Handy, I think the point of contention here is whether a “perimeter” firewall hosted off the endpoint system(s) is enough.
An ISP’s firewall simply stops suspect traffic before it gets to the endpoint system. A typical user also should be concerned about Trojans, Spyware, Adware, etc. that may be downloaded inadvertently - either embedded in a free/shareware install, or installed as an ActiveX “drive-by” download as a browser plug-in. These apps, like Gator, or any number of others, secretly monitor certain parameters: browsing habits, keystrokes, OS version and hardware configuration, you name it, there’s a Pest App that’ll sniff for it. They then communicate this information to a specified server on the internet, usually over HTTP port 80. Since most stateful hardware firewalls (especially home units) simply pass traffic if the port is open, there is a huge security rick.
To answer the OP: Yes, a software-based firewall is needed, especially if you have a home network of several systems. Not only will it protect against Pest Apps, it will prevent the spread of network-aware worms. Blaster and Welchia being most notable of late, many worms discovered these days have a file-sharing propogation method, even those that use email as a primary infection vector. A software firewall will prevent most of these from spreading, even if your antivirus software is not up to date, or if signatures aren’t available for a particular threat yet.
Defintely worth the trouble of configuring it in the first few weeks of use.