You only need a personal firewall if you're connected directly to the internet (i.e. with some sort of modem). If you're behind a NAT router, you don't need one, because those are configured by default to only let connections from your computer through, not to it.
I'll assume you're talking about Windows XP here, so make sure you get Firefox and do not use Internet Explorer! Apart from that you should get a virus scanner (or at least Trendmicro Housecall) and a spyware scanner (several free ones such as Spybot S&D or Windows Defender). Crap Cleaner (CCleaner) helps keeping your computer in order, and you should defrag it every once in a while too.
When websurfing, don't click on all the Yes and Okay and Install buttons you see and when a website demands that you download an .EXE plugin to view their porn (or other content), don't do it, it's most likely something bad.
And of course keep backups (external harddrives are cheap and can be locked away after use) if you have anything you care about on your computer.