She may be a "professional web designer", but she doesn't know a lot about viruses, and stuff.
I am what's called a "Certified Ethical Hacker" (http://www.eccouncil.org/ceh.htm) and while she's right, you should NOT waste money on Norton, you should NOT depend on just software viruses and a software firewall. You should ALWAYS ALWAYS ALWAYS use a hardware firewall. I use a NetGear FM114P, which is a 4 port router, firewall, print server, and access point, all-in-one. ALso includes NAT, DHCP, an SPI Firewall, and VPN support, as well. Ideally, you should also run TWO firewalls, each a different brand so they do checks for different types of packets. You want to block for DDoS, SQL Injection, and Melissa, I Love You, and Chernobyl, among others.
The two firewalls will create a DMZ. Inside the DMZ you should have a Honeypot, a Sheepdip, and a proxy server.THEN you will start being more secure than you are now.
Software firewalls are fine, but they are only half a solution. WIndows Firewall filters only incoming, not outgoing. The new firewall included in Windows Vista will filter both ways.
All Your Base Are Belong To Us. Take Off Every Zig. You Have No Chance To Survive, Make Your Time.