I'm curious what this thread will reveal, too!
I'm not an expert of this stuff by any means. In fact, I probably have more questions than answers. So, please correct me where I'm wrong or make suggestions where I may have weaknesses in my strategies.

As I see it, there are two sources of attack- outside and inside.
I think the simplest solution for protection against an outside attack is a hardware firewall- like a network router. Even if you have only one machine to connect up, the $40 (for a cheap one) is money well spent. (empeggers can then network the empeg while at home, too!)
What I call an 'inside' attack is the result of poor internet choices- malware installed by a click on the wrong website or released via email attachments, etc.
For me, the first line of defense is to be wary- and aware- of what I'm clicking on.
The second line of defense is anti-virus software. I'm currently using AVG on one machine and AntiVir on another. They haven't sounded any alarms in over a year of use, so I think I'm doing well with my first line of defense. They are easy to use and can be set up to be quite unintrusive.
I tried ZoneAlarm years ago, but it was not easy to distinguish one process from another; not easy to know you're making a good decision on allowing a certain process to communicate. It was frustrating and disheartening... and never revealed any issues.

I occasionally run AdAware and Spybot-Search and Destroy.
I occasionally look at the processes running in the background and google the names that I'm not familiar with.

I'm sure my strategy is full of holes, but my machines are running well.
I'm looking forward to reading about the other empeggers' protection schemes!