In an article in Livescience.com, the writer talked about if its necessary to pay for anti-virus. Now the article states (and I concur based on my own research) that there seems to be not a super huge difference in which one performs better. McAfee and Symantec, as well as other pay-for anti-virus companies, do seem to squeeze out better in newer threats (they seem to pump out heuristic signatures better), I really feel no one should really depend on anti-virus to be their last line of defence.

As any computer security person will say security needs to have layers (like an onion!) to be effective. Plus even if you have a free AV (I personally like AVG) you can still get some of those supposed 'bell and whistle' features some AV companies offer when you pay.

• Firewall type behavior: why not jut GET a firewall? Comodo gives you a free firewall (its also AV) and even tells you when connections are attempted inbound/outbound. This will annoy people who just like to have a 'hands off' experience. Or those who got annoyed by Vista asking you permission to do things all the time. Microsoft also offers a free firewall for (duh) Windows users.
• Sandbox: When you sandbox an application, it protects itself (and other applications) in case something goes awry... like a buffer overflow. So in theory, if your IE gets pwned, it can't inject itself into other running processes. Google Chrome using sandboxing isolation by default to help prevent malicious attacks. You can run IE and Mozilla (or any browser) in a sandbox like SandBoxie to keep your internet browser 'isolated'. Consider it the black sheep of the family.
• Web Surfing: There are many sites you can visit which check the legitness of a website. McAfee has SiteAdvisor, Symantec has Norton has SafeWeb. However Web of Trust has a add-on for the major browsers which lists right next to the link if its been considered 'trusted' by the community (which anyone can join) and other sites (like PhishTank). AVG also offers this type of service as well for web browsing.
  

I like how the article does mention virustotal if you have a suspicious file and you wanted to check its legitimacy. Another website I would suggest is ThreatExpert. You can search by threat name/process name/MD5 hash/mutex and it will return any hits found in the database. Its nice when you want to see more of an overall picture of what the virus is doing to your system. It shows modified/altered/deleted files and registry settings. It also shows any outbound connections to websites and what ports they went over.

What I am trying to say is no matter what AV vendor you go for... you need to make sure you have additional features (host based or network based) to defend yourself.