I have acquired a "ScreenPlay(TM) TV Link, Director Edition" to replace my old Emprex-1 which was nice but not perfectly reliable. It plays music (MP3) and videos (AVI or ISO) from SMB shares It also handles Mythtv streams allowing me to provide recorded programs over UPNP. When appliances like this fetch data from a network share you have a risk whether it will support your data format but the ScreenPlay seems to be sufficiently capable for my purposes.

I recommend this over many of the other suggestions for the following reasons:
      1. cheap - £80.
      2. Small - about 1cm high (smaller than a DVD case), slides in next to my V+ box.
      3. energy efficient, I think about 10 watts.

FAQ below:
https://iomega-eu-en.custhelp.com/cgi-bin/iomega_eu_en.cfg/php/enduser/std_adp.php?p_faqid=22760
One recommendation I would offer if you bought one - put something over the activity LED as it is bright enough to read by.

Whitelisting applications would work if this could control what is run on your system. Variously implemented by either looking up a hash (e.g. md5) or signing the code. Unfortunately we can make the following observations which indicate this does not provide total protection:

  By Design:
      Some applications allow interpreted code (macros, visual basic inside documents, perl/java etc.).
      Some applications are inherantly data (excel spreadsheet etc.).
      Some applications change their behaviour dependant on libraries and plugins which may not be checked against a whitelist (e.g. activex, greasemonkey).
      Some applications self-modify (maybe to try and prevent software theft).

  Flaws:
      Some applications have flaws that allow code injection (buffer overflows etc.).
      Some features can be used for inappropriate purposes (updater that can be fooled into downloading the wrong files).
      Sometimes signing keys are reverse engineered or leaked, allowing malware to be whitelisted.
      List or key management requires ongoing maintenance and if it goes wrong can mount a denial of service attack on your customers.

  Lack of omniscience:
      Some people can use a secure application in a secure OS and still do something insecure (phishing etc.).
      As new attacks are found, old protections become ineffective.
      There is a chance that malware could be whitelisted.
      You have to update your whitelist for every update by every vendor.
      It is really really hard to be sure that the application does what you are told it does - either deliberately to produce trojan horses or accidentally (see above).
      Each user may require a different whitelist as they have different requirements - some may wish to run p2p data sharing wheras others may regard this as a huge security risk.

  Lack of omnipotence:
      Some flaws are not in the applications - they may be in a hypervisor, loaded onto network cards, on routers, hosted remotely.

IMHO whitelisting requires reducing the functionality of applications (e.g. no java) and adds hoops/costs to professional developers and upsets users but unfortunately malware writers will focus on the easiest route using what they can get. c.f. http://www.securecomputing.net.au/News/161167,analysis-iphone-malware-evolution-on-overdrive.aspx

I agree about the benefits, and the hidden costs due to externalities. I'm afraid there are some flaws in the plan:

1. Even a patched antivirus is not full protection - oddly enough the virus writers also have copies of recent antivirus software and if their virus is spotted they tweak it until it goes undetected.

2. Patching is not full protection - Ever heard of zero day exploits and social engineering?

3. The historical codebase of Windows applications can significantly affect how tightly you can lock down permissions whilst keeping functionality. Of course, locking down an operating system not only requires skill and effort but can have an adverse effect in itself.

4. Some attacks arrive via trusted routes (e.g. media or websites from well respected companies).

5. Is it fair to throw money at people who deliberately use insecure operating systems. A flat fee could allow securer operating systems a financial benefit for the work they do protecting their users.

I agree more with Landsburg and Esther Dyson, but perhaps you should pre-emptively pay for your system to be cleaned (or de-virused) up as part of the cost of connecting to the Internet. In the event that you are infected you have a visit from a support engineer to fix the issue and you then put down another deposit against next time before being allowed to reconnect.