What makes me worry is that the malware are active and more clever  nowadays. You don't need to go to "suspicious" sites or even open a dodgy e-mail. My music PC is off-line, and in my laptop, through which all downloads go, there's a quite heavy F-Secure protection software.
Just to day I read and article about blogs that are made using Worldpress-program. Only about 12 % of the users (including enterprise sites and whatever) have the newest version which is considered reliable. The older ones leave holes for taking over servers and sites, steal passwords, smuggle in malware and whatever.  So, with some bad luck, just visiting a honest looking carpenters blog or checking the local hardware stores web page to get hints regarding house fixing can have very bad consequences. One should be reasonably paranoid all the time.

Both my studio computers are setup for my home network, although, both have the wireless network turned off and the anti-virus and updates are disabled. I only turn them on when HAVING TO get online. As soon as I'm done I turn them all off again.
I have one laptop in the den that I use for internet. It stays online 24/7.

For "Virus free" browsing on the same computer as everything else is running, some Live Linux can be used (for example Knoppix). It boots relatively fast and till you mount some writable drive any virus/malware/spy simply has no place to survive reboot. Such distributions normally support some "one file" solution to save current settings and data between sessions. It is still pretty safe since nothing can "escape" from this file once Windows is booted.
 
If someone using MSE (and alike) think the computer is "free from bad programs last 10 years", try GData (one month trial is free). I hope you are not surprised then. I was...

My music computer is off line.  The Ethernet cable is disconnected and the Ethernet card is disabled in the device manager.  I only update when absolutely necessary, which is almost never.  I transfer data, updates, etc via USB thumb drives and all data is backed up on a couple of USB HDs.  All USB thumb drives are scanned for viruses, spyware and malware prior to moving from my Internet computer to my music computer.  All of my computers run of Uninterrupted Power Supplies.

The only time this computer gets connected is when I must activate software that I can not activate via another computer.

Overkill?  Maybe but I have been doing this for over 10 years and I've never had a problem: I hope I didn't just jinx myself!  I have had a couple of issues with my Internet computer as well as my wife's computer and neither of us goes to questionable sites.  In fact my wife got a virus from one of her recipe sites!  This is why my music computer is virtually never on line.

I do pretty much the same as you Craig only I use ZoneAlarm's free anti-virus and Firewall on both my PC's. My audio PC only goes on line for Windows updates or for downloads from Cakewalk. I download most of what I need to my internet PC, scan the files and then transfer them over to the audio PC. I like to play it safe and this way of doing things has worked very well for me over the years.

Well, Craig - if you are happy with your approach to it all, that's fine.  It is, ultimately, a matter of personal choice, once you get past a point where attacks are stopped - whether that is from simply not connecting except when absolutely (like what you do), etc.
 
Your approach is inherently safer than those who employ more of a wild west mentality, if for no other reason than your limited web site accesses, versus a surf or die mind set.
 
There is no doubt that there is some degree less risk in having limited access to the web, in so far as reducing the opportunity 'window' for sneaky bad stuff to try to attack your computer's defenses.
 
Even with Microsoft Essentials running, there is a small chance that something could get past it, by the way.  If a computer connects to a web, then at some periodic intervals, I usually recommend doing a boot-time full system scan to make sure all is well.  In addition, I have installed and recommend installing additional antivirus software protection - I suggest Avast's free version.  I have built well over 60 computers for folks, over the past 2 years, and none of them have ever gotten any viruses.  (they still need to be careful with malware, mostly from crappy bundled installers, like when you download the free HOOPLA program from Downloads.com (I made the name up), and the CNET bundled installer tries to sneak pre-checked boxes and 'click next' screens that are actually YOU authorizing them to install things like Spigot software and other ad-related stuff.  Because YOU have authorized its installation - by not seeing the pre-checked boxes, or have not read the ACTUAL text of the install screen you are on.  If you have given your permission to install it, it is technically NOT malware.  
 
The fix to ALL of the above is to make damn sure you are reading EVERY screen prior to installing software.  I ALWAYS recommend skipping ANY 'Express Install' option, and ALWAYS instead go the longer route where I have to read things but then have more control over what gets installed.
 
New computers come with giagantic swaths of 'bloatware', and the first thing I do, after installing Avast antivirus software, is to go in and exorcise the demons - find and remove all the extra junk that the computer manufacturer has plopped on there for me.
 
As far as MY own computer goes, I use the web all the time with it, and have had zero problems from doing so.  I do NOT allow ANY software to automatically update itself, I retain that power and that responsibility.  I generally am looking at web material that is science, tech, music, or zombies are at your door news links.  I have a firewall, I use Microsoft Essentials, don't open  ANYTHING downloaded without a thorough scan of it - sometimes performing additional research on the file and on the company that theoretically put the file out on the web.  Avast has a web rating mechanism in place that does its thing, and unknown programs usually get to try running in the Avast 'Sandbox' prior to being allowed general access to anything on my computer.
 
I was typing out a long blurb about my backups and all of that, but deleted it, since that is not what this thread was asking about.  Suffice it to say that even IF something got into my computer, I have mechanisms that I could implement to do a full system restore to as far as 6 months back.  If I ever have to employ such a recovery mechanism, then I would IMMEDIATELY expand my backup strategy to allow for going back to the next level, which for me would be a 'year'.  If that was later not sufficient, then 2 years, or 5 years, etc.  
 
Because I have some sense about where I go for web pages, I think I have a lower risk than some, and I am further somewhat protected by the firewall, and by Microsoft Essentials, and by various aspects of Avast Antivirus software, plus I have MalwareBytes, if needed, I don't ever seem to get viruses or even quasi-malware.
 
Oh, here's a HANDY method of cleaning and testing a hard drive for infections.  Physically remove the primary drive and plug it into a different machine - where it is simply a data drive, and then you can scrub away at it with antivirus and anti-malware software quite easily, made even better because when such a drive never gets to load anything into memory (since it is not used in the boot process), the drive will have no infectious second-like of defenses running when you are seeking to identify and remove them.  I do this ALL the time for people.  It's a great way to clean an infected drive.  Of course, if it gets too ridiculous, you may have to backup what you can and reload the drive (wipe out Windows and whatever else is there that you couldn't back up).
 
Sorry this next point didn't make it into my post until the end here, but another thing that greatly protects me is the fear of instant and painful rippage of body parts of anyone ANYONE who looks at my computer and fancies themselves a spin on 'celery wrestling' or some other pornyliscious kind of site, while I am looking for a loose connection in the other room.  NOBODY is allowed on to my primary music computer to get to the web for any reason, at an time, or bad things will happen to them. :)
 
I think that with some common sense, some basic protective software. a firewall, and good and diligently followed backup/recovery procedures, the risk of GETTING infected is quite low, and with the backup/recovery procedures properly followed, an infection can be removed in short order.
 
Bob Bone

LOL. I hope the answers posted here don't find there way back to CW. If they do a subscription model may follow. 

Thanks everyone, this is great info. The only area where I don't have much choice is I do need to stay updated to current versions for the purpose of writing articles, as well as testing because I need to be using the same type of setup someone getting into SONAR would be using if they went out and bought a system today.
 
I've seen a few recommendations about virus protection software, but is there any consensus as to which gives the minimum performance hit to your computer?

I like MSE. 

I have two DAWs connected but no AV.  They never get infected.  I scan them online.   I don't like AV software since some are resource hogs except for MSE.  Malwarebytes seems the most effective for scans.