You ask some very good questions Confused Chimp,
And even though I am running the same OS as you and am also somewhat of a security junkie, I somewhat wish to point out that these subjects are somewhat still open to debate. But I get the bulk of my advice on the spyware warriors forum---so I recommmend you take what I say with a grain of salt and see what others say.---look at castle cops also.
But you seem open to advice and knowledge and thats a very good sign. And you are also right that malware of all kinds is becoming an increasing threat.
Without layers of protections you are at risk with any windows PC on the internet.
Fortunately there are lots of software---both commercial and free that help combat the threats---but without basic user knowledge to supplement these, you are still at risk. Especially troublesome is the fact that certain programs billed as protecting you from malware---are in fact rouges that infect the user with malware.
First, I have no love for symantec or Norton--products I used to use that have now turned into bloatware with poor tech support. Although their standalone AV is not bad. Nor do I know much about the nvadia firewall
pro or con. But in terms of the sp2 microsoft firewall, its better than nothing, is only a one way firewall, and you can do far better.
But to cut to the chase, this is my personal opinion---your security should consist of.
1. A two way software firewall---better yet that should be behind a hardware firewall. Choose wisely because you can have only one software firewall.
2. You need an active anti-virus application running 100% of the time---again choose wisely because you can have only one. Although its good to sometime run on line scans to double check the AV you choose.
3. You should have a number of passive and active spyware scanners. Keep their footprint as low as possible.--because a glut of them can slow your PC.
4. you should have a few process control apps--to catch anything that slips by the moment it tries to execute.
5. You should do some common sense things like self-education---keep your OS fully patched---don't use ie any more than necessary---use firefox, the mozilla suite, or opera for most web browsing. Learn to set all web browser settings to at least medium or above. Avoid p2p web sites--they are loaded with malware. And any AV and anti-spyware apps must be kept updated--they are only as good as their definition files.
And by the way my annual security budget is zero---and this is what I use.
a. I use the sygate free 5.5 firewall build 2710---because it plays nice with my small network. Consider also zone alarm, Kerio, or the new free comodo firewall---and thats just a few free ones--all two way firewalls.
b. I use the avast free antivirus---also free is AVG---have heard some excellent recommendations for paid program like Kaspersky and NOD32.
c. I am big on spybot, adaware, and am now also using super anti-spyware. I am also trying ewido and have tried a2. Also download the free microsoft windows defender because its free with windows. Highly recommended are programs with low footprints like spyware blaster, the iespyads is also a must have for any that use ie much. Another low footprint program is spyware guard. for commercial programs--both spyware sweeper and spyware doctor are pretty darn good from what I have read.
d. I now use win patrol and system safety monitor for process control. Alos good is process guard.
The above combination has kept me pretty safe for a number of years--a few tracking cookies slip by but my regular scanning makes sure they don't last long.
Hope that helps---you don't have to make my choices your choices---but something similar will keep anyone pretty safe---as long as they are not stupid enough to fall for phishing scams and the like.
And the last piece of advice is--learn to post HJT logs---they can catch things no scanners can touch.---get that clean bill of health and keep it that way.