Free or cheap is often better than, or at least as good as, paid security suites, which tend to be way more bloated (not to mention expensive).
In the anti-virus realm, AVG Free used to be good and light-weight, though it has swollen over the years. F-PROTECT is considered to be pretty good and lightweight, and though it isn't free, it's pretty cheap.
Here's a review of a few from last year. LifeHacker reviews things like this regularly, as in this Five Best Antivirus Applications. They seem to like ClamWin and Avira.
As for firewalls, ZoneAlarm is a good, free choice. There are other free firewalls that people like, such as Comodo.
On the spyware front, AdAware and Spybot Search & Destroy are free and highly recommended.
For malware, MalwareBytes is good and free.
As for suites, Microsoft Security Essentials supposed to be very good (given feedback on their beta), but is isn't released yet. Keep an eye open for it.
Personally, I run AVG Free, ZoneAlarm, Spybot, Adaware, and MalwareBytes.
On the other hand, there is an argument to be made for running no security software on your PC, but adopting a safer approach in general. Some interesting articles on this at CodingHorror:
The bottom line answer to your question is that yes, free works as good as paid software.
Couldn't open source be bad for security software? If an attacker can view the code, wouldn't it be easier to find a hole? – Tester101 – 2009-08-18T15:26:18.470
3there are holes in commercial software too. having the source code can make it marginally easier to find, but it also makes it much easier to fix. – Keck – 2009-08-18T15:30:39.363