I also agree that nod32 (or ESET Smart Security as it's now known) is the best AV available. This is largely due to their exceptional heuristic engine technology.
For those which don't know, this identifies threats based on their behaviour rather than pure signature matching which 99% of other AV vendors provide. As a result, they stop significantly more 'new' viruses which are still awaiting signatures/updates from AV companies to be disseminated to the client applications.
It is not, nor will it ever be, perfect - since this problem cannot be proven as solved.
As for free options, I would recommend AVG as they have reliably finished near the top end of the field.
Regardless of any of this, the best AV is to follow internet best-practice:
1) Don't click links in email, copy and paste the actual text (or better yet type it yourself)
2) Don't download/install anything which you didn't specifically go looking for
3) Be more suspicious of '.info', '.tv' or other top-level domains which are statistically shown to host more malware than traditional TLDs
4) Disable Java & Adobe plugins (uninstall them if you don't visit sites which require them)
5) Keep all software up to date (especially Java & all adobe applications if you need them!)
6) Use plugins such as no-script to selectively control what sites/domains can run javascript on your pc
7) Use https:// wherever possible and combine with plugins such as 'Certificate Patrol' to ensure the SSL certificate for that site is valid
8) If you want extra security, use linux or virtual machine technology which can be easily wiped/restored to a known-good state
I'm sure there are others, but these will undoubtedly stop 99% of exploit attempts affecting most internet users.
Hope that helps.