the job.

The fact that people often don't do that just means that as soon as somebody cracks into the network all of them go down.

As for multiple antivirus products, that's generally a bad thing. Either they catch each other or you have a convenient place where you can't properly scan. Neither of which is a good thing.

Well, with two scanners I generally only ran into issues if both were licensed products, AVG and Norton and the like. Being cheap, I use AVG's free. It doesn't find everything though so I found a separate scanner that helped dig out anything that hid a little better, and that was something that always had to be run manually. Same thing for the dedicated rootkit finder, it could find things AVG missed and was something I used if I happen to get nervous with my system, another manual program. Maybe Avast and Norton actually are that complete with their scans but I've not come across something that always got everything. The ones I used also never noticed each other which was a good thing.

Can you name a product that does? I bet it's universally hated specifically because of that feature. UAC would be the obvious example.

The closest I come across is when AVG stops a pop-up with trojans or something, which is rather handy since it just shuts the page from doing any more past displaying. I still run the scan immediatly after though. One thing that does it a bit more commonly would actually be the default interface settings on my computer since it asks permissions on absolutely everything, and that annoys the hell out of me, especially if it tries to kick on in the middle of a program, such as updating my scanner.

You won't find that you're finding things with two scanners that you wouldn't with one good scanner. All you're doing is adding load to the computer and providing a convenient place to hide malware.

In practice, the only thing you really need antivirus software for is drive bys from various websites, but with No Script, Useragent and a few other add ons you can handle that as well. In the 15 years I've been online, I've only caught a virus once and I haven't had one since probably 1998 or so.

Ultimately if it's hidden good enough to trick a good antivirus product, it's probably not going to be found by another one, the main risk are the unknown malware.

I think people place too much confidence in their virus scanners. The first point of keeping your system secure is keeping all your software (especially internet plugged in) up to date. If you've done this, then your virus scanner is only likely to detect threats that have been lingering on your PC for a while (once the firm has admitted the vulnerability, the virus scanner then needs to find things exploiting it, and then deliver the update to intercept it). I only trust my virus scanner to correct a mistake, not to prevent a new virus.

It's a cold and selfish route, but if you stay ahead of the pack with all the most recent security updates, you're not likely to be the victim of attacks.

It's weird I know, but I really have discovered at points the AVG scanner will miss some viruses and roots that I keep the back-ups for. Again I really only used them when I felt it was absolutely required, but they helped. I don't recall what prompted me to actually go and find them though, I think it was when AVG found something then wasn't able to fix it, and then after that couldn't find it again. Could have been that it was set into an ignored list.

In any case, I'm nowhere near an expert at any of this, so there's still alot I haven't tried. Example, Hedward's add-ons. I've never heard of any of those, and if my friend in Barbados could ever get his internet working again he could probably help me with getting those set if they really are as good as you say they are.

And of course to wpegg, yeah, I'd have to be one of those guys putting too much faith into the scanners, though I at least make sure to keep track what each one finds and displays. That's more than I can say for my family, though I can't say it makes my computer that much safer for it. Most of the time all I pick up are tracking cookies (Fucking facebook enabled websites), so it's at least one less thing to worry about even though that's not the only thing to be concerned with.

I also had on my old computer before it died a short list of things that were near impossible to find and had dedicated detection programs. They'd have to be removed manually since nothing at the time was able to get rid of them. Speaking of which, has anyone heard anything about the banking virus that sprung up a couple months ago? Supposedly it copies your webpage and displays it every time you check your account while it draws money from the account. Thanks to that one I've avoided banking online and doing all my business in person at the bank.