I sold security software and hardware for many years. While I’m not an expert (I was a sales rep, not an engineer, and we all know how sales guys are ;)) hopefully I can shed some light. If anyone can provide better guidance, by all means, please do.
*** Firewall explanation**
Broadly speaking, a firewall puts some type of barrier, or protection mechanism, between your PC and the internet, requiring inbound and/or outbound traffic to meet specific requirements and/or pass certain inspections before passing through.
Firewalls don’t just protect from “hackers” (I’m assuming you mean an individual who has targeted you specifically and is attempting to intrude into your network - kind of an outdated concept, since most intrusions happen via automated botnets or worms these days) - some types can protect block traffic generated by viruses and worms, as well as prevent infected systems inside your network from connecting to the outside world. If a system does get compromised, this can prevent it from sending your juicy details to some Russian mob outfit.
*** Difference software/hardware**
Hardware firewalls basically operate like a firewall in a car - they put up a barrier between your PC and the internet, and you can “punch holes” in this barrier as you need to (just as you’d punch holes in an auto firewall to run electrical wires or other stuff from the engine to the passenger cabin). These holes (called rules or policies) can be simple, and gaping (open up all ports for HTTP protocol, to and from all IP addresses) or small and very complex (only allow traffic from these IP addresses via these protocols/ports, during these hours). Each hole compromises the integrity of the firewall and reduces its efficacy, so its important to choose carefully.
ETA: while some firewalls will start from an “all open” state, where nothing is blocked or filtered, your Firebox will most likely be “locked down” and you’ll have to open up rules to allow traffic through.
More advanced consumer firewalls, and most enterprise firewalls such as your Soho box, will do “traffic/packet inspection” also known as “application protocol” inspection - this method looks at the actual traffic, peels away all the “layers” of each chunk of data (or packet) being sent/received, and attempts to ascertain whether the traffic is legitimate or malicious. This can be done by “pattern matching” or “heuristics”, where the firewall attempts to guess at the purpose of the packet based on numerous factors, or this can be signature-based, where the firewall has a specific set of “bad” behaviors it looks for.
Hardware firewalls have little or no overhead on the PC, but may bottleneck the traffic as you add more filters and rules, and the more complex rules and policies have a steep technical learning curve and require a working knowledge of network protocols. Since most hardware firewalls are built into routers or switches, the user interface can be quite minimal, and there is little to no handholding to ensure that good traffic doesn’t get blocked inadvertently, or that bad traffic doesn’t get through due to a bad rule.
Software firewalls work differently. They install on the PC itself, and attempt to sequester and scan the various resources in a computer than may initiate network communication. This typically means a combination of application access control (determining which programs can do what), user access control (determining which users can do what) and traffic inspection (similar to that on a hardware firewall, where the software attempts to determe whether the traffic coming into/going out of the PC is attempting something malicious). Software firewalls often come with additional security software, including antivirus/antispyware, antispam, and Intrusion Detection software (although the line gets blurred between ID software and firewall software these days).
Because of all of this, software firewalls have a significant resource hit on the PC, but offer “more immediate” security, since they examine traffic at its destination/source, and typically with more robust inspection than a standard consumer router. The good software firewalls also tend to have an easier learning curve, as they usually have rich interfaces and wizards that handhold the user through the process of changing settings and policy. Some will even scan your system and automatically detect applications which can connect to the internet, and make a best guess at how to filter them.
*** Outdated hardware any good (outside system requirements, security level)**
If your talking about the Firebox - one of the issues you might run into if the firmware is out of date - it may require a subscription to update the firmaware, or to download new packet filtering signatures. Also, support for such devices tends to run pretty steep for consumers.
*** Hardware provide more security for personal use than software**
There are lots of different viewpoints on this - in my opinion, for the layperson with no experience managing network settings, a software firewall will be a better option. It’s easier to manage, and provides more user feedback and more pertinent notifications of potential issues right in the taskbar, while a hardware firewall will usually either have logs you’ll need to manually scan, or will send out email alerts based on certain event thresholds. You will have a resource drain (your mileage will vary depending on the brand, and what software features you enable) but if you can spare the overhead it’s worth it.
Since I work for a security company, it wouldn’t be good form for me to offer any specific product suggestions - I’ll let others do that.
Good luck finding the best solution!