There will be plenty of information from professionals on this matter, and there are so many products that I will simply not cover many. Instead here is a breakdown of what you should need, and some guidance on other factors.
This has been the big one for a long time, the web can be swimming with all sorts, viruses, trojans, worms – its a regular menagerie of the digital kind. So the anti-virus (AV) is there to try and prevent this, crucially, some provide more than just AV capabilities; though my personal preference is to avoid this sort of situation of one service provides all.
The major take home factor is that you will not need more than one AV program installed… installing multiple will slow down your system and potentially cause collisions or issues between them. Its worth doing a great deal of research on these; there are decent free options out there (Avast! and AVG being prime options).
It sounds similar to an anti-virus, indeed they aren’t that dissimilar – and it may be that the Anti-Virus already intervenes here. In short though, Windows will install its own named Windows Defender. I’ve also installed Malware Bytes Anti-Malware (MBAM) which has often caught what the others have missed; this doesn’t have any sort of shield mode in the basic version, but does offer powerful scanning and removal functionality.
Arguably, if you have decent networking equipment you should already have a Hardware Firewall, that said a software firewall provides that extra line and is more visible than something tucked away in a blinking box. Windows also comes with one named (imaginatively) Windows Firewall, and after trying third party firewalls, I’m not sure any other is necessary. It should be suitably secure for a normal and safe user.
But the problem with all of the above is it can give you a false sense of security; anti-virus/malware are useful if you’re attacked, firewalls can prevent direct access but can be circumvented. Think of it as minimising an attack surface (or reducing the number of vectors), the main weakness is going to be how you use the internet. Those being social engineering if you use social networks, emails, and browsers.
And of course a healthy dose of user caution never goes amiss, don’t blindly click all links sent to you by email or chat client.