So I bought a router, and a firewall program, but what else can I do to make my computer more secure against hackers?
I am not a computer security expert but I do have a reasonable amount of knowledge on the subject. A firewall will stop essentially 100% of the casual hackers from accessing your computer. Once you have a firewall, the next thing to do is ensure your software, particularly windows and IE is up to date with the latest patches and then just follow the general guidelines always given;
- Don’t send private information in an e-mail
- Ensure SSL is active and you trust the site before entering a credit card number
- Ensure you trust the vendor before downloading software
These are basically common sense and if you follow the general guidelines you are doing pretty much everything possible.
Don’t forget running antivirus software and setting it to update itself weekly.
If you’re running XP, you are using it with a user account instead of the default administrator account, right? And the admin account has a password, right? This helps cut back somewhat on the things an intruder can do.
Well, one of the best things you can do is NOT use IE for your browser; switch to Mozilla or Firebird or Opera. Most of the annoying spyware and junkware I have seen sneaks in through the shoddy security of IE; once I switch my relatives to Firebird, they no longer get nearly as much spyware lodged on their system. Also, either of these browsers has built-in pop up blocking and tabbed browsing; IE just can’t compete.
http://www.ozzu.com/cupholder.html Try this site with IE; on default security settings it will give you a free cupholder. 
While DreadCthulhu’s advice is by no means bad (and I’ll add my vote for Firebird over Mozilla - nicer, cleaner, leaner) don’t make the assumption that any software switch will automatically save you from all harm.
The most important thing in maintaining a secure system, once it’s configured, is to update your software. Run Windows update regularly, check the Mozilla.org site for advisories and make sure your virus scanner is up to date. No matter how secure your initial setup, complacency about patching can cost you dearly in the long run.
Do make sure IE is securely configured. Like it or not you’ll probably have to use it sometimes since a number of sites remain incompatible with Mozilla (anything from rendering poorly to a full crash-and-burn). Turn off “install on demand” and disable anything to do with unsigned controls.
The link DreadCthulhu posted is, IIRC, a vulnerability in Windows Media Player rather than specifically IE. The lesson here is don’t neglect anything. You need to run Windows update or these things will slip by.