It doesn’t matter what operating system you run, there is always a risk of a security flaw. Even in Unix style operating systems, various programs have been created which take advantage of the user, often in the form of a Trojan (malware which masquerades as something else so that the user can install it). And while you are more likely to get away with not running an Antivirus on Linux then you are on Windows, don’t take the risk.
This isn’t the first time I’ve brought this up, and once again this is prompted by a series of attempted attacks that have been made on my website, presumably by a botnet. These are not target attempts, but rather simply a series of checks to see if certain php files exists (such as setup.php) and attempts to add the IP address to a list of administrators. On the past three days, four different IP addresses have run the same series of 166 vulnerability checks, all from different parts of the world, hence my belief that it is a botnet. And as a result, I can’t stop the attempts just by banning one or two IP addresses because each time it comes from a different place - one more computer infected through lack of proper maintenance.
Although I expect my few readers are relatively concerned about security, this is something that needs to be passed on, make sure your friends and relatives keep their security up-to-date, and don’t let your own system lapse.
As far as free tools (though only one is open source) for Windows you could install AVG, Avast, or either platform Clamav (AVG also has a Linux version, but it is only 32 bit). To add an extra layer of protection on a Windows machine, you can also run threatfire. In addition to this, there are a number of well known legitimate, for pay Antivirus clients available on Windows, but the ones that I have listed should be serviceable.