Most routers have a firewall that is more than enough to defeat most external intrusion attempts. Unfortunately, they can't stop viruses, spyware & Trojan Horse programs. You need a mix of adware removers, antivirus programs, and good common sense policies (Group Policy Objects on a server based network) to be secure. The biggest problem is educating users about the malware component of most "free" screen savers, and so on.

If you have a workstation connected to a Windows 2000/2003 server, the station needs a users profile set up as a Power User or higher for many programs (such as Citrix) to run, and that can give them the ability to download all kinds of junk. My advice is to beat them over the head with security. If your client has a peer-to-peer LAN, sell them a server and get the system centrally managed.