Software/“personal” firewalls are overrated, but in my opinion having one is better than nothing. I recommend ZoneAlarm because it’s free and it works well. I do recommend you turn off the alerting feature, though - all it’s likely to do is make you paranoid because it’ll trigger all the time. Just because people are walking around on the net trying doorknobs it doesn’t mean someone’s specifically targeting you to be hacked - if your doors are locked, they’re not getting in, so they just move on to the next doorknob.
Always, always, always install the critical updates from Microsoft’s Windows Update. Always. I can’t stress this enough. Most of the time the virus du jour is exploiting a security hole Microsoft patched months ago and only idiots who never install the critical updates from Microsoft are being infected.
One common misconception people seem to have is that dial-up internet access is “safe” and broadband is “dangerous.” It’s not so - you’re just as hackable on dialup as on broadband. It’s just that broadband means your computer’s more likely to be found by someone randomly scanning the net for vulnerable systems because it’s online more hours of the day, and it often tends to stay at the same IP address, meaning someone who does compromise it can more easily come back later to tinker with it some more. But being on dial-up doesn’t protect you from being hacked, or even from being found again if you are hacked and your IP address changes (it’s possible for compromised systems “phone home” in one way or another).
So, the moral of the story is to run a firewall of some sort no matter what kind of internet access you have.