1) In a business environment, the browser to choose should be determined by the type of applications that the employees need to run. There are sites or systems that requires IE to work properly. Also, while IE6 was a joke (and Microsoft admits that), IE9 has caught up quite a bit in terms of security and other areas.
2) As for whether Firefox should be on the desktop, I imagine it wouldn't hurt. As for using it as the primary browser on the desktop, it will depend on your business environment. (Note: the recent Firefox move to the "rapid release model" wasn't exactly appreciated by corporate customers; and Mozilla's Asa Doltzer's comments made it worst.)
3) In terms of browser, don't overlook Google Chrome. It's fast, and Google provides tools to allow uniform corporate rollout (something that Firefox didn't care).
4) I would choose a quality antivirus+antispyware package. Personally I prefer NOD32, but Norton is fine too. I would avoid those "total security" packages in a corporate environment, because often the firewall components in those packages cause more issues (ie. blocking out ports necessary for network scanners, MPFs or VPN).
