Certainly not a stupid question.
For many (many) years M$ have defended their vulnerabilities by trying to make out that needing anti-virus software is 'normal' and in some way 'to be expected' .. and if the world's largest software vendor says it's so, it's not so unreasonable to believe them.
It is however a complete falsehood.
Anti-virus programs are only required to compensate for the vulnerabilities designed inherent in the design of an Operating System.
Bugs are fixed by patches and updates, but you can't patch a fundamental design flaw.
Hence Norton's raison d'etre.
If a flaw is spotted in Linux, it's generally "fixed" by Linux people, rather than left for a third party to deal with, so keeping up with Linux updates should generally be all you need to do.
There are lots of things you can do with regards to general intrusion detection, prevention and firewalls, but unless you're running a public Internet server, you probably don't need to worry about this.