1. The ONLY protection home routers have is encryption, which is easily cracked in almost all cases through a variety of means. The upside is that you have to be in range of the wireless in order to crack it. For most people this means within 200 feet of the router. All other suggestions; MAC filtering, SSID broadcasts, etc. do not provide any protection from a malicious intruder, only hassles for legitimate users. Unless of course you want to go through the hassle of setting up a RADIUS server. AP isolation is good as well, but only really useful if you have wired machines on the network and do not need them to share anything.
2. Antiviruses do not provide security. They clean up after a breach. This is useful, but I prefer to simply not have the breach.
3. Firewalls are of limited usefulness as well. I have personally used vulnerabilities in firewalls many times to penetrate machines. Rather than installing something to block access to services, turn the services off, or block them within the TCP/IP configuration.
A few suggestions:
1. Delete/disable all administrative shares.
2. Passwords on Windows should either contain unicode characters 179-200 and/or be over 14 characters. This invalidates the LM hashes preventing easy cryptanalytic attacks when authenticating over the network, or if somebody anaged to actually get on your machine. The older hashes are compatability throwbacks and not necessary for local authentication.
3. Run IE as a separate user and deny execute permission on the local settings folders and all sensitive areas for that user. IE is now immune to malware. It can exploit all day and nothing will be able to run. Do the same for Flash and other "add ons."
4. Use limited accounts for everything.
5. Test out suspicious downloads in a sandbox or virtual machine before running.
6. Use a GOOD antivirus occasionally. Avast and Avira are good free antiviruses, but nothing on the market can even come close to Nod32 in terms of heuristic capabilities, low resource usage, and program compatability.
7. Audit everything. Audit logs are your best source of information as to what is happenening in your computer. Setting CAF (Crash on Audit Failure) is a good thing to set as well. This will immediately kill the computer the moment something interferes with the logging process, preserving the integrity and accuracy of the logs.