Bitdefender and avast are good free options.
However, security is done in layers, so AV software isn't your only line of defense. Most of the time these days, it isn't viruses that are a problem, but malware and cryptolockers (nasty malware that encrypts your data and holds it hostage and demands payment for the password).
Make sure you have a backup copy of your data on removable storage that can be isolated from all your devices. Do regular backups. I like to use Western Digital Passport drives. They're compact, convenient, powered over USB, and currently have 1TB, 2TB and 4TB capacities for around $100 or so.
Use a hardware firewall. Sometimes it is disabled by default on the router provided by your ISP, leaving your devices basically naked on the internet. If you just have a simple/inexpensive cable modem, that generally has no firewall, and your devices are basically naked on the internet. Get a decent wireless router, such as an Asus RT-N66U or RT-AC66U. Many other brands are full of vulnerabilities that don't generally get patched; avoid linksys for that reason.
Keep your browser up to date, and user adblockers and tracker blockers. uBlock origin, ghostery, and privacy badger. Some people go so far as to use noscript as well, but that can hamper your ability to navigate the web.
Use a hosts file block list to blackhole lookups for known malicious domains: https://www.malwaredomainlist.com/hostslist/hosts.txt
Use spywareblaster to block malicious domains, cookies, scripts, and trackers within browsers: https://www.brightfort.com/spywareblaster.html
Don't save passwords in your browser. Most of the time, it's just saved in plain text. If your computer is infected with something, there is malware that specifically targets these password lists. If you want to store your passwords, use a password manager such as lastpass.
Use an email service with a good spam filter to help prevent emails with attachments or embedded scripts. Gmail and Outlook (or any of microsoft's legacy domains, such as hotmail, live, etc) both have pretty good spam filters.
Turn off scripts and images by default in email applications/services. Only load images/scripts within emails from trusted senders. But even then--keep in mind that a trusted sender could possibly be spoofed or compromised to sent malicious email.
If you find a random USB flash drive or SD card laying around and it isn't yours, don't plug it in. Sometimes it might be benign and someone just lost it, but sometimes they are dropped by people with malicious intent and load malware onto them.
Don't autoplay any storage devices that you plug into your devices.
Install malwarebytes and run scans periodically in case something slipped through.
Delete your temp files, browser cache, and cookies occasionally in case something landed there. (note, you do not have to delete your history or bookmarks--go to the advanced settings for cleaning your browser cache, and you will see options for only deleting file cache and cookies).
Whenever you install new software/apps, always dig around in the settings and look for privacy settings. Turn off all the reporting and anonymous collection data settings. You never know what the software is sending when it phones home.
There is a lot more you can add on top of all that to protect yourself, but that generally covers most of the bases.
