Nothing beats a hardware firewall since that's a different machine than your own. Put it this way: the intruder has reached your system already if you just use a software firewall.
Despite that a regular internet user like you and me won't need a hardware firewall as that would probably cost more (on the short or long run) than what's actually tried to kept safe.
So I'm one of many who have a software solution running. I use Kerio as a firewall and Avira as virus protection.
The version of Kerio is actually quite old but it works like a charm and offers quite a lot of options and I couldn't find anything yet which I couldn't configure somehow.
Avira is free and seems to be nice on resources. The downside though is that it takes some time to find updates (can take up to several minutes) and the scan stops at findings (I wish it would continue and give me a report at the end just like Kaspersky does). Currently I have to ignore all findings and check the logs manually once it finishes (if I notice that it has finished...
).
I used ZoneAlarm for a while though then I read that it can be worked around rather easily compared to others. Windows' built-in firewall is way too lame and doesn't have any options. I personally
hate it and a lot of people I know hate it, too. Most of them have technical skills though so we kind of expect more options (and we don't trust Microsoft that much
). But ok, for low tech-skill folks it might be something to go with.
As for the anti-virus I had Kaspersky for a while though I noticed that the auto-update stopped to work at one point and there's noticable hickup every day at midnight (even running just Winamp alone along with Kaspersky caused outage of sound). Then I read somewhere that Kaspersky is little bit greedy as far as resources are concerned which turned my experience into a general impression.
VERY IMPORTANT:
DO NOT EVER THINK ABOUT INSTALLING SOME NORTON CRAP AS YOU CANNOT, I REPEAT, CANNOT UNINSTALL IT PROPERLY.
Not too long ago there was a
thread here on EF from somebody who tried to get rid of it. Btw, I haven't heard of anyone who succeeded to completely get rid of Norton without reinstalling the entire Windows from ground up.