Warning - geek alert - get the popcorn and your comfy shoes...
Part 1 - scans
I use ES Security Manager and I do a manual scan after every app update or download, and then just when I'm bored waiting for the TV or whatever, and scan a) just to see if all is still well, and b) because I can.
I still don't think virus protection per se is anything more than a growth industry for Android - so I don't waste my battery running that.
I've nothing against Lookout, but I've not used it - I have used ES products (check out their file browser - I prefer it to Astro in many ways) and know and like them.
Part 2 - Droid Wall
OK - I use Droid Wall to keep things from chatting on the net where I see they have no need - this includes my soundwalls, beepers, coin flippers and other fun time-wasters, for example.
Here's the deal with Droid Wall - in the incarnation of Linux that Android is based on, everything - meaning everything - going thru network ops goes through what we call the iptables.
And those iptables can be neatly clamped and controlled. So - this doesn't really add anything to speak of in the way of overhead, and it's not a bolt-on that changes the OS behavior. So, that's why Droid Wall just gets it and you might want it.
Part 3 - AdFree
Same deal on AdFree -
https://market.android.com/details?id=com.bigtincan.android.adfree
That one is terribly clever. Probably you've all heard of DNS - domain name services - that the thing that lets your phone or computer just point at one computer that magically seems to know how to decode names into addresses. That came from Berkeley unix. Once upon a time, we kept manual tables of known host names for our unix networks and the table mapping IP address-to-name was stored in a plain text file called /etc/hosts - and that started on the predecessor of the Internet - (D)ARPANET. And it was a pain to add a new machine to a network of 80~150 computers because each one needed its /etc/hosts file updated (and yes, we really did used to do that). So the Berkeley Internet Name Domain (BIND) software was born - and that's still the #1 DNS lookup software today.
SO - what's my freaking point?
Point is - on a Linux machine, before it goes elsewhere to look up any network name, it first runs home to Momma and asks what's in /etc/hosts because Momma knows best and let's trust look-ups in /etc/hosts - it's a game of Mother May I? - and that all plays well because that was the original Berkeley design, before Linux was ever conceived.
And AdFree creates entries in your phone's /etc/hosts for all the bad ad sites - and when a request for one of them occurs, the system sends back
Mother said you may not.
And while not all ad sites are malware sites - many malware sites end up in that AdFree database.
So - all AdFree really does is give you an updated /etc/hosts file and a mechanism via the Market to keep that file automagically updated.
And like Droid Walls - it's exploiting existing known processes inside your phone, and isn't some kind of battery-sucking add-on.
Part 4 - Anti-virus
When an actual Android virus really hits, you'll see it on Phandroid.com - we care about that sort of thing around here.
Everyone should do as they feel best - but for my part, I'm not going to add on a virus checker unless and until it's established that it's a real threat for us.
~~~~~~
FWIW - I helped edit the second edition of the first Linux security guide, had the testbed where all of the security scripts were validated (by me) and used (by my business) as that book was written by a friend of mine. And I've done kernel dev for Mach, Berkeley and Linux and have written a little bit of network code in my time.
So - I'd submit that at least more than half of what I'm saying is pretty much The Truth.
Hope this helps and clarifies.
(Let me know if you guys want to start a security thread and have it added as a reference to the sticky - does anyone want such a thing? I can never tell...)