I have a paid copy of AVG and haven't had any trouble with the 30 workstations using it. I still use a combination of firewall; malware detection and common sense to help.

You could also do a combination of dual booting, one OS for regular things and the other OS for work. Make restricted users and USE them. I know so many people that surf the internet with their Admin account when they could play it safER by using a restricted account. Also, make some insane passwords for your admin and service acounts.